DOCSLIB.ORG

A Hypothesis-Based Approach to Digital Forensic Investigations (Brian D. Carrier)

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Hypothesis-Based Approach to Digital Forensic Investigations (Brian D. Carrier) CERIAS Tech Report 2006-06 A HYPOTHESIS-BASED APPROACH TO DIGITAL FORENSIC INVESTIGATIONS by Brian D. Carrier Center for Education and Research in Information Assurance and Security, Purdue University, West Lafayette, IN 47907-2086 A HYPOTHESIS-BASED APPROACH TO DIGITAL FORENSIC INVESTIGATIONS A Thesis Submitted to the Faculty of Purdue University by Brian D. Carrier In Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy May 2006 Purdue University West Lafayette, Indiana ii To my parents, Gerry and Suzanne. iii ACKNOWLEDGMENTS I would first like to thank my advisor, Eugene Spafford (spaf). His advice and guidance helped to shape and direct this work. I would also like to thank my com- mittee for their helpful ideas and comments: Cristina Nita-Rotaru, Sunil Prabhakar, Marc Rogers, and Sujeet Shenoi (University of Tulsa). The Center for Education and Research in Information Assurance and Security (CERIAS) provided me with a great environment and the resources needed to complete this work and my appreciation goes to the faculty and staff. Thanks to the many people in the digital forensics community that have assisted me over the years. Special thanks to Dan Kalil, Chet Maciag, Gary Palmer, and others at the Air Force Research Labs for the creation of the annual Digital Foren- sic Research Workshop (DFRWS). This work is based on concepts from the initial DFRWS Research Roadmap and the framework discussions at DFRWS 2004 helped to direct this work. Simson Garfinkel provided many helpful comments during his review of this document. Lastly, thanks to my family. My parents have always supported my endeavors (and gently guided me towards a degree in engineering instead of one in music). Enormous appreciation goes to my wife Jenny for being my best friend, moving back to West Lafayette from Boston, and being extra understanding during the final months of this process. iv TABLE OF CONTENTS Page LIST OF TABLES : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : viii LIST OF FIGURES : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : ix SYMBOLS : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : xii ABSTRACT : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : xvii 1 Introduction : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 1 1.1 Motivation : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 1 1.2 Related Work : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 4 1.2.1 Computation Models : : : : : : : : : : : : : : : : : : : : : : : 4 1.2.2 Digital Investigation Definitions : : : : : : : : : : : : : : : : : 5 1.2.3 Digital Investigation Process Models : : : : : : : : : : : : : : 6 1.3 A Hypothesis-Based Approach : : : : : : : : : : : : : : : : : : : : : : 11 1.3.1 Scientific Hypotheses : : : : : : : : : : : : : : : : : : : : : : : 13 1.4 Thesis Statement and Outline of Dissertation : : : : : : : : : : : : : 14 2 Ideal and Inferred Computer History Models : : : : : : : : : : : : : : : : : 16 2.1 An Object's History : : : : : : : : : : : : : : : : : : : : : : : : : : : 16 2.2 General Model Concepts : : : : : : : : : : : : : : : : : : : : : : : : : 17 2.3 The Ideal Primitive History : : : : : : : : : : : : : : : : : : : : : : : 20 2.3.1 Primitive State History : : : : : : : : : : : : : : : : : : : : : 22 2.3.2 Primitive Event History : : : : : : : : : : : : : : : : : : : : : 28 2.3.3 Primitive History Model Proofs : : : : : : : : : : : : : : : : : 32 2.4 The Ideal Complex History : : : : : : : : : : : : : : : : : : : : : : : 33 2.4.1 Overview : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 33 2.4.2 Complex State History : : : : : : : : : : : : : : : : : : : : : : 37 2.4.3 Complex Event History : : : : : : : : : : : : : : : : : : : : : : 43 v Page 2.4.4 Complex History Model Proofs : : : : : : : : : : : : : : : : : 47 2.5 The Inferred History : : : : : : : : : : : : : : : : : : : : : : : : : : : 49 2.5.1 Inferred Primitive History : : : : : : : : : : : : : : : : : : : : 50 2.5.2 Inferred Complex History : : : : : : : : : : : : : : : : : : : : 52 3 Scientific Digital Investigation Process : : : : : : : : : : : : : : : : : : : : 55 3.1 Overview : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 55 3.2 Observation Phase : : : : : : : : : : : : : : : : : : : : : : : : : : : : 57 3.2.1 Direct and Indirect Observations : : : : : : : : : : : : : : : : 58 3.2.2 Observation Zones : : : : : : : : : : : : : : : : : : : : : : : : 59 3.2.3 State Preservation : : : : : : : : : : : : : : : : : : : : : : : : 61 3.3 Hypothesis Formulation Phase : : : : : : : : : : : : : : : : : : : : : : 63 3.4 Prediction Phase : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 65 3.4.1 Searching the Inferred History : : : : : : : : : : : : : : : : : : 66 3.5 Testing and Searching Phase : : : : : : : : : : : : : : : : : : : : : : 68 4 Categories and Classes of Analysis Techniques : : : : : : : : : : : : : : : : 70 4.1 Primitive History Categories : : : : : : : : : : : : : : : : : : : : : : : 71 4.1.1 History Duration Category : : : : : : : : : : : : : : : : : : : 71 4.1.2 Primitive Storage System Configuration Category : : : : : : : 73 4.1.3 Primitive Event System Configuration Category : : : : : : : : 77 4.1.4 Primitive State and Event Definition Category : : : : : : : : 80 4.2 Complex History Categories : : : : : : : : : : : : : : : : : : : : : : : 89 4.2.1 Complex Storage System Configuration Category : : : : : : : 90 4.2.2 Complex Event System Configuration Category : : : : : : : : 94 4.2.3 Complex State and Event Definition Category : : : : : : : : : 98 4.3 Completeness of Categories : : : : : : : : : : : : : : : : : : : : : : : 111 4.4 Category and Class Dependencies : : : : : : : : : : : : : : : : : : : : 114 4.5 Examples : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 116 4.5.1 File Searching : : : : : : : : : : : : : : : : : : : : : : : : : : : 116 vi Page 4.5.2 Image Searching : : : : : : : : : : : : : : : : : : : : : : : : : : 117 4.5.3 Event Occurrence : : : : : : : : : : : : : : : : : : : : : : : : : 118 4.6 Related Work : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 120 4.6.1 Program Understanding : : : : : : : : : : : : : : : : : : : : : 120 4.6.2 Decompiling : : : : : : : : : : : : : : : : : : : : : : : : : : : : 120 4.6.3 User-level Events : : : : : : : : : : : : : : : : : : : : : : : : : 121 4.6.4 Automated Event Hypothesis and Prediction Formulation : : 122 4.6.5 Digital Event Reconstruction : : : : : : : : : : : : : : : : : : 124 4.6.6 Analysis Layers : : : : : : : : : : : : : : : : : : : : : : : : : : 126 5 Application to Practice : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 128 5.1 Process Models : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 128 5.1.1 NIJ Electronic Crime Scene Model : : : : : : : : : : : : : : : 128 5.1.2 Integrated Digital Investigation Process Model : : : : : : : : : 130 5.2 Existing Investigation Tools : : : : : : : : : : : : : : : : : : : : : : : 130 5.3 Trusted Software and Hardware : : : : : : : : : : : : : : : : : : : : : 133 5.4 Forensic Science Concepts : : : : : : : : : : : : : : : : : : : : : : : : 135 5.4.1 Transfer : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 135 5.4.2 Identification : : : : : : : : : : : : : : : : : : : : : : : : : : : 137 5.4.3 Classification : : : : : : : : : : : : : : : : : : : : : : : : : : : 138 5.4.4 Individualization : : : : : : : : : : : : : : : : : : : : : : : : : 139 5.4.5 Association : : : : : : : : : : : : : : : : : : : : : : : : : : : : 140 5.4.6 Reconstruction : : : : : : : : : : : : : : : : : : : : : : : : : : 141 5.5 Daubert Guidelines : : : : : : : : : : : : : : : : : : : : : : : : : : : : 141 5.6 Software Debugging : : : : : : : : : : : : : : : : : : : : : : : : : : : : 142 6 Summary : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 144 6.1 Accomplishments : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 144 6.2 Implications of Work : : : : : : : : : : : : : : : : : : : : : : : : : : : 145 6.3 Future Directions : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 148 vii Page 6.3.1 Certainty Values : : : : : : : : : : : : : : : : : : : : : : : : : 149 6.3.2 Event and State Logging Devices : : : : : : : : : : : : : : : : 150 6.3.3 Complex Event Database : : : : : : : : : : : : : : : : : : : : : 152 6.3.4 Partitioned Systems : : : : : : : : : : : : : : : : : : : : : : : 153 LIST OF REFERENCES : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 154 A 4-bit Simulator Reconstruction : : : : : : : : : : : : : : : : : : : : : : : : : 163 VITA : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 169 viii LIST OF TABLES Table Page A.1 The possible events and their probability after reconstructing one time step from a known state. : : : : : : : : : : : : : : : : : : : : : : : : : 165 A.2 A final state was used to reconstruct the possible histories that could result in this state. This table shows the results from seven time steps and includes time step, the total number of possible histories, and the number of unique histories. : : : : : : : : : : : : : : : : : : : : : : : 167 ix LIST OF FIGURES Figure Page 1.1 The NIJ Electronic Crime Scene Guide has a process with five phases in it for a digital investigation. : : : : : : : : : : : : : : : : : : : : : 7 1.2 The Integrated Digital Investigation Process Model has five phases in it the Digital Crime Scene Investigation that are based on a physical
Load more

Recommended publications
  • CERIAS Tech Report 2004-26 a CATEGORIZATION OF
    CERIAS Tech Report 2004-26 A CATEGORIZATION OF COMPUTER SECURITY MONITORING SYSTEMS AND THE IMPACT ON THE DESIGN OF AUDIT SOURCES by Benjamin A. Kuperman Center for Education and Research in Information Assurance and Security, Purdue University, West Lafayette, IN 47907-2086 A CATEGORIZATION OF COMPUTER SECURITY MONITORING SYSTEMS AND THE IMPACT ON THE DESIGN OF AUDIT SOURCES A Thesis Submitted to the Faculty of Purdue University by Benjamin A. Kuperman In Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy August 2004 ii ACKNOWLEDGMENTS There are a number of individuals and organizations that I would like to recognize for their assistance and support throughout the many years of my graduate career. First, I would like to note that portions of this work were supported by a gift from the Intel Corporations, Grant EIA-9903545 from the National Science Foundation, and the sponsors of the Purdue Center for Education and Research in Information Assurance and Security. I would like to personally thank the various sponsors of COAST and CERIAS for both their financial and intellectual support. Many of the opportunities I have had to research computer security would not have been possible without you. I would like to especially thank Hewlett-Packard Corporation including Mark Crosbie, John Trudeau, and Martin Sadler for a wonderful and productive internship and continuing relationship over the years. I would also like to thank my committee for all of their input, feedback, and support, especially my advisor Gene Spafford. Without his assistance and the op- portunities he has made available, I doubt I would be where I am today.
    [Show full text]
  • Session Learning and Teaching Methods, E-Learning + Educational Tools, and Related Issues
    Int'l Conf. e-Learning, e-Bus., EIS, and e-Gov. | EEE'14 | 1 SESSION LEARNING AND TEACHING METHODS, E-LEARNING + EDUCATIONAL TOOLS, AND RELATED ISSUES Chair(s) TBA Copyright © 2014 CSREA Press, ISBN: 1-60132-268-2; Printed in the United States of America 2 Int'l Conf. e-Learning, e-Bus., EIS, and e-Gov. | EEE'14 | Copyright © 2014 CSREA Press, ISBN: 1-60132-268-2; Printed in the United States of America Int'l Conf. e-Learning, e-Bus., EIS, and e-Gov. | EEE'14 | 3 Students’ Perception towards Soft CLIL in the Basque Secondary Schools Chiharu Nakanishi1 and Hodaka Nakanishi2 1Music Department, Kunitachi College of Music, Tachikawa, Tokyo, Japan 2Joint Program Center, Teikyo University, Itabashi-ku, Tokyo, Japan language. Each is interwoven, even if the emphasis is greater Abstract - The Basque Autonomous Community, which is a on one or the other in a given time (p.1) [1].” bilingual community of Basque and Spanish, has adopted As CLIL is an innovative approach, well-devised CLIL as a method to teach English as a foreign language materials are to be developed. In order to meet the needs for with on-line materials as well as written materials. The object teachers who want to implement CLIL in their classroom, of this study is to investigate how the students think about several materials are provided on-line such as E-CLIL by studying subjects in English, in the form of Soft CLIL European Resource Centre and EKI project in Basque whose (language-driven) in the Basque-medium school. The materials are used in the schools we observed.
    [Show full text]
  • Contents Years, a Majority of IT Security Pros the Judges
    2013 SC Awards U.S. Optimistic despite threats When it comes to data protection and risk management planning, informa- tion security professionals are feeling more hopeful than ever. According to our annual “Guarding Against a Data Breach” survey, compared to previous Contents years, a majority of IT security pros The Judges .............................................................................. 54 say their organizations are taking ap- The Sponsors .......................................................................... 55 propriate steps to protect critical data. Word from the co-chair ........................................................... 56 As promising as this feedback is, one has to juxtapose it against the less Reader Trust Awards upbeat happenings of our collective Best Anti-Malware Gateway ................................................... 56 reality. For starters, advanced persistent threats (APTs) and Best Cloud Computing Security ............................................ 57 other more methodical and sophisticated cyber crime attacks Best Computer Forensic Tool ................................................. 57 Best Data Leakage Prevention (DLP) .................................... 58 are becoming the norm, according to most experts. Just look to Best Database Security Solution .......................................... 58 the recent attacks against The New York Times, Twitter or the Best Email Security Solution .................................................. 59 U.S. Department of Energy to get a sense
    [Show full text]
  • 0201707195.Pdf
    Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and Addison-Wesley,Inc., was aware of a trademark claim, the designations have been printed in initial capital letters or in all capitals. The authors and publisher have taken care in the preparation of this book, but make no expressed or implied waranty of any kind and assume no responsibility for errors or omis- sions. No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herin. Screen shots reprinted with permission from Microsoft. The publisher offers discounts on this book when ordered in quantity for special sales. For more information, please contact: Pearson Education Corporate Sales Division 201 W. 103rd Street Indianapolis, IN 46290 (800) 428-5331 [email protected] Visit AW on the Web: www.awl.com/cseng/ Library of Congress Cataloging-in-Publication Data Kruse, Warren G. Computer forensics : incident response essentials / Warren G. Kruse II, Jay G. Heiser. p. cm. Includes bibliographical references and index. ISBN 0-201-70719-5 1. Computer security. 2. Computer networks—Security measures. 3. Forensic sciences. I. Heiser, Jay G. II. Title QA76.9.A25 K78 2001 005.8—dc21 2001034106 Copyright © 2002 by Lucent Technologies All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form, or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior consent of the publisher.
    [Show full text]
  • Chƣơng Trình Đào Tạo
    TRƢỜNG ĐẠI HỌC CÔNG NGHIỆP THỰC PHẨM TP.HCM KHOA CÔNG NGHỆ THÔNG TIN ---------------------------------------------------- CHƢƠNG TRÌNH ĐÀO TẠO Ngành đào tạo: An toàn thông tin Tên tiếng Anh: Information Security Trình độ đào tạo: Đại học Mã số: 52480299 Loại hình đào tạo: Chính quy TP. H Ch Minh th ng 04 n m 2017 MỤC LỤC 1. Mục tiêu đào tạo ............................................................................................................. 1 1.1. Mục tiêu chung ................................................................................................................... 1 1.2. Mục tiêu cụ thể ................................................................................................................... 1 2. Chuẩn đầu ra của chƣơng trình đào tạo ..................................................................... 2 3. Chi tiết chuẩn đầu ra và học phần ch nh tƣơng ứng ................................................. 3 4. Ma trận chƣơng trình đào tạo – chuẩn đầu ra của c c học phần ............................ 7 5. Vị tr làm việc sau khi tốt nghiệp ............................................................................... 11 6. Khả n ng học tập nâng cao trình độ sau khi ra trƣờng ......................................... 11 7. Thời gian đào tạo: 3 5 n m. ........................................................................................ 12 8. Khối lƣợng kiến thức toàn khóa ................................................................................. 12 9. Đối tƣợng tuyển sinh...................................................................................................
    [Show full text]
  • Intrusion and Intrusion Detection
    IJIS (2001) 1: 14–35 / Digital Object Identifier (DOI) 10.1007/s102070100001 Intrusion and intrusion detection John McHugh ∗ CERT Coordination Center , Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA 15213-3890, USA E-mail: [email protected] Published online: 27 July 2001 – Springer-Verlag 2001 Abstract. Assurance technologies for computer security panel that solutions to the problem will not occur have failed to have significant impacts in the marketplace, spontaneously, nor will they come from the various with the result that most of the computers connected to well-intentioned attempts to provide security as an the internet are vulnerable to attack. This paper looks at add-on to existing systems. the problem of malicious users from both a historical and practical standpoint. It traces the history of intrusion and Although these words could have been written today, intrusion detection from the early 1970s to the present they come from one of the seminal documents in com- day, beginning with a historical overview. The paper de- puter security, a report [3, Preface] prepared by James P. scribes the two primary intrusion detection techniques, Anderson & Co. for then Major Roger R. Schell of the anomaly detection and signature-based misuse detection, USAF in 1972. In the nearly 30years since the prepar- in some detail and describes a number of contemporary ation of the Anderson report, little has changed, except research and commercial intrusion detection systems. It that we are, perhaps, less sanguine about the solvabil- ends with a brief discussion of the problems associated ity of the problem. The line of research and development with evaluating intrusion detection systems and a dis- proposed in the report has produced a few fairly secure cussion of the difficulties associated with making further systems, but none that have achieved commercial success progress in the field.
    [Show full text]
  • Personal Computing in the Soviet Era
    Contents | Zoom in | Zoom out For navigation instructions please click here Search Issue | Next Page Volume 37 Number 1 January–March 2015 www.computer.org Red Clones: Personal Computing in the Soviet Era Contents | Zoom in | Zoom out For navigation instructions please click here Search Issue | Next Page qM qMqM Previous Page | Contents |Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM Qmags THE WORLD’S NEWSSTAND® IEEE Annals of the History of Computing Vol. 37, No. 1 Contentswww.computer.org/annals January–March 2015 From the Editor’s Desk 2 Nathan Ensmenger, Editor in Chief Red Clones: The Soviet Computer Hobby Movement 12 of the 1980s Zbigniew Stachniak History of Computing in India: 1955–2010 24 Vaidyeswaran Rajaraman Useful Instruction for Practical People: Early Printed 36 Discussions of the Slide Rule in the US Peggy Aldrich Kidwell The Production and Interpretation of ARPANET Maps 44 Bradley Fidler and Morgan Currie “There Is No Saturation Point in Education”: Inside IBM’s 56 Sales School, 1970s–1980s James W. Cortada For more information on computing topics, visit the Computer Society Digital Library at www.computer.org/csdl. Sergey Popov operating a Micro-80 computer at the Moscow Institute of Electronic Engineering in 1979. (Photograph courtesy of Sergey Popov.) Published by the IEEE Computer Society ISSN 1058-6180 qM qMqM Previous Page | Contents |Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM Qmags THE WORLD’S NEWSSTAND® qM qMqM Previous Page | Contents |Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM Qmags THE WORLD’S NEWSSTAND® Departments Editor in Chief Nathan Ensmenger 4 Interviews Associate Editors Dag Spicer David Hemmendinger, Marie Hicks Interview with Gordon Bell Christian Sandstrom,€ Jeffrey R.
    [Show full text]
  • A Framework for Live Forensics
    c 2011 Ellick M. Chan A FRAMEWORK FOR LIVE FORENSICS BY ELLICK M. CHAN DISSERTATION Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate College of the University of Illinois at Urbana-Champaign, 2011 Urbana, Illinois Doctoral Committee: Professor Roy H. Campbell, Chair, Director of Research Professor Carl Gunter Professor Pierre Moulin Professor Samuel T. King Professor Alex Halderman, University of Michigan Abstract Current techniques used by forensic investigators during incident response and search and seizure operations generally involve pulling the power on suspect machines and performing traditional dead box post-mortem analysis on the persistent storage medium. These cyber- forensic techniques may cause significant disruption to the evidence gathering process by breaking active network connections and unmounting encrypted disks. In contrast, live forensic tools can collect evidence from a running system while preserving system state. In addition to collecting the standard set of evidence, these tools can collect evidence from live web browser sessions, VPN connections, IM and e-mail. Although newer live forensic analysis tools can preserve active state, they may taint evidence by leaving footprints in memory. Current uses of live forensics in corporate in- cident response efforts are limited because the tools used to analyze the system inherently taint the state of disks and memory. As a result, the courts have been reluctant to accept evidence collected from volatile memory and law enforcement has been reluctant to use these techniques broadly. To help address these concerns we present Forenscope, a framework that allows an in- vestigator to examine the state of an active system without inducing the effects of taint or forensic blurriness caused by analyzing a running system.
    [Show full text]
  • Unregisterd Version
    Ripped by AaLl86 Software Security: Building Security In By Gary McGraw ............................................... Publisher: Addison Wesley Professional Pub Date: January 23, 2006 Print ISBN-10: 0-321-35670-5 Print ISBN-13: 978-0-321-35670-3 Pages: 448 Table of Contents | Index "When it comes to software security, the devil is in the details. This book tackles the details." -- Bruce Schneier, CTO and founder, Counterpane, and author of Beyond Fear and Secrets and Lies "McGraw's book shows you how to make the 'culture of security' part of your development lifecycle." --Howard A. Schmidt, Former White House Cyber Security Advisor "McGraw is leading the charge in software security. His advice is as straightforward as it is actionable. If your business relies on software (and whose doesn't), buy this book and post it up on the lunchroom wall." --Avi Rubin, Director of the NSF ACCURATE Center; Professor, Johns Hopkins University; and coauthor of Firewalls and Internet Security Beginning where the best-selling book Building Secure Software left off, Software Security teaches you how to put software security into practice.The software security best practices, or touchpoints, described in this book have their basis in good software engineering and involve explicitly pondering security throughout the software development lifecycle. This means knowing and understanding common risks (including implementation bugsand architectural flaws), designing for security, and subjecting all software artifacts to thorough, objective risk analyses and testing. Software Security is about putting the touchpoints to work for you. Because you can apply these touchpoints to the software artifacts you already produce as you develop software, you can adopt this book's methods without radically changing the way you work.
    [Show full text]