Is there any software or tool which does Soucre Code examination?
As we know that a source code can be modified by simply changing the pattern in which it was written or the variable names…. Is there any tool which could generate a forensic report for the same
Well, to what end? What is trying to be achieved?
ok the case is such that an ex-employee has stolen a source code and now modified the code and sold it to another company which has launched a new product.
If i am not mistaken isnt there something called as Pattern Analysis? which help in analysis …
For that type of case a disassembler would be your best bet. Less forensics and more software engineering. One would have to demonstrate that the resulting code could not have been generated by functions other than the source. A problem in that if the suspect code were compiled with a different compiler, the code would be somewhat different anyway.
Another possibility would be function analysis.
IANAL, but once you were able to demonstrate a likelyness that the code was stolen, than there should be probable cause to get a warrant for the subjects home/place of work, etc.
If i am not mistaken isnt there something called as Pattern Analysis? which help in analysis …
It may be easier than that. Good developers place comments throughout their code, as much for their future benefit as well as for anyone that picks up the project after them.
If someone has stolen code, then it was *worth* stealing and will be commented throughout. If so, I doubt the thief did more than just "customize" the source for his new employer. A comparison of comments from the stolen version with the original would show this.
As we know that a source code can be modified by simply changing the pattern in which it was written or the variable names….
I would think that changing "the pattern in which it was written" would likely have a detrimental effect on the operation of a program. Computers have a bit of a habit of following things step-by-step, so any rearranging is likely to have a fairly significant impact.
In the process of compilation, variable names are usually discarded but the compiler any way - you are unlikely to retrieve much of interest from a decompilation - from my experience you end up with generic variable names that have no intrinsic meaning.
You might have some success looking at calls to external libraries - this is something that you can get some reasonable data on, and it may well show significant similarities.
Maybe strings ?
…the resulting code could not have been generated by functions other than the source…
That's a tough nut to crack. Fortunately the compiled code usually contains hints as to the compiler used - this will help. Otherwise you can create the same functionality in C, C++, Cobol, Fortran etc. Source code would be completely different.
Is there a contract issue with the employee dealing with a competitor, even after they have left the company there are usually clauses in place that prohibit employment etc. ? This might be an easier angle to pursue ?
What language is the software written in?
I once used the .NET decompiler at http//
Unfortunately, the free version has limitations
(size limit 3.0MB, decompiling 10 methods in each class)
Kind Regards,
Minesh
Greetings,
We've used automated tools to do code analysis, but we also have worked with law firms to do analysis by hand, very much the same way you might conduct forensic analysis of some new issue not covered by existing tools.
The tools only get you so far. If that's good enough for your objective, you're good to go.
-David
@Kovar May i have the name to the automated tool for code analysis?
Depending on the language, a debugger might be helpful. I would imagine a combination of gdb, strace, and a string diffs would help a lot. Not sure what tools to use for a Windows app since I code primarily on Linux systems.