BKINTFOR.RVW 20051209 "Internet Forensics", Robert Jones, 2006, 0-596-10006-X, U$39.95/C$55.95 %A Robert Jones www.craic.com %C 103 Morris Street, Suite A, Sebastopol, CA 95472 %D 2006 %G 0-596-10006-X %I O'Reilly & Associates, Inc. %O U$39.95/C$55.95 800-998-9938 fax: 707-829-0104 nuts@ora.com %O http://www.amazon.com/exec/obidos/ASIN/059610006X/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/059610006X/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/059610006X/robsladesin03-20 %O Audience i Tech 2 Writing 1 (see revfaq.htm for explanation) %P 223 p. %T "Internet Forensics" The preface states that the intended audience for the book consists of security professionals, as well as developers and system administrators. A basic familiarity with email and Web clients is assumed, and the ability to program in Perl is recommended, although not necessary. Chapter one notes that there are bad things and people on the Internet. The domain and IP address structures, and the tools associated with researching the information related to them, is discussed in chapter two. Email headers are described in chapter three, primarily with a view to catching spammers. Chapter four notes various means of representing (and obfuscating) Web addresses. The information that can be obtained from Web pages is in chapter five, while data that can be obtained from Web servers is in six. Chapter seven outlines the information that your browser gives about you, and mentions ways to protect your privacy in that regard. The existence of metadata and commented material in Microsoft Word and Adobe PDF files is presented in chapter eight, although this usually relates more to computer forensics than the network kind. Chapter nine appears to deal with the checking and confirmation of personal information. An overview of ways to search for and create signatures and patterns is given in chapter ten, but the purpose of the activity is not clear. Two case studies of network investigations are presented in chapter eleven, one of a phishing scam, and the other of a spambotnet. Chapter twelve finishes off the book with a look at various groups investigating different kinds of net crimes. The field of network forensics is not well covered yet. Therefore, I may be guilty of expecting too much of an early work. Much of the material presented in this book is simplistic. Still, the average Internet user may find the content helpful in terms of tracing spammers and checking for information about possibly hostile Web sites. copyright Robert M. Slade, 2005 BKINTFOR.RVW 20051209