UKUUG home


(the UK's Unix & Open Systems User Group)






Book Discounts

Other Discounts

Mailing lists






Internet Forensics

Robert Jones
Published by O'Reilly Media
238 pages
£ 28.50
Published: November 22, 2005
reviewed by Gavin Inglis
   in the June 2006 issue (pdf), (html)

The computing world has needed a book like this for some time. Using crime scene forensics as a model, Robert Jones demystifies and explains the hidden information available online that anybody can use to protect themselves against -- and perhaps track down -- scammers, spammers, and other forms of cyber-scumbag.

No prior knowledge is assumed. Jones begins by illustrating how IP numbers work, then domain names, then ways to divert DNS requests. The more experienced reader will be tempted to skip forward, but this would be a mistake; at each point there are little nuggets of information which the average web professional may simply not be aware of. The text strikes exactly the right balance, with sufficient information to explain each concept, but very little padding.

The topics one might expect are all included: email headers and attachments, URL manipulation, vulnerabilities in web sites, HTTP headers and information leaked by web browsers. Diagnostic tools such as dig, whois and traceroute are demonstrated. Perhaps more importantly, substantial space is given over to interpreting their output.

Cleverly, the example scams, viruses and spams are all real, drawn from the author's own experience. He explains his thinking and reasoning in a straightforward and involving way that Gil Grissom could learn from.

This of course makes for some fascinating detail along the way. There's the jaw-dropping hole in eBay security that offered phishers a custom-made redirect to send to their victims. There's the classified PDF document from the US military about insurgent attacks in Iraq that was declassified by a bored Italian using cut and paste. And there's the wonderful idea that spam could be used to send coded messages between spies or criminals in much the same way that they used to use classified advertisements in the newspaper.

While the technology described is platform-independent, it becomes quickly clear that a UNIX-based machine is the best choice for applying the techniques explained by the book. Examining virus payloads on Windows is rather perilous. The new tools included with the book are written in Perl.

Jones's motivation is interesting. There is an early reference to open source developers as the ``stewards and guardians'' of the Internet versus those who have turned to more opaque platforms. During the closing chapter on what is being done to fight cyber crime, he expresses the hope that he might help to create a kind of ``network Neighbourhood Watch'' to make life difficult for the casual cybercrime. Sensibly, he advocates leaving the investigation of child pornography and extremist sites to the professionals.

``Internet Forensics'' compiles a lot of information that has typically been available only by word of mouth or bitter experience. The average user will find themselves able to apply its techniques, and even if they choose not to, they will gain a deep understanding of how the Internet works. The book's clear style and firm grounding in reality make it an excellent read.

Back to reviews list

Tel: 01763 273 475
Fax: 01763 273 255
Web: Webmaster
Queries: Ask Here
Join UKUUG Today!

UKUUG Secretariat
More information

Page last modified 02 Apr 2007
Copyright © 1995-2011 UKUUG Ltd.