 |
Wietse Venema research staff member, Global Security Analysis Lab (GSAL) "Doing the research for the book was very much like trying to untangle a mystery." |
On the book: Forensic Discovery (2004)
What made you decide to write a book on this topic?
A few years ago a friend's computer was thrashed by an intruder who deleted many of her files, plus of course all traces of the intrusion
itself. At the time, there was a lack of forensic tools, so we wrote our own. With the paint on the tools still wet, we solved the mystery, and recovered many of our friend's files. In the process we also debunked some myths that said what we did was impossible. We made our tools available as "the Coroner's Toolkit" so that other people could use them and improve upon them, taught a class on Computer Forensics, wrote a series of articles, completed the book, and now we're working on completely different things.
How did you go about the research necessary to write such a book?
Today's computer systems are complex enough that even people intimate with their details can't accurately predict their exact behavior. So instead we discover general principles by observing how systems behave and then try to understand that behavior in terms of how the systems are built. For example, we did some measurements on how long information persists in memory or in file systems, and how that information is destroyed over time. These processes are not immediately obvious just by reading the source code for the operating system, but knowing what makes computers tick helps to understand why things happen. While making our observations we always had to be prepared for the unexpected. Doing the research for the book was very much like trying to untangle a mystery.
 |
What are the greatest challenges to you as an author?
The biggest challenge was developing original material. There are other books on the same topic, but few are a source of original technical work. I am not worried that our book will be outdated soon, because it is not a step-by-step cookbook. Instead, we focus on more general principles such as: what kind of information can be found on a computer, why can it be found where it is found, and how trustworthy is that information, considering that the machine may have been under control of an intruder. Many of these principles have been valid for some 30 years, and they are likely to be valid for another 10 years to come.
What inspires and encourages you to write?
Information sharing. Writing a book is one way to share information. I've spent a lot of my life sharing information by releasing software as open source. I already mentioned the Coroner's Toolkit; another example is the Postfix mail system that was originally released as the IBM Secure Mailer. This release was announced with an article in the New York Times. It got the attention of IBM's top management, and accelerated the adoption of IBM's open source strategy. The "older documents" section at http://www.postfix.org/press.html captures some of this exciting history.
What advice do you have for aspiring authors?
It takes a lot of persistence :-) I found that finishing a book was not very different from finishing a piece of software for release, or even from a one-time musical performance. There are of course differences in the details of these processes. My experience with the book publisher was very good; the changes they made were definitely improvements, and I am very pleased with the result.
Who are some of your favorite authors today?
Many of my favorite books are small, such as Brook's Mythical Man-Month and Bentley's Programming Pearls. These were written years ago but still inspire me by what they write and by the way they are written. More recent favorites are books by Richard Stevens. He died a few years ago, but fortunately his work is still being updated. My non-book, non-technical sources of inspiration are music of all kinds, as long as it is played by competent musicians, and travel; many people don't have the means to attend conferences in the USA or Europe, so I come to conferences in Asia, South America and in other parts of the world to talk about my work. This is also very rewarding.
What role did books play in your childhood?
Very important. I learned to read and write long before I went to school, and I must have read everything that I could lay my hands on; there was no distraction from TV because only few people could afford one at the time. This is a long time ago, and I do not remember details of what I read. The closest experience that I had like this was when I switched from physics to computer science, and spent a few months reading everything that I could lay my hands on.