This particular book was recommended by a fellow traveller with morbid interests. Being available in hardback dead cheap on Amazon, I half expected this to be in the same league as one of those untaxing thriller-type novels, but it’s actually a very well-written autobiography of Dr. Neil Barrett, who may have founded digital forensics as practiced today (in the United Kingdom, at least).
Barrett is a former hacker who turned his hand to security and forensics, and went on to become the main investigator in the Gary Glitter case, and from there an authoritive source on computer-related crime who helped write the ACPO Good Practice Guide for digital forensics. He was also involved in teaching the MSc security/forensics course at the University of Glamorgan a couple of years later, which several of my associates were studying at the time.
With that bio aside, what’s the book like? As the title suggests, it’s about crime. A range of crimes where the collection and investigation of digital evidence was vital – murder, fraud, child pornography, sociopathic sysadmins, cracking and so forth. There are even case studies where computers were auxiliary to a crime, such as armed robbery. Digital forensics is the main subject of the book, but it also covers OSINT, penetration testing, text analysis and attribution, etc. etc.
One of the highlights of the book is how Barrett explained/described the general methodology and characteristics of the skilled hacker, in a way that’s detailed but easy for anyone to follow, and still very interesting for those already familiar with this territory. The stages of network penetration were strung together into a smooth narrative.
The Gary Glitter Affair
A whole chapter is dedicated to the Gary Glitter case, which, to my recollection, was the first widely-publicised example of computer-based child pornography to make the news. It happened at a time when computer forensics was in its very early stages, when we’d expect the matter to be treated as cut and dried. It’s here that Barrett takes us through his investigative process.
What came as a surprise, given this was still in the 1990s, was the degree of skill and the lengths he went to in building a watertight case; something that was to become essential in today’s world of unsecured WiFi points, broadband, online commerce and the ‘Trojan Defence’. This was before digital forensics was a science in itself, and when expert witnesses were drawn from a wider pool of IT professionals.
The book ends with some predictions about the future of Internet-related crime and digital forensics. How did things turn out after?
Surprisingly little has changed. Most the attention is given to copyright protection, ‘intellectual property’, big businesses and the catch-all term ‘critical infrastructure’. Far less is given to something that affects the everyday Joe Average – identity theft, which has become a common factor in numerous Internet-related crimes. It’s almost always one of several preliminary stages before the actual crime, and so the costs aren’t always financial, Operation Ore being a classic example. We still have a long way to go in understanding the problem, judging by the disconnect between the government, many security professionals, privacy campaigners and those who studied computer-related crime in depth.