REVIEW: "Computer Forensics and Privacy", Michael A. Caloyannides
- BKCMFRPR.RVW 20020604
"Computer Forensics and Privacy", Michael A. Caloyannides, 2001,
%A Michael A. Caloyannides micky@...
%C 685 Canton St., Norwood, MA 02062
%I Artech House/Horizon
%O U$79.00 800-225-9977 fax: 617-769-6334 artech@...
%P 392 p.
%T "Computer Forensics and Privacy"
This book occupies a unique place in the literature of computer
forensics. Most works in the field, such as Kruse and Heiser's
"Computer Forensics" (cf. BKCMPFRN.RVW), concentrate on documentation
of the investigation with a view to presentation in court. The actual
mechanics of data recovery tend to be left to commercial tools.
Caloyannides demonstrates how to delve into corners of the computer in
order to actually get the data out.
At the same time, this work is inconsistent, on at least two levels.
The perspective flips back and forth between forensics and privacy,
alternately emphasizing how to find evidence, and how to hide
evidence. The technology involved is the same, but the shifts in
viewpoint can be jarring to the reader. At the same time, the depth
of technical detail can vary wildly. At one point the book stops shy
of telling you how to undelete files with a sector editor (an activity
that could be useful to every computer user), while other sections
list lengthy and extraordinary measures to secure personal computers.
Part one concentrates on the data recovery aspect of computer
forensics. Chapter one is entitled an introduction, but seems to be
more of an editorial on privacy, with the added statement that the
book is intended both for law enforcement personnel needing details of
computer forensic techniques and those wishing to preserve the privacy
of data. The use of, and factors related to the use of, computer
forensics is supported by specific cases (rather than vague
suppositions) in chapter two. One has to agree with the author's
statement, in chapter three, that "computer forensics can be done--
and, sadly, is often done--by persons with a minimal amount of either
education or experience." Therefore it is unfortunate that the
forensic tools list and book structure are both difficult at this
point, although there is good material and writing, and Caloyannides
is not afraid to tackle the social and political aspects of the field.
Chapter four outlines various places (primarily in Windows) from which
data may be recovered. It is an odd mix of little known and very
valuable information, and extremely poor explanations of basic
functions like manual undeletion and file overwriting. A strange and
terse look at steganography, US and UK surveillance systems,
cryptography, and anonymity makes up chapter five. Data acquisition,
from sources such as key logging and Van Eck radiation, is reviewed in
chapter six. Chapter seven debunks a short list of measures falsely
believed to provide privacy protection.
Part two turns to privacy and security. Chapter eight is a discussion
of legal and commercial protections of privacy (mostly in the US) and
their failings. Installing and configuring a privacy protected
configuration of Windows is covered in chapter nine, in considerable
detail. Chapter ten's review of basic online privacy is heavy on
additional software packages. Intermediate online privacy, in chapter
eleven, looks at browser and email configurations, more packages, and
has a section on tracing email that would be helpful in dealing with
spam. (An unfortunate typesetting error seems to have deleted what
might have been valuable information about PGP [Pretty Good Privacy].)
Chapter twelve is more advanced, dealing with anonymizing services and
personal firewalls, but may be beyond the average user. A general
opinion piece on cryptography, chapter thirteen nevertheless provides
a good, basic background, albeit with a social and political emphasis.
Chapter fourteen looks at more practical encryption, detailing PGP and
specialized cryptographic programs, with a detour into biometrics.
Part three is a brief look at legal and other issues. Chapter fifteen
is a brief look at laws, mostly in the US. Chapter sixteen touches on
security aspects of VoIP (Voice over Internet Protocol) and GSM
(Global System for Mobility) wireless services.
Despite the ragged organization and style, and some glaring gaps in
coverage, this book does contain a wealth of information for both the
computer forensic examiner, and the user concerned with privacy. For
anyone beyond the most basic user it is well worth a read.
copyright Robert M. Slade, 2002 BKCMFRPR.RVW 20020604
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... rslade@... slade@... p1@...
Don't worry about people stealing an idea. If it's original, you
will have to ram it down their throats. - Howard Aiken
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade