What is forensic analysis, and when is it used? Well fundamentally forensic analysis is used when we wish to learn underlying truths about a product. For example we might be interested in knowing what was a product really designed for, or is this product using copyrighted or patented technology?

Now in some cases the design documentation is freely available and so the analysis can proceed in a straightforward manner. Where it gets very challenging is when products are designed overseas. In this case even the most skilled and diligent attorneys find it impossible to obtain adequate discovery. In which case, without the underlying documentation it is necessary to turn to a forensic approach in order to learn these underlying truths about a product.

The forensic analysis may be limited to just the hardware or just the firmware. However given that the whole point of a microprocessor based design is the synergistic combination of hardware and firmware it is usually the interaction of these two that reveals the most interesting evidence. So clearly you need someone that is equally comfortable in both arenas.

So what can forensic analysis reveal? Well here are some examples from my recent work:

  • Products whose use is contrary to that stated by the manufacturer
  • Expensive components that are extraneous to a product’s stated use but are essential for nefarious purposes
  • Firmware containing copyrighted materials
  • Designs that infringe on patent rights

Exposing these components is sometimes quite easy but more often than not I need to use sophisticated equipment to expose the interaction between the hardware and firmware. My principal tool of course is the oscilloscope. In my case I used a mixed signal scope that allows me to look at analog and digital signals simultaneously, thus being able to really see how something works. When I need to analyze communications between devices, protocol analyzers are invaluable. For other issues specialized equipment such as emulators and power analyzers are really helpful.

When I’m looking at the firmware then I’ll use other industry standard tools such as IdaPro which allows me to disassemble code and better understand what it is doing and how it does it. File comparison tools such as CodeSuite from S.A.F.E. are also useful for comparing legitimate and suspect code.

Now unearthing evidence is one thing, but all the analysis in the world is useless if you can’t make it understandable to a lay person. I put a lot of effort into ensuring that my reports are as clearly and concisely argued as possible. If the case proceeds to trial I like to work with a skilled artist to produce a presentation that is high on visual content and low on jargon. Jurors really seem to appreciate this approach.

So is forensic analysis worthwhile? Well clearly it depends, but for the right kind of case it can lead to rapid and highly favorable settlements. Recently I performed a forensic analysis for the plaintiffs in a case which settled[1] for $106 million shortly after the submission of my report.

Thanks for watching.

[1] An agreed judgment in the amount of $106m was entered, along with a permanent injunction barring any further importation, distribution or other trafficking in the illicit devices.