Diagnostics Science

All areas of human activity involve the use of diagnostics. Proper diagnostics identifies the right problems to solve. We are now a part of a non-profit organization dedicated to the developing and promoting the application of such diagnostics: systemic and pattern-oriented (pattern-driven and pattern-based).

Forthcoming Windows Debugging Notebook: Essential Concepts and Tools

This is a reference book for technical support and escalation engineers troubleshooting and debugging complex software issues. The book is also invaluable for software maintenance and development engineers debugging Windows applications and services.

  • Title: Windows Debugging Notebook: Essential Concepts and Tools
  • Authors: Malcolm McCaffery, Dmitry Vostokov
  • Language: English
  • Product Dimensions: 19.8 x 12.9 cm
  • ISBN-13: 978-1-908043-16-0
  • Publisher: OpenTask (November 2014)
  • Paperback: 256 pages

Pattern-Oriented Memory Forensics

This is a full-colour transcript of a lecture which introduces a pattern language for memory forensics - investigation of past software behaviour in memory snapshots. It provides a unified language for discussing and communicating detection and analysis results despite the proliferation of operating systems and tools, a base language for checklists, and an aid in accelerated learning. The lecture has a short theoretical part and then illustrates various patterns seen in crash dumps by using WinDbg debugger from Microsoft Debugging Tools for Windows.

Available in PDF and/or print format as a part of Memory Forensics Training Pack from Software Diagnostics Services.

  • Title: Pattern-Oriented Memory Forensics: A Pattern Language Approach
  • Author: Dmitry Vostokov, Software Diagnostics Institute, Software Diagnostics Services
  • Publisher: OpenTask (September 2014)
  • Language: English
  • Product Dimensions: 28.0 x 21.6
  • Paperback: 98 pages
  • ISBN-13: 978-1908043764

Presentation Slides

The Timeless Way of Diagnostics

Paraphrasing 2 classical books of architecture written by Christopher Alexander, et al. "The Timeless Way of Building" and "A Pattern Language: Towns, Buildings, Construction" we would like to introduce the complete restructuring of multivolume Memory Dump Analysis Anthology into the projected 10 volume "A Pattern Language for Software Diagnostics, Forensics, and Prognostics: Memory, Traces, Deconstruction". The first volume is planned for the beginning of October (ISBN: 978-1908043818) and then we plan to release additional volume every month until next Summer. The reference will have better browsing and cross-referencing format, additional examples and case studies. It will incorporate comments and new pattern knowledge acquired since the first patterns were described 8 years ago. The new edition will cover only patterns and will not include additional content found in Memory Dump Analysis Anthology such as philosophy and art. Here's the preliminary front cover based on Software Diagnostics Institute logo:

Memory Dump Analysis Anthology will continue to be released with Volume 8 planned for 2015 and include up to date research from Software Diagnostics Institute and additional topics not included in "A Pattern Language for Software Diagnostics, ...".

Higher-Order Pattern Narratives (Analysing Diagnostic Analysis)

A pattern narrative in software narratology means a narrative where messages or log entries are patterns from pattern catalogues. These can be either domain specific patterns, or general trace and log analysis patterns such as Discontinuity, Activity Region, Significant Event, Macrofunction, and Back Trace. Generally, a software pattern narrative is a narrative constructed from software execution artefacts such as logs and memory dumps during their analysis. This is different from the usual meaning of a pattern narrative in narratology and literary criticism where we have a narrative which is a pattern itself like Master Trace analysis pattern. So in our case it is a narrative of patterns and not a narrative which is a pattern. The following picture illustrates the correspondence between a software trace example and its software pattern narrative:

A pattern narrative can be further analysed for any missing patterns using pattern sequences and schemes.

By a second-order narrative we mean a narrative about narrative such as the analysis of original narrative (a first-order narrative). For example, a transformation of a software log into its pattern narrative equivalent (the so called analysis narrative) is a second order narrative. It has its own time sequence (called Analysis Time, TA) where certain patterns are diagnosed out-of-order of their appearance in the resulting pattern narrative. In such a narrative additional patterns may be included that were diagnosed initially but were later replaced or eliminated. The latter property shows that second-order narratives are not simply rearranged plots of the same story (fabula). In the case of generalized memory narratives and hybrid artefacts such as memory dumps we also have analysis narratives. The following picture shows the analysis narrative used to construct software pattern narrative from the previous picture example. We see what patterns were found first:

Such second-order narratives can be analysed further and give rise to third-order narratives and in general to higher-order narratives. The following diagram shows the relationship between a software narrative (order N), its pattern narrative (order N) and analysis narrative (order N+1):

The same principles of software narratology and its analysis patterns can be applied here. Discontinuities, Time Deltas and other patterns can be analysed to find out analysis difficulties which might require further training (such as in domain specific knowledge) and analysis tool development for subsequent computer assistance. For example, if we compare TAs in the analysis report above we find out that there was significant Time Delta pattern before Back Trace pattern was found leading to the first Error Message pattern from a different Thread of Activity. It took some time for an analyst to get an idea to look for specific Data Flow pattern and construct Back Trace (probably by looking at source code).

If you are new to Software Narratology please find this introduction: http://www.patterndiagnostics.com/Introduction-Software-Narratology-mate...

Native Memory Forensics

Among different approaches to memory forensics (investigation of past system or process structure and behaviour recorded in memory snapshots) native memory forensic analysis is done using native OS debuggers such as WinDbg from Debugging Tools for Windows or GDB (Linux) or GDB/LLDB (Mac OS X). Such approach is an integral part of software diagnostics (investigation of signs of software structure and behaviour in software execution artefacts) and was introduced as a part of pattern-oriented software forensics:

http://www.patterndiagnostics.com/pattern-oriented-software-forensics-ma...

Software Diagnostics Services offers a comprehensive self-paced training course in native memory forensics for Windows platforms (Windows XP, Windows Vista, Windows 7, Windows 8, Windows RT, Windows Server) using WinDbg and memory dumps in hands-on exercises:

http://www.patterndiagnostics.com/memory-forensics-pack

Their training course (which also includes malware and rootkit detection, disassembly and reversing as an integral part of forensic investigation) teaches various pattern languages (such as memory analysis pattern language, malware analysis patterns, and ADDR patterns) that can be used with other memory forensic analysis tools.

Memory Dump Analysis Anthology: Color Supplement for Volumes 6-7

The following direct links can be used to order the book now:

Buy Paperback from Amazon

Buy Paperback from Barnes & Noble

This is a supplemental volume of 150 full color illustrations from Memory Dump Analysis Anthology: revised, edited, cross-referenced, and thematically organized selected articles from Software Diagnostics Institute (DumpAnalysis.org + TraceAnalysis.org) and Software Diagnostics Library (former Crash Dump Analysis blog, DumpAnalysis.org/blog) about software diagnostics, debugging, crash dump analysis, software narratology, software trace and log analysis, malware analysis and memory forensics written in November 2011 - May 2014 for software engineers developing and maintaining software products, quality assurance engineers testing software, technical support and escalation engineers dealing with complex software issues, security researchers, malware analysts, reverse engineers, digital forensics analysts, computer security and cyber warfare intelligence professionals, computer scientists, conceptual digital artists, and philosophers. Unique in its breadth, depth, and scope it offers unprecedented insight into the world of software behavior and draws profound engineering, scientific, artistic, and philosophical implications.

  • Title: Memory Dump Analysis Anthology: Color Supplement for Volumes 6-7
  • Author: Dmitry Vostokov
  • Publisher: OpenTask (June 2014)
  • Language: English
  • Product Dimensions: 21.6 x 14.0
  • Paperback: 200 pages
  • ISBN-13: 978-1908043740

Table of Contents

Memory Dump Analysis Anthology, Volume 7

New! Available for Safari Books Online subscribers

The following direct links can be used to order the book now:

Buy Paperback or Hardcover from Amazon

Buy Paperback or Hardcover from Barnes & Noble

Also available in PDF format from Software Diagnostics Services

Contains revised, edited, cross-referenced, and thematically organized selected articles from Software Diagnostics Institute (DumpAnalysis.org + TraceAnalysis.org) and Software Diagnostics Library (former Crash Dump Analysis blog, DumpAnalysis.org/blog) about software diagnostics, debugging, crash dump analysis, software trace and log analysis, malware analysis and memory forensics written in November 2011 - May 2014 for software engineers developing and maintaining products on Windows (WinDbg) and Mac OS X (GDB) platforms, quality assurance engineers testing software, technical support and escalation engineers dealing with complex software issues, security researchers, malware analysts, reverse engineers, and memory forensics analysts. The seventh volume features:

- 66 new crash dump analysis patterns
- 46 new software log and trace analysis patterns
- 18 core memory dump analysis patterns for Mac OS X and GDB
- 10 malware analysis patterns
- Additional unified debugging pattern
- Additional user interface problem analysis pattern
- Additional pattern classification including memory and log acquisition patterns
- Additional .NET memory analysis patterns
- Introduction to software problem description patterns
- Introduction to software diagnostics patterns
- Introduction to general abnormal structure and behaviour patterns
- Introduction to software disruption patterns
- Introduction to static code analysis patterns
- Introduction to network trace analysis patterns
- Introduction to software diagnostics report schemes
- Introduction to elementary software diagnostics patterns
- Introduction to patterns of software diagnostics architecture
- Introduction to patterns of disassembly, reconstruction and reversing
- Introduction to vulnerability analysis patterns
- Fully cross-referenced with Volume 1, Volume 2, Volume 3, Volume 4, Volume 5, and Volume 6

Product information:

  • Title: Memory Dump Analysis Anthology, Volume 7
  • Authors: Dmitry Vostokov, Software Diagnostics Institute
  • Language: English
  • Product Dimensions: 22.86 x 15.24
  • Paperback: 523 pages
  • Publisher: OpenTask (June 2014)
  • ISBN-13: 978-1-908043-51-1
  • Hardcover: 523 pages
  • Publisher: OpenTask (June 2014)
  • ISBN-13: 978-1-908043-52-8

Table of Contents

Back cover features a "liquid memory" image created with Photoshop from contents of computer memory.

Vulnerability Analysis Patterns (VAP)

These are general patterns of software vulnerability: synthesis of analysis patterns from the following software diagnostics catalogues:

  • MAP - Memory Analysis Patterns (include behavioural and structural patterns)
  • TAP - Trace Analysis Patterns
  • CAP - Code Analysis Patterns (previously introduced as Static Code Analysis Patterns)
  • ADDR - Deconstruction, Disassembly, and Reversing (binary equivalent of CAP) Patterns (the current list is available here)
  • Also:

    VEC - Vulnerability, Exploit, and Control of Victimware
    Victimware - bugs of software (including bugs of malware) + vulnerabilities (provocative and precipitative victimware)

    For victimware classification please look at this presentation: http://www.patterndiagnostics.com/Victimware-materials

    The following easy to remember diagram combines all these acronyms and terminology:

    The first pattern we suggest is called Versioned Namespace. It is similar to Namespace malware analysis pattern but covers victimware side. Not only some API sets seen from source code and binaries but their versions also have importance. Again, this proposed new catalogue contains general analysis patterns, not specific operating system and product patterns. More patterns will be added later according to our pattern-based software diagnostics incremental and iterative methodology.

Software Diagnosis Codes

While working on Diagnostic Manual of Software Problems (DMS) announced last year we found the need to introduce software diagnostic codes. The proposed natural candidate schema is based on pattern orientation and pattern catalogues. It consists of a major and minor codes. The major code is a combination of one letter software artefact type, three letter structural classifier, and 3 letter behavioural pattern classifier:

Artefact Type - Structural Pattern - Behavioural Pattern

For example:

M-THR-SPK

Memory - Thread - Spike which corresponds to Spiking Thread pattern from memory analysis catalogue.

The optional minor code is not currently specified but may include pattern implementation such as operating system platform including CPU architecture, for, example: WIN.X32 or OSX.X64. So the final code may look like:

M-THR-SPK.WIN.X64

Software Diagnostics Metaphors

Software Diagnostics as Psychology

Analogy: studying how code construction ideas are execute.

  • Philosophy - Software Construction
  • Psychology - Software Diagnostics
  • Physiology - Software Execution

Software Diagnostics as Literary Criticism

Analogy: studying patterns across software execution artefacts such as software narratives (traces and logs) and memory snapshots.

  • Writing Fiction - Software Construction
  • Reading Fiction - Software Execution
  • Reviewing Fiction - Traditional Software Diagnostics
  • Literary Criticism - Pattern-Oriented Software Diagnostics

Rapid Software Diagnostics Process (RSDP)

Increased complexity of software incidents and their growing numbers require fast responses. We reviewed and partitioned our pattern catalogues into two tiers. The first tier requires less analysis efforts and provides faster response time than the second tier. The revised memory and trace analysis catalogues together with adjusted checklists will be published soon.

Right First Time Software Diagnosis

Right First Time Software Diagnostics is based on pattern-oriented diagnostics process and pattern catalogues.

Book: Advanced Windows RT Memory Dump Analysis, ARM Edition

The following direct links can be used to order the print version:

Buy Paperback from Amazon

Buy Paperback from Barnes & Noble

The book is available for Safari Books Online subscribers

Also available for sale in PDF format from Software Diagnostics Services.

The full transcript of Software Diagnostics Services training with 9 step-by-step exercises. Learn how to navigate through memory dump space and Windows data structures to perform memory forensics, troubleshoot and debug complex software incidents. The training uses a unique and innovative pattern-driven analysis approach to speed up the learning curve. It consists of practical step-by-step exercises using WinDbg to diagnose structural and behavioural patterns in Windows RT kernel and complete (physical) memory dumps. Additional topics include memory search, kernel linked list navigation, practical WinDbg scripting, registry, system variables and objects, device drivers and I/O, memory mapped and cached files content.

Prerequisites: Basic and intermediate level Windows memory dump analysis: ability to list processors, processes, threads, modules, apply symbols, and walk through stack traces.

Audience: Software developers, software technical support and escalation engineers, reverse and security research engineers, digital forensic analysts.

  • Title: Advanced Windows RT Memory Dump Analysis, ARM Edition: Training Course Transcript and WinDbg Practice Exercises
  • Authors: Dmitry Vostokov, Software Diagnostics Services
  • Publisher: OpenTask (March 2014)
  • Language: English
  • Product Dimensions: 28.0 x 21.6
  • Paperback: 190 pages
  • ISBN-13: 978-1908043733

Table of Contents

Accelerated Mac OS X Core Dump Analysis: LLDB Exercises

Warning! Contains only exercises for LLDB debugger.

The following direct links can be used to order the print version:

Buy Paperback from Amazon

Buy Paperback from Barnes & Noble

The book is available for Safari Books Online subscribers

Also available for sale in PDF format from Software Diagnostics Services.

This is an update for Accelerated Mac OS X Core Dump Analysis: Training Course Transcript and GDB Practice Exercises (ISBN: 978-1908043405) book. In Mac OS X Mavericks GDB was replaced by LLDB debugger. All GDB exercises were reworked and updated for LLDB. The original first edition also contains slide transcripts and selected memory analysis pattern descriptions which are missing in this update. This update contains only LLDB exercises. If you don't have the first edition of this course then Accelerated Mac OS X Core Dump Analysis, Second Edition: Training Course Transcript with GDB and LLDB Practice Exercises (ISBN: 978-1908043719) is recommended instead of this update.

  • Title: Accelerated Mac OS X Core Dump Analysis: LLDB Exercises
  • Authors: Dmitry Vostokov, Software Diagnostics Services
  • Publisher: OpenTask (March 2014)
  • Language: English
  • Product Dimensions: 28.0 x 21.6
  • Paperback: 146 pages
  • ISBN-13: 978-1908043726

Table of Contents
Review
Amazon Reviews for the previous GDB edition

Detecting and Predicting the Unknown

A. The approach of Victimware1 (which includes abnormal behaviour of Malware such as crashes, hangs, resource leaks, CPU spikes) together with memory, malware, and log analysis pattern catalogues allows to detect unknown malware in software diagnostics and digital forensics artefacts such as memory dumps, crash reports, and software traces and logs: pattern-driven software diagnostics2 and forensics4.

B. Structural and behavioural patterns found on one operating system and/or processor architecture can be predicted for another: pattern-based software diagnostics3 and forensics4.

References:
1 http://www.patterndiagnostics.com/Victimware-materials
2 http://www.patterndiagnostics.com/Introduction-Software-Diagnostics-mate...
3 http://www.patterndiagnostics.com/pattern-based-diagnostics-materials
4 http://www.patterndiagnostics.com/pattern-oriented-software-forensics-ma...

Book: Accelerated Mac OS X Core Dump Analysis, Second Edition

New! Second edition is fully updated for Mac OS X Mavericks LLDB debugger.

The following direct links can be used to order the print version:

Buy Paperback from Amazon

Buy Paperback from Barnes & Noble

Available for sale in PDF format from Software Diagnostics Services.

The full transcript of Software Diagnostics Services Training with 12 step-by-step exercises.

  • Title: Accelerated Mac OS X Core Dump Analysis, Second Edition: Training Course Transcript with GDB and LLDB Practice Exercises
  • Authors: Dmitry Vostokov, Software Diagnostics Services
  • Publisher: OpenTask (March 2014)
  • Language: English
  • Product Dimensions: 28.0 x 21.6
  • Paperback: 406 pages
  • ISBN-13: 978-1908043719

Table of Contents
Amazon Reviews for the previous edition

Pattern-Oriented Software Forensics

The following direct links can be used to order the book now:

Buy Paperback from Amazon

Buy Paperback from Barnes & Noble

This is a transcript of Software Diagnostics Services Webinar about a comprehensive theory behind software forensics based on systemic and pattern-oriented software diagnostics developed by Software Diagnostics Institute. It synthesises pattern-oriented memory analysis of malware and victimware with pattern-oriented software log and trace analysis based on software narratology.

  • Title: Pattern-Oriented Software Forensics: A Foundation of Memory Forensics and Forensics of Things
  • Author: Dmitry Vostokov, Software Diagnostics Services
  • Publisher: OpenTask (February 2014)
  • Language: English
  • Product Dimensions: 28.0 x 21.6
  • Paperback: 44 pages
  • ISBN-13: 978-1908043696

Fundamentals of Physical Memory Analysis

The following direct links can be used to order the book now:

Buy Paperback from Amazon

Buy Paperback from Barnes & Noble

This is a transcript of Software Diagnostics Services Webinar about physical memory analysis on desktop and server Windows platforms (a revised version of the previous webinar on complete crash and hang memory dump analysis). Topics include: memory acquisition and its tricks; user vs. kernel vs. physical memory space; fibre bundle space; challenges of physical memory analysis; common WinDbg commands; patterns; common mistakes; a hands-on analysis example with logs; a guide to further study.

  • Title: Fundamentals of Physical Memory Analysis
  • Author: Dmitry Vostokov, Software Diagnostics Services
  • Publisher: OpenTask (February 2014)
  • Language: English
  • Product Dimensions: 28.0 x 21.6
  • Paperback: 56 pages
  • ISBN-13: 978-1906717155

Training: Accelerated Windows Memory Forensics

Forthcoming in March, 2014.

Reading Computer's Mind

Learn how to navigate through memory space and discover forensic artefacts. We use a unique and innovative pattern-driven analysis approach to speed up the learning curve. The training consists of practical step-by-step exercises using Microsoft WinDbg debugger from Debugging Tools for Windows to diagnose structural memory patterns in x86 and x64 physical and process memory dumps. Patterns of memory acquisition are also covered.

Accelerated Windows Memory Forensics Logo

Software Diagnostics Services (PatternDiagnostics.com) organizes a training course:

The training consists of the following materials:

  1. A full transcript in PDF format (retail price $300)
  2. 7 volumes of Memory Dump Analysis Anthology in PDF format (retail price $140)
  3. Free Software Diagnostics Library membership with access to more than 200 cross-referenced patterns of memory dump analysis, their classification and more than 70 case studies

Level: Beginner/Intermediate

Prerequisites: Working knowledge of Windows. Operating system internals concepts are explained when necessary.

Audience: Security researchers, malware analysts, digital forensics engineers who have never used WinDbg for analysis of computer memory. The course will also be useful for technical support and escalation engineers who analyse memory dumps from complex software environments and need to go deeper in their analysis of abnormal software structure and behaviour.

Patterns of Software Diagnostics Architecture

In the Debugging TV episode 0x1A we introduced a vision of software diagnostics architecture and its architectural patterns. The latter are usual patterns of software architecture if we design software diagnostics software. However, if we consider a software diagnostics system architecture in a wider context involving its users and human-assisted pattern-orientation there is a need to devise new patterns such as Patterns - View - Controller (PVC) where:

  • Patterns - represent pattern catalogues from pattern-driven and pattern-based software diagnostics methodology. It corresponds to Model in traditional Model - View - Controller software architecture pattern.
  • View - represents pattern catalogue(s) view which might include concrete pattern implementations such as OS and product specifics. A view can also be based on an intersection of several pattern catalogues, for example, memory analysis, malware analysis, and trace analysis. A user diagnostician sees such views. Any updates to underlying pattern catalogues are reflected in pattern views.
  • Controller - represents software diagnostics tools architecture and designed using software construction patterns. Such tools may include automated diagnostics or human-assisted debuggers and problem analysis tools. A user diagnostician uses such controllers. Such use may result in updates to underlying pattern catalogues when a new pattern is discovered, for example.

This software diagnostics architecture pattern is illustrated on the following diagram:

Trace Acquisition Pattern Catalogue

In addition to existing pattern catalogues such as for trace analysis we introduce patterns of trace acquisition as general platform and product independent reusable solutions to commonly occurring tracing and logging problems applicable in specific contexts. Here's the current list applicable to both software and network tracing:

  • Trace Placing Map
  • Trace Timing Plan
  • Use Case Coverage
  • Supplemental System Tracing
  • Supplemental Network Tracing
  • Supplemental Memory Acquisition
  • Full Capture Tracing
  • Tuned Capture Tracing
  • First Occurrence Tracing
  • Differential Strategy Tracing

Software Diagnostics Services is updating its Accelerated Software Trace Analysis training with complete pattern descriptions, examples and pattern-oriented trace acquisition requirements, design and implementation labs. The initial list of trace acquisition patterns may be revised and extended if necessary.

Memory Acquisition Pattern Catalogue

Software: the parts of a computer that can be dumped.

In addition to existing pattern catalogues such as for memory analysis we introduce patterns of memory acquisition as general platform and product independent reusable solutions to commonly occurring memory acquisition problems applicable in specific contexts. Here's the current list with their classification:

Structural Space Patterns

General

  • State Summary Dump
  • Region Memory Dump

Volatile

  • Process Memory Dump
  • Kernel memory Dump
  • Physical Memory Dump
  • Hyper Memory Dump
  • Fibre Bundle Dump

Persistent

  • File Memory Dump
  • Storage Memory Dump

Acquisition Strategy Patterns

  • External Dump
  • Self Dump
  • Conditional Dump
  • Dump Sequence
  • Transactional Dump

Software Diagnostics Services is developing Accelerated Memory Acquisition training with complete pattern descriptions, examples and pattern-oriented memory acquisition requirements, design and implementation labs. The initial list of memory acquisition patterns may be revised and extended if necessary.

Thinking-Based Software Diagnostics

As The Year of Software Diagnostics is almost finished we unveil a new type of software diagnostics in addition to pattern-oriented and systemic.

It is based on:

  • Critical thinking
  • Systemic thinking
  • Semiotic thinking

and uses:

  • Inductive reasoning
  • Deductive reasoning
  • Abductive reasoning

Introducing Software Narratology of Things (Software NT)

This is the further development of Software Narratology (T -> M) and Generalized Software Narratives (M -> M -> M -> ...). Now it incorporates devices (things) and IoT. Whereas the general narrative space is 2M1T:

the narrative space of NT is "complex" 2M2T:

Narratology of Things also incorporates Hardware Narratology.

Book: Advanced Windows Memory Dump Analysis with Data Structures, Second Edition

New! In the 2nd edition all exercises were updated for the latest WinDbg version from Windows SDK 8.1.

The first edition is available for Safari Books Online subscribers

The following direct links can be used to order the print version of the second edition:

Buy Paperback from Amazon

Buy Paperback from Barnes & Noble

The second edition is available for sale in PDF format from Software Diagnostics Services.

The full transcript of Software Diagnostics Services Training with 10 step-by-step exercises, notes, and selected Q&A.

  • Title: Advanced Windows Memory Dump Analysis with Data Structures: Training Course Transcript and WinDbg Practice Exercises with Notes, Second Edition
  • Authors: Dmitry Vostokov, Software Diagnostics Services
  • Publisher: OpenTask (December 2013)
  • Language: English
  • Product Dimensions: 28.0 x 21.6
  • Paperback: 198 pages
  • ISBN-13: 978-0955832888

Table of Contents

2014 - The Year of Software Forensics

The previous year 2013 was announced as The Year of Software Diagnostics and among various results it was successful in laying out the theoretical foundations for software forensics. We start the year 2014 with a seminar to show our vision of pattern-oriented software forensics and a roadmap for further development and advancement of its body of knowledge:

Webinar: Pattern-Oriented Software Forensics

Syndicate content