About The Author and This Article
I am an accredited electrical engineer and have been a hands-on software professional since 1976. I have authored 3 books on distributed computing topics, taught postgraduate-level software courses commercially, and spoken at and organized many technical conferences. I started assessing technology and technology companies for investors in 1985. Expert witness work first came to me in 1996; it arises principally from intellectual property and patent disputes, with a smaller portion relating to market knowledge matters.
Lawyers hire software experts for engineering knowledge, not legal knowledge or analysis. I stay in my lane; I have no legal training so I respond to instructions and certain queries from lawyers and judges. Everything I know about legal systems from the point of view of an expert was learned from very patient and eloquant clients, and from an older, very experienced expert who mentored me because he consistently had more business than he could handle. I learned a lot from handling his overflow.
- This article explains how I think about probability, including making assessments, the importance of knowing what the appropriate technique might be for a sitatuation.
- Next, I present a survey of how various courts regard the use of likelihood ratio in an analysis. Countries discussed include Australia, China, the EU, International Chamber of Commerce, Japan, the UK, and the USA. Experts must adapt to each jurisdiction in order to be effective.
- As legal systems develop their understanding of software evidence, my practice evolves with them. This article contains some forward-looking thoughts.
Certainty
The purpose of probability is to quantify uncertainty. Roll a six-sided die: the probability of any given face is exactly one in six. Schrödinger knows that all he needs to do is open the box and see how the cat is feeling. Forensic problems are usually more complex.
In software forensics, the probability that two artifacts share a particular characteristic coincidentally depends on how common that characteristic is, how many independent opportunities existed for it to arise, and whether the observed similarity is better explained by independent development or by copying. These questions do not always have clean numerical answers, but they can often be bounded, estimated, and argued rigorously.
For empirical truth, certainty is generally assumed once a threshold of probability is achieved. That is the basis for DNA profile matching, fingerprint comparison, and retinal identification. The same logic applies in software forensics, with appropriate adjustments for what is being compared.
Two traps appear in this reasoning. The first is the prosecutor’s fallacy: treating a likelihood ratio or probability estimate as if it directly states the probability of guilt or liability. It does not. The second is false dichotomy: treating a nuanced evidentiary picture as a binary yes-or-no. Black-and-white conclusions are often easier to state but less accurate than the underlying evidence warrants.
An Auditable Past
Qualified software experts are relatively uncommon. Most expert witnesses work in other disciplines, including medicine, finance, mental health, DNA analysis, and fingerprint examination. An engineer who specializes in software forensics can sometimes employ a different analytical approach than their colleagues in other disciplines.
When a software project is developed through normal engineering practice, it leaves behind an auditable record: version control history, commit timestamps, branch and merge events, issue tracker narratives, evolution of requirements, documentation of integration challenges, production issues, manufacturing issues, vendor issues, executive correspondence, and the list is endless.
Project records are produced as part of the activity of a development project. Project documentation is a digital trail that accumulates as the project progresses (or fails to progress).
A software expert, working from a complete project record, can replay the past and reconstruct the project at any moment. No other expert discipline routinely achieves this. A civil engineer modeling a bridge failure must use simulation. A medical expert is constrained by biological complexity and the imperative to cause no harm to their patient.
Having a digital record elevates what is possible analytically. In a typical intellectual property dispute, the question is whether a particular piece of software originated from an independent development effort or was derived from something else. The development history might be able to answer that question directly: it shows what existed when, who did what, and in what order events occurred. When Git logs have been trimmed to eliminate old information, probabilistic analysis of key features can determine whether the patterns, structures, and anomalies present in the two codebases arose independently or whether one project was contaminated by another.
Certain artifacts are particularly probative. Installation-specific configuration, debug remnants, and incidental binary patterns are unlikely to arise independently in two codebases. I have also found email addresses, serial numbers, and passwords belonging to a plaintiff in the defendant’s source code.
When rare, unintended artifacts can be isolated and compared, the probability of coincidental correspondence can sometimes be calculated as a mathematical fact rather than estimated from sample data. This is because the space of possible implementations is, in principle, countable and provably finite. Where that computation is possible, it requires no reference population and cannot be challenged on sampling grounds. This is a material distinction between software forensics and most other forensic disciplines.
When historical project logs are available, specific and detailed reasons for why something happened (or did not happen) can become evident. If those logs align with the artifact evidence, the probabilities compound.
Analytical methods for this type of determination are addressed in the companion article, Detecting Software Copying.
None of this is possible when grappling with biology. The Maker, if such a being exists, did not leave their notebook behind for us to read and admire the doodles in the margins.
AI
Since 2025, with AI, experts have been able to interrogate LLMs that have read the records of a project. Questions could be input, such as “Which change orders required the most revisions before acceptance, and what were the sources of those change orders?”
Whether one should believe the result of any conversation with an LLM is a rich topic that bears discussion. However, if one merely considers information from an LLM as rumor from a biased source and is diligent about verifying claims and references, this technology might be considered helpful.
Listening to a rumormonger and then fact-checking is often better than entirely ignoring information that contains a lot of misinformation. I have written extensively on LLMs.
I am able to set up LLMs with project data so that I and others can interrogate it securely.
Defensible Methodology
An expert should be able to justify the choice of method. The traditional approach is not automatically the right one, and the realities of a case often limit what is available. One contends with reality as encountered. Picking the wrong technique means a great deal of work and likely a disappointing result. This is one way that experts can fail.
One analytical technique is to compute and compare the likelihood ratio (LR) across competing hypotheses: how much more probable is the evidence if copying occurred than if the two projects developed independently? This is the Sherlock Holmes approach applied numerically: reason from evidence to the most probable explanation, producing a number that can be examined, challenged, and updated in the face of new evidence.
The LR framework was developed primarily for disciplines where probability must be estimated from samples, such as DNA frequency databases and fingerprint comparison studies. Many jurisdictions have built their expectations around that sampling-based model. Software forensics does not always fit that model. For carefully selected artifacts, the probability of coincidental correspondence can be derived using the mathematics of combinatorics rather than estimated statistically.
An expert working in a given jurisdiction needs to understand what that jurisdiction expects and explain clearly how the analysis relates to those expectations. We must adapt to address the court in the most effective way possible; that does not usually mean telling them they are wrong, but it might.
Courts’ current Bayesian requirements were heavily influenced by the prevalence of sampling-based disciplines. For software artifacts whose probability can be computed directly, those requirements would apply differently. Please contact me directly if you wish to discuss this topic further.
Worldwide Likelihood Ratio Acceptance
In software forensics, the likelihood ratio (LR) expresses how much more probable the observed evidence is under one hypothesis than under an alternative. An LR of 1,000 means the evidence is one thousand times more probable under the first hypothesis than the second. An LR of exactly 1 is neutral: the evidence does not favor either side. LR measures relative evidential support and says nothing, by itself, about guilt or liability; that determination belongs to the trier of fact.
Courts in most jurisdictions where technology disputes arise accept the likelihood ratio as a potentially appropriate framework for expert evaluation. Legal systems have developed that expectation largely through experience with biological and trace evidence disciplines. The consistent condition is that the calculation must rest on a sound statistical or mathematical basis. Where that condition is met, LR-based testimony is at home in any of the forums below. Where it is not, courts have said so clearly; an expert must establish the basis if they wish to justify the use of the framework.
In biological forensics, experts face two separate questions: was this trace material present, and what caused it to be there? Each question requires independent reasoning and its own statistical basis. In software forensics, the evidence often speaks more directly. Structural similarity, shared anomalies, and statistically improbable patterns of correspondence can identify the presence of copied code and can often show how it got there. When computing mathematical probability for software forensics is possible, the computation does not generally depend on sample populations.
How each jurisdiction has received and conditioned the LR framework is documented in the sections below.
Click on a section header below to see how LR is accepted in various jurisdictions worldwide.
Australia
Australia’s National Institute of Forensic Science (NIFS), operating within the Australia New Zealand Policing Advisory Agency (ANZPAA), has formally endorsed the likelihood ratio as the standard framework for evaluative reporting in forensic science. The NIFS guidance draws on international standards, particularly those of ENFSI, while tailoring them to Australian and New Zealand forensic and judicial practice.
China
China has no nationwide mandate for LR-based evaluative reporting, and traditional categorical forensic methods remain common in court practice. The picture is one of active development rather than established endorsement: Chinese forensic researchers have applied and validated LR approaches across DNA profiling, voice comparison, and document examination, and results have reached courts in specific cases.
Since that 2016 case, the trajectory has continued. Dong et al. (2019), writing in Evidence Science, surveyed progress in the study and application of LR methods in Chinese forensic practice. He et al. (2021), in an open-access review published in Forensic Sciences Research, traced the development of Chinese forensic standards, situating LR within a broader alignment with international frameworks that remains ongoing rather than complete.
EU
The European Network of Forensic Science Institutes (ENFSI) represents forensic science laboratories across EU member states and has established the likelihood ratio as the required framework for evaluative reporting. The ENFSI Guideline for Evaluative Reporting, approved at version 3.0 in 2015, articulates the principles that forensic experts are expected to apply when presenting scientific evidence before courts throughout Europe.
The ENFSI framework treats the LR as the logically necessary consequence of adopting probability as the measure of uncertainty in forensic evaluation. An expert who expresses a conclusion without quantifying the LR or its verbal equivalent has not, under this guidance, provided a complete evaluative opinion. The methodology is embedded in practitioner training and laboratory accreditation processes across EU member states.
International Chamber of Commerce (ICC)
The International Chamber of Commerce (ICC) administers international commercial arbitration under its Rules of Arbitration, handling disputes in technology, construction, finance, and other fields where complex technical and quantitative expert evidence is routine. Under Article 25 of the 2021 ICC Arbitration Rules, tribunals have broad discretion over the conduct of proceedings, including the admission and weight of expert evidence. Tribunals assess expert reports for relevance, materiality, independence, and the quality of reasoning, without mandating specific analytical frameworks such as LR.
ICC arbitration does not prescribe probabilistic methods. What it does require is that expert opinions be rigorously reasoned and grounded in reliable methodology. In technical and quantitative disputes, that standard naturally invites probabilistic analysis: damages quantification, risk modeling, and causal attribution in software and technology cases all involve the kind of statistical reasoning that LR-based analysis represents.
This discretion cuts both ways: a tribunal may discount expert evidence it finds methodologically weak, and may give significant weight to opinion grounded in transparent, quantitative analysis. A software expert who presents an LR-based opinion in ICC arbitration, with the statistical basis clearly articulated, is offering the kind of reasoned, reproducible analysis that ICC practice rewards.
Japan
Japan’s forensic science community has developed and validated LR-based evaluation methods across multiple disciplines, including DNA profiling, speaker identification, kinship analysis, and authorship attribution. Japanese researchers have contributed to international validation of the LR framework, applying and testing it on Japanese-language and Japanese-population data and publishing results in both domestic and international forensic science literature.
The Japanese Journal of Forensic Science and Technology (日本法科学技術学会誌) publishes research applying LR to STR DNA mixtures, Y-chromosome analysis, and voice forensics, drawing on and contributing to international standards. In 2025, validation of probabilistic genotyping systems using Japanese DNA profiles compliant with international guidelines further demonstrated the integration of LR methodology into Japanese forensic laboratory practice.
This characterization, “logically and legally correct”, reflects a considered position: not merely that LR is technically valid, but that it is the appropriate form for expressing forensic opinion within a legal framework.
UK
In the United Kingdom, the likelihood ratio occupies a formal, central place in forensic science practice. The Royal Statistical Society (RSS), through its Working Group on Statistics and the Law (a collaboration with the Nuffield Foundation), produced a practitioner series directly addressed to judges, lawyers, forensic scientists, and expert witnesses. This series has shaped both professional standards and judicial understanding of probabilistic evidence across England, Wales, Scotland, and Northern Ireland.
Practitioner Guide No. 1 Fundamentals of Probability and Statistical Evidence in Criminal Proceedings, establishes the LR as the correct form in which an expert should offer an evaluative opinion on evidence. It defines the LR as “the ratio of two conditional probabilities, each calculated under one of two mutually exclusive propositions,” and sets out why this form of expression is both logically necessary and practically useful in legal proceedings.
A companion volume, Practitioner Guide No. 4 — Case Assessment and Interpretation of Expert Evidence, further characterizes likelihood ratios as “a strictly rational and mathematically validated mechanism for quantifying evidential weight or probative value.” Together, these guides represent the authoritative standard against which UK courts measure the adequacy of probabilistic expert testimony.
UK courts have also conditioned LR use. In R v T [2010] EWCA Crim 2439, the Court of Appeal ruled that LR should not be applied to footwear mark evidence where no sufficiently reliable statistical database existed to underpin the calculation. The judgment preferred non-numerical expressions of evidential weight in such cases rather than an LR unsupported by firm data. The ruling did not reject LR as a framework; it required that any LR be grounded in robust empirical evidence. Subsequent UK forensic guidance has elaborated on when that condition is met. This requirement, stated independently in US reports and international guidance, is the consistent worldwide condition for LR acceptance.
USA
In United States federal courts, expert evidence is subject to Federal Rule of Evidence 702 and the Daubert standard, which require that testimony rest on sufficient facts or data, employ reliable principles and methods, and apply those methods reliably to the case at hand. US acceptance of LR is well-established in DNA profiling, where SWGDAM (the Scientific Working Group for DNA Analysis Methods) has recommended LR for consistent reporting. Outside DNA, the picture is more contested.
The National Academy of Sciences (2009) and the President’s Council of Advisors on Science and Technology (PCAST, 2016) both found that many non-DNA forensic disciplines lack the empirical validation required to support probabilistic claims. In fingerprints, toolmarks, and similar pattern-evidence fields, US laboratories predominantly use categorical conclusions (identified / excluded / inconclusive) rather than LR, because the statistical basis has not been established to the satisfaction of those reviews.
Federal Rule of Evidence 401 defines relevant evidence as that which makes any fact of consequence more or less probable than it would be without the evidence. The foundational role of probability estimates was stated plainly in an early and influential federal DNA admissibility ruling:
The LR framework has also attracted a principled challenge from within the US scientific community. Lund and Iyer (2017) of NIST argued that LR is valid for personal Bayesian decision-making but problematic as a courtroom communication mechanism: an LR conveys how to update beliefs only relative to a prior probability of guilt that varies per juror. Presenting an LR as if it transfers information cleanly to the fact-finder risks injecting the expert’s implicit assumptions into the verdict.
The Federal Judicial Center’s Reference Manual on Scientific Evidence (3rd ed., 2011) remains the standard judicial reference for probabilistic methods, discussing likelihood ratios, posterior probabilities, and Bayesian reasoning as valid tools for expert opinion in hard sciences, and is routinely consulted in Daubert hearings.
Case Study
In one intellectual property matter, I identified software artifacts that, when analyzed in combination, produced a probability of independent coincidence smaller than one in 1020, a number that exceeds the estimated count of grains of sand on Earth by several orders of magnitude and approaches the estimated number of stars in the observable universe.
Several independent anomalies were isolated, each improbable on its own. Their joint probability of arising independently in two separate codebases produced the improbable value previously mentioned. The development history supplied a second, independent line of evidence: it showed precisely when each artifact appeared and who introduced it.
In the same matter, I provided technical support during the deposition of the opposing party’s expert. As the expert gave testimony, I assessed the plausibility of the claims being made and provided written guidance to the attorney in real time, often within seconds of a claim being uttered. The ability to compute rapidly, in a live proceeding, whether a probabilistic assertion is consistent with the underlying data is a different skill from writing the primary report. It changes how the deposition proceeds and what questions get asked.
Summary
Software forensics can reach conclusions that are, in practical terms, more certain than the probabilistic framing suggests. When development history is available and rare artifacts can be isolated, the combination of an auditable record and statistically improbable evidence produces opinions that hold up under cross-examination in any forum.
The jurisdictions above show that courts in most major legal systems are familiar with the likelihood ratio and have developed expectations about how it should be presented and challenged. When the analysis calls for LR, courts know how to evaluate it. When the available evidence permits a more direct determination, whether from mathematical probability across a countable artifact space or from a development history that answers the question directly, the same methodological rigor that courts expect from LR applies equally. Understanding what a jurisdiction expects and being able to explain how the analysis relates to those expectations is what makes expert opinion useful across forums.
Analyzing evidence for unlikely contents can yield important information that may be the basis for an expert opinion. When development history is also available, origin and intent can be addressed with an auditable specificity that probabilistic analysis alone does not provide. Since correlation does not imply causation, probabilities must be combined with other factors to have meaning.
My practice spans intellectual property, patent, and market knowledge disputes. The jurisdiction varies; the approach adapts. If you are evaluating expert witness options for a dispute arising anywhere in the world, let me know.
