Software Forensics (aka Forensic Software Engineering)

From Dependability

Incidents and accidents that can be attributed to software failure often result in tragedies and other losses. The need to learn from these events grows more critical as software systems become more complex and the ways they can fail become less intuitive. Clear access to retrospective information about the complex and systemic causes of incidents and accidents is not provided by existing software development methods (Johnson), and what is known from forensic engineering generally as well as the study of failure have yet to be applied comprehensively to software. Forensic software engineering refers to the body of work aimed at addressing these deficiencies.

Active research in this group addresses linguistic issues of guideline and report documents that dictate the activities involved and data resulting from investigations, the integrity of classification schemes developed for various purposes in the study of failure (software-related and otherwise), and inquiry into the processes of generating "lessons learned".

In the fall of 2002, Kimberly Hanks and John Knight led a graduate seminar course on forensic software engineering. An archive of the course web site can be found here (Software Forensics).

Selected Papers

• Greenwell, William S., John C. Knight and Elisabeth A. Strunk

Risk-Based Classification of Incidents

IRIA 03 Workshop on Investigation and Reporting of Incidents and Accidents, Williamsburg, VA (September 2003) (PDF)

• Hanks, Kimberly S., John C. Knight, C. Michael Holloway

The Role of Natural Language in Accident Investigation and Reporting Guidelines

2002 Workshop on the Investigation and Reporting of Incidents and Accidents, Glasgow, Scotland (July, 2002) (PDF)