eXtensions: Internet Forensics

eXtensions

Down and dirty with the Internet and Unix: Book reviews

By Graham K. Rogers

Jones, Robert. Internet Forensics. O'Reilly; Sebastopol, CA. US$39.95. ISBN 0-596-10006-X

Robbins, Arnold. Unix in a Nutshell. O'Reilly; Sebastopol, CA. US$34.95. ISBN 0-596-10029-9

Many of us have problems with e-mail and what it may contain. I regularly find spam in my mailbox, as well as other unwelcome messages. Some mail contains suspect attachments. There is also "phishing": mails that insist I contact a spoof site, with threats that failure to do so will see privileges lost or suspended.

Internet Forensics I dig around in some messages (attachments and spam I dump): the companies whose logos we see never ask for information in this way. The real URLs are hidden in the message text. Sites may be in countries such as Italy, or Barbados: I found one hidden in a directory of a Ministry in Thailand (with a redirect to the Ukraine).

Early public Internet use was tinged by a touch of the idealistic, but these days it is a jungle, red in tooth and claw, with several thousand "entrepreneurs" ready to devour our cash and take over our identities.

In Thailand we are familiar with the word "forensic" with its use by Khunying Phornthip Rojanasunant's team as a scientific methodology to find out what happened to a corpse. When in the police, I used the services of forensic scientists to find out causes of road accidents (metallurgy, for example).

Robert Jones has produced a handbook, in Internet Forensics, for those of us willing enough to track who is after us. In the simplest sense it might please us to discover that Citibank (a commonly used name in scams ), is not about to tear up our credit cards. The information may also be valuable if passed on to those responsible for catching the criminal involved.

There is much good advice about protecting one's online identity and how to discover the real content of a mail message (in OS X, View > Message). Much information within the pages looks at how the user is able to uncover what is being done, by whom, and to whom. The book, therefore, has a somewhat technical slant to it although this does not mean that the book is technicalese.

To borrow one of the headings, the discovery process is much about "patterns of activity" which is also valuable when dealing with plagiarism (also covered here). While highlighting a case in which a dossier prepared for Tony Blair in the run up to the Iraq war was found to be partly plagiarised, Jones also looks at simpler student plagiarism that can be revealed by careful use of Google, or by opening a Word file in a text editor.

This is a book that ought to be considered by any IT department or by those teaching the skills relevant to computers.

I was surprised to find that I had not already seen Arnold Robbins, Unix in a Nutshell, although the "Nutshell" series is known here. I have already looked at the Mac OS X and the Cocoa "Nutshell" editions (in May and October 2003 respectively), but I missed this exceptional work, now in its fourth edition, which spans Unix use, including GNU, Linux, OS X and Solaris.

Nutshell The book is in three major sections, with a brief references section to end. Part One, "Commands and Shells", with a 308 page chapter of the commands themselves (plus Java commands) as well as shell information. The second part examines text editing. There are extensive chapters on the various editors that are available (such as emacs, vi, vim and sed). This part ends with a chapter on the awk language, which leads into Part Three, covering software development.

Part three ends with "Writing manual pages": not what we imagine when using commercial software, but the pages that appear when we use "man" followed by the command we are seeking information on, for example "man cp".

For many who access this work, using Chapter Two will be one of the main resources. Each command is written in bold at the side (easy to see when we turn pages), with the command, plus any alternatives italicised alongside. A small editorial explanation includes operating system differences.

The command, "whoami" for example, tells us simply that it "Prints the username based on effective user ID." It then adds, "On Solaris this command is in usr/ucb. On GNU/Linux and Mac OS X, it's equivalent to id -un."

A command like "find" however, which we are informed is "An extremely useful command. . ." is followed by just over six pages on how to fine-tune its use.

This is not a learner's book (Learning the Unix Operating System by Peek et al would cover this) and familiarity with command line working is essential. Anyone who does work in Unix would admit that remembering all of the commands and, more, all the different input options, is a near impossibility. This is where a reference work of this nature is indispensable.

For further information, e-mail to Graham K. Rogers.

Back to eXtensions
To eXtensions: 2004-05
To eXtensions: Year Two
To eXtensions: Year One
To eXtensions: Book Reviews
Back to homepage