Todayâs Internet is riddled with spammers, con artists, and identity thieves. Everywhere you turn are web sites selling fake Viagra, touting get-rich-quick schemes, or trying to trick you out of your credit card number.
You and I may see through all the scams, but plenty of people do not. More than a nuisance, these are real crimes that target the vulnerable members of society such as the elderly and the naïveâpeople like your parents and grandparents.
Conventional wisdom says that you can never track down the people behind the scams, and that the Internet is so large and so unregulated that it is easy for someone to hide their identity. But thatâs not true. In every spam message, phishing email, or web page, there are all sorts of clues that reveal something about the author. The Internet address of a server and the layout of files on a web site are the online equivalents of a fingerprint on a door handle or a tire track in the mud.
None of these details, by themselves, tell you a great deal. But when viewed as a whole, and, especially, when compared between cases, clear patterns and connections become apparent. As in real criminal investigations, the unlikeliest piece of evidence can turn out to be the most important.
Internet Forensics shows you how to find the clues left behind at an Internet crime scene. You will learn how to uncover information that lies hidden in every email message, web page, and web server on the Internet. You will gain an understanding of how the Internet functionsâwhat really goes on when you request a web page, for example. You will see how the bad guys take advantage of these protocols and the lengths that they go to in order to hide their tracks.
My own interest in this field has been motivated by several factors. First is the daily frustration of dealing with spam, viruses, and all sorts of scams. With it is the growing unease that our Internet is being taken away from us by these abusers and that, unless we band together and do something about it, the problem is going to get much worse. Collectively, by making it more difficult for them to operate in secrecy, we can push back against the bad guys and take back the network.
In looking into this sort of scam, you are forced to learn more about the way the Internet and its core protocols function. You see where their shortcomings lie and you start to think of ways they could be made better. It is a great way to learn a lot about Internet technologies without having to become an expert in the details of any one of them.
Last, but not least, is the fun to be had from playing amateur detective and solving Internet mysteries. At every stage of the game you are challenged to uncover information hidden in email message headers or web transactions. What appear to be minor details can become significant when combined with clues revealed by another technique. A passing observation in one study may link it into a much larger network of scams.
Murder mysteries and forensics crime dramas in books and on television are popular for a good reason. People like the challenge of finding clues, putting them together, and solving the puzzle. I think this is particularly true among those of us in the software development community. Alongside the more noble motivations, I hope that you will enjoy the challenge of Internet forensics in its own right.
I have written this book with two types of reader in mind. The first are those of you with a professional interest in computer security. The traditional focus of this field has been on preventing attacks on private machines and networks from people and viruses, and using computer forensics to reveal their activities.
But todayâs threats require that we go beyond this localized, internal focus and look outward to the Internet. Some of the viruses we see are used to set up email relay servers that are used by international spam operations. Computers are attacked, hijacked, and used to host fake bank web sites that are used for identity theft. Those of you who are computer security professionals will learn the core techniques you need in order to address this evolving type of threat.
The larger, less defined, audience consists of software developers and systems administrators who take a broad interest in the Internet and how it works. Many of us feel a deep frustration with the epidemics of spam, phishing, and viruses and want to fight back against it in some way. The book will show you how the bad guys are able to abuse the technology of the Internet. It will show you how to uncover information about their operations and, in doing so, make their lives a lot more difficult.
To get the most out of this book, it helps to have a working knowledge of Unix and some experience with Perl. But that is not an absolute requirement. If you can use a web browser and an email client, then you can follow along with most of the material in the book. You already have the most important thing you need: an inquisitive mind.
I have tried to avoid complex software as far as possible. Most of the tools come standard with recent versions of Linux and those that donât are easily downloaded and installed. I have included Perl scripts throughout the book where these can help automate common tasks or help display information more concisely, and I have made a conscious effort to keep these scripts short and simple. My hope is that they are easy to understand and can serve as starting points for your own scripts.
Get Internet Forensics now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
