Computer Forensics and Privacy
by Michael Caloyannides
Artech House 2001
392 pages. Index, two appendices, glossary, chapter bibliographies.
Hardcover. ISBN 1-58053-283-7
Reviewed by Robert Bruen March 15, 2002
Privacy is near and dear to my heart, so I was intrigued by this book's title. Computer forensics is becoming commonplace within criminal investigations and as a tool within organizations, for many reasons that will not end up involving law enforcement. Much of our lives is stored on computers somewhere, often not under our control. The time has come for everyone to understand what that means to each of us and our privacy. The stored information is not only in purposeful databases, but it is unexpected places.
The author has done a superb job going into significant detail for a large number of topics. There are explanations of the slack space in Windows disks, the swap file, free space and other such places where random data winds up. These are places where you have little control over what gets written, therefore may provide a wealth of useful information the forensic examiner and maybe will cause problems for you.
Windows likes to write to disks in cluster units. A cluster is group of sectors on a disk with different sizes depending a number a factors. If your file only fills up a half a cluster, then it will use whatever is handy to fill up the remaining space. This could be passwords or worse. Worse for you, but great for the investigator. The swap file has a similar problem, although what gets written there was supposed to be written there. It is just that is does not get erased, so whatever was there last is still there.
The registry in Windows is another place the forensic examiner will want to look through carefully. If you would like to protect yourself, then you might want to get there first. The Windows Media Player problem has an entry that you should fix. Caloyannide's instructions for dealing with the registry are clear and concise, making it is easy for the reader to take care of it.
Swinging from the technical aspects, the book goes into legal issues related to online privacy ranging from banking to the Digital Millennium Copyright Act and the laws governing evidence gathering. The author is obviously well versed in the privacy and technology game. In fact, this book works very well for someone who is simply interested in security. The author brings together very nicely the worlds of security and privacy in the field of computer forensics.
I gladly recommend this title as a book that brings to light the hidden world of bits on a disk. It is technical in nature, but written well enough to be understood.