Internet Forensics Using Digital Evidence to Solve Computer Crime

By Robert Jones First Edition October 2005 Series: Security ISBN: 0-596-100006-X http://www.oreilly.com/catalog/internetforensics/index.html 238 pages, $39.95 US, $55.95 CA, \xA328.50 UK

I picked up this book with the slight hesitance I have with almost all technical books. Sure the title looks interesting and back cover actually makes the book sound exciting, but is it really? Could it actually be interesting and will it want to make me keep reading, instead of having to force myself to read on? Believe it or not the first page of the preface had me hooked, this book is actually going to teach my how to track down Internet scammers, instead of just talk about the methods they use? This looks promising, I\x92m eager to read on.

The expected skill level for this book is relatively low; the author starts out with a thorough explanation of the skills needed throughout the rest of the book. Now don\x92t get me wrong this isn\x92t a book I would give to my grandmother however I would give it to anyone who is familiar with a command line and knows what a script is.

By the time a reached the third chapter, which was still in my first sitting, I was scolding myself for the countless thousands of Spam messages I had deleted in the past. I had no idea the vast amount of information they held. Sure I knew there was a bunch of data in the headers but I never knew how to decipher it. For the first week I was reading this book every time I opened my mail client the first thing I did was check my Spam folder to see what new scams it contained. This book contains a vast number of perl scripts for performing almost every method discussed. These were a huge benefit because they gave me the ability to immediately begin researching the Spam and Scams that I had received. The biggest disappointment I had with the book was that I didn\x92t have enough data to see great results from some of the more complex scripts. The author was running these scripts on a folder of 30,000 spam messages, while I only had about 1,000. This didn\x92t prevent the scripts from working; it just caused some of my results to not be as obvious.

Using the skills taught in the book you can identify a specific scam and perform a complete investigation on it, including finding other similar Spam messages, finding other scams being carried out by the same individual or group, and find out a great deal of information about their servers and ISP\x92s. The book concludes with two case studies taking all of the small bits of information and rolling them into a complete profile of a scam, which has all of the necessary information to turn it over to law enforcement for possible criminal charges.

This book is probably one of the best computer books I have ever read. It has dramatically increased my interest in computer security and forensics. This book is definitely a must read for anyone with an interest in security or forensics, and is still a good read for those who are not. I will never look at a piece of Spam the same way again!

Nick Travis 1/24/06

-- NickTravis - 24 Jan 2006