BKCMFRPR.RVW 20020604 "Computer Forensics and Privacy", Michael A. Caloyannides, 2001, 1-58053-283-7, U$79.00 %A Michael A. Caloyannides micky@ieee.org %C 685 Canton St., Norwood, MA 02062 %D 2001 %G 1-58053-283-7 %I Artech House/Horizon %O U$79.00 800-225-9977 fax: 617-769-6334 artech@artech-house.com %O http://www.amazon.com/exec/obidos/ASIN/1580532837/robsladesinterne %P 392 p. %T "Computer Forensics and Privacy" This book occupies a unique place in the literature of computer forensics. Most works in the field, such as Kruse and Heiser's "Computer Forensics" (cf. BKCMPFRN.RVW), concentrate on documentation of the investigation with a view to presentation in court. The actual mechanics of data recovery tend to be left to commercial tools. Caloyannides demonstrates how to delve into corners of the computer in order to actually get the data out. At the same time, this work is inconsistent, on at least two levels. The perspective flips back and forth between forensics and privacy, alternately emphasizing how to find evidence, and how to hide evidence. The technology involved is the same, but the shifts in viewpoint can be jarring to the reader. At the same time, the depth of technical detail can vary wildly. At one point the book stops shy of telling you how to undelete files with a sector editor (an activity that could be useful to every computer user), while other sections list lengthy and extraordinary measures to secure personal computers. Part one concentrates on the data recovery aspect of computer forensics. Chapter one is entitled an introduction, but seems to be more of an editorial on privacy, with the added statement that the book is intended both for law enforcement personnel needing details of computer forensic techniques and those wishing to preserve the privacy of data. The use of, and factors related to the use of, computer forensics is supported by specific cases (rather than vague suppositions) in chapter two. One has to agree with the author's statement, in chapter three, that "computer forensics can be done-- and, sadly, is often done--by persons with a minimal amount of either education or experience." Therefore it is unfortunate that the forensic tools list and book structure are both difficult at this point, although there is good material and writing, and Caloyannides is not afraid to tackle the social and political aspects of the field. Chapter four outlines various places (primarily in Windows) from which data may be recovered. It is an odd mix of little known and very valuable information, and extremely poor explanations of basic functions like manual undeletion and file overwriting. A strange and terse look at steganography, US and UK surveillance systems, cryptography, and anonymity makes up chapter five. Data acquisition, from sources such as key logging and Van Eck radiation, is reviewed in chapter six. Chapter seven debunks a short list of measures falsely believed to provide privacy protection. Part two turns to privacy and security. Chapter eight is a discussion of legal and commercial protections of privacy (mostly in the US) and their failings. Installing and configuring a privacy protected configuration of Windows is covered in chapter nine, in considerable detail. Chapter ten's review of basic online privacy is heavy on additional software packages. Intermediate online privacy, in chapter eleven, looks at browser and email configurations, more packages, and has a section on tracing email that would be helpful in dealing with spam. (An unfortunate typesetting error seems to have deleted what might have been valuable information about PGP [Pretty Good Privacy].) Chapter twelve is more advanced, dealing with anonymizing services and personal firewalls, but may be beyond the average user. A general opinion piece on cryptography, chapter thirteen nevertheless provides a good, basic background, albeit with a social and political emphasis. Chapter fourteen looks at more practical encryption, detailing PGP and specialized cryptographic programs, with a detour into biometrics. Part three is a brief look at legal and other issues. Chapter fifteen is a brief look at laws, mostly in the US. Chapter sixteen touches on security aspects of VoIP (Voice over Internet Protocol) and GSM (Global System for Mobility) wireless services. Despite the ragged organization and style, and some glaring gaps in coverage, this book does contain a wealth of information for both the computer forensic examiner, and the user concerned with privacy. For anyone beyond the most basic user it is well worth a read. copyright Robert M. Slade, 2002 BKCMFRPR.RVW 20020604