Source Code Repositories: Reviewing the Right Version of a Program

July 14, 2017 - from DisputeSoft's Josh Siegel

When examining software for evidence of copying in a misappropriation case, an expert attempts to examine the allegedly infringing program as it existed on or about the date of alleged copying. Programs evolve constantly due to regulatory changes, new operating system requirements, customer feedback, bug fixes, and many other external demands. Such updates may result in substantial alteration to a program over time, and the code that comprises a program on the date of alleged copying may differ significantly from the program’s code at the time of litigation. The code of the program at the time of litigation may contain little or no indication of copying, while previous versions of that same program may show significant evidence of copying. In some cases, a group or individual who has copied code may attempt to delete and rewrite some of the copied code over time in order to hide the fact that the program began as a copy of an existing work.

Using the change management features of a source code repository, an independent expert can “roll back” all of the updates made to a program to a specific date. This technique allows the expert to review and compare two programs as close to the date of alleged copying as possible, when the programs would likely be the most similar. If a plaintiff alleges that copying occurred on more than one date, an expert can use the version management feature of a code repository to analyze and compare code as close in time possible to each of the dates in question.

Once an expert has access to the accused program’s code as it existed on the date of alleged copying, he or she can form opinions about whether copying occurred. Programmer comments on updates, comparisons between software programs, or simply an unusually large addition of source code all are important clues that help a trained eye recognize software misappropriation.

Source Code Repositories: What is a Source Code Repository?

June 15, 2017 - from DisputeSoft's Josh Siegel

Software development is a competitive business, and disputes over intellectual property can arise when software engineers move to new companies that compete with their former employers. Should the dispute result in litigation, a source code repository can help an expert witness determine whether a former employee copied a previous employer’s proprietary source code on the way out the door.

When developing software for a business purpose, many software developers employ a source code control mechanism, such as a source code repository. Using a source code repository has many potential benefits for an organization, including:

– Concurrent Development: Repositories usually allow multiple developers to make edits to different parts of the same program simultaneously. Developers can then merge their changes back into the main program.

– Increased Transparency: Most source code repositories require a developer to check out, edit, and then check back in the part of the program he or she was editing. The repository records which developer made changes and when, resulting in a log of updates made to the program over time.

– Version Control: When developers make enough changes to a program stored in a source code repository, they can designate the updated program as a new “version” of the software. A repository also stores previous versions of a program, a feature which allows companies to restore a previous version if, for example, an update introduces a harmful bug.

Regardless of the nature of the dispute, evidence uncovered from a source code repository can provide a robust factual record of a program’s development history, which an expert can use to arrive at supportable and peer-reviewable opinions.

What Every Attorney Needs to Know About Computer Forensics: Changes to the System Clock, Windows Event Logs, and Proving Spoliation

March 27, 2017 - from DisputeSoft's Nick Ferrara

From time to time, a party to a lawsuit may attempt to delete or overwrite relevant files from a computer system in its custody before producing that system to an opposing party. Such an attempt can lead a court to infer spoliation of evidence if a producing party’s destructive intentions can be reasonably established.

Forensic computer examiners often address this issue in the course of their investigations and can typically identify techniques commonly used to compromise digital evidence. While there are a variety of ways that a user can compromise digital evidence, one technique on Windows computer systems that is within the reach of even unsophisticated users is to manually change the computer’s time and date settings.

Most Windows computers allow users to manually change the system’s time and date settings. By changing these settings before compromising key files, a user might hope to create the appearance that these files were deleted or overwritten as part of normal computer usage prior to a court’s preservation order.

Fortunately, a number of Windows artifacts make this technique relatively easy to detect. The Windows Event Log, for example, includes log entries that concretely identify any manual changes made to a computer’s date and time settings through the user interface. Expert examination can easily distinguish these log entries from other normal modifications made to a computer’s date and time settings and can yield the evidence necessary to support (or, as applicable, refute) an inference of spoliation. These types of analyses are typical of the work that DisputeSoft’s forensic investigators perform for clients.

If you are involved in a matter where you suspect that the date and time that files were deleted or last modified have been manipulated, or if you are defending against such an assertion, give us a call to see if we can assist you in establishing or refuting an inference of spoliation.