Page 109 - SOFTWARE TESTING & QUALITY ASSURANCE

P. 109

Software Testing and Quality Assurance

Determine the length of a supplied strlen RtlStringCbLength
string. wcslen RtlStringCchLength
Create a formatted text string that is sprintf RtlStringCbPrintf
based on a format string and a set of swprintf RtlStringCbPrintfEx
additional function arguments. _snprintf RtlStringCchPrintf
_snwprintf RtlStringCchPrintfEx
Create a formatted text string that is vsprintf RtlStringCbVPrintf
based on a format string and one vswprintf RtlStringCbVPrintfEx
additional function argument. _vsnprintf RtlStringCchVPrintf
_vsnwprintf RtlStringCchVPrintfEx

Source: http://www.osronline.com/ddkx/kmarch/other_9bqf.htm

It is the responsibility of the programmer to use the inbuilt string function of C or

C++ languages properly to overcome any overruns problem. Proper logic and correct
usage of strings can overcome the overrun problem.

7.2.4 Computer Forensics
Computer forensics is also called as cyber forensics. This is a technique of computer investigation and
analysis that is used to gather substantial evidence against a cyber crime for presenting it in a court of
law. The main aim of computer forensics is to conduct a structured investigation of a cyber crime to find
out what happened and who was responsible for it. This is done to protect the security of software.

Computer forensics deals with identifying and solving crimes that are carried out by using computer
technology. The governments across the globe have imposed many laws to check cyber crimes.
However, lack of evidence has made it difficult to prosecute the people responsible for the crimes.
Computer forensics helps to overcome such difficulties. It helps to gather evidence to take legal actions
against those who carry out such crimes.

Did you know? International Data Corporation (IDC), in the year 2005, reported that “the market for
intrusion-detection and vulnerability-assessment software will reach 1.45 billion
dollars in 2006” (US-CERT, 2005).

Some of the major reasons for criminal activities in computer are:

Unauthorized use of username and password.

1. Accessing other users’ computer via the internet.
2. Releasing virus to other computers.

3. Harassment and stalking in cyberspace.
4. E-mail Fraud.
5. Theft of company documents.

The tester should check for security vulnerability issues related to test software from a computer
forensic perspective. Sometimes, hackers do not really need to break into your system to steal the data,
since some data can be easily accessed. If the hacker knows where exactly to look for a particular data
then he/she can easily get the data from the software.
When you download any file or picture from the internet-- by default, all the
files and pictures are saved in "Temporary Internet Files" folder on Windows
operating system. In case you have accessed any confidential information on
the Internet, the same would also be saved in the “Temporary Internet Files”,
and a hacker can easily view and use this file.

102 LOVELY PROFESSIONAL UNIVERSITY

104 105 106 107 108 109 110 111 112 113 114