Bella, M.A. BihinaEloff, Jan H.P.2016-07-212016-02Bella, MAB & Eloff, JHP 2016, 'A near-miss management system architecture for the forensic investigation of software failures', Forensic Science International, vol. 259, pp. 234-245.0379-0738 (print)1872-6283 (online)10.1016/j.forsciint.2015.10.007http://hdl.handle.net/2263/56011Digital forensics has been proposed as a methodology for doing root-cause analysis of major software failures for quite a while. Despite this, similar software failures still occur repeatedly. A reason for this is the difficulty of obtaining detailed evidence of software failures. Acquiring such evidence can be challenging, as the relevant data may be lost or corrupt following a software system‘s crash. This paper proposes the use of near-miss analysis to improve on the collection of evidence for software failures. Near-miss analysis is an incident investigation technique that detects and subsequently analyses indicators of failures. The results of a near-miss analysis investigation are then used to detect an upcoming failure before the failure unfolds. The detection of these indicators – known as near misses – therefore provides an opportunity to proactively collect relevant data that can be used as digital evidence, pertaining to software failures. A Near Miss Management System (NMS) architecture for the forensic investigation of software failures is proposed. The viability of the proposed architecture is demonstrated through a prototype.en© 2015 Elsevier Ireland Ltd.. All rights reserved. Notice : this is the author’s version of a work that was accepted for publication in Forensic Science International : Genetics. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version was subsequently published in Forensic Science International, vol. 259, pp. 234-245, 2016. doi : 10.1016/j.forsciint.2015.10.007.Software failureNear missNear-miss management system (NMS)Digital evidenceDigital forensicsPostprint Article