Forensics training

636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
Yes, I know there's a 3-year old sticky with 10 pages of random musings that I don't feel like reading all through.

SANS training was cut from our budget, but I'm still in need of sending a guy or two to some forensics training course for our IR program. At our current IR standpoint, I'll take any class with any type of focus, be it Windows, memory, network, disk, etc.

Any thoughts as to what's out there and worth doing? Please don't mention EC-Council, I lean towards the "yuck" side unless you can provide a compelling reason otherwise.

Thanks!

Comments

  • supasecuritybrosupasecuritybro Member Posts: 206 ■■■■□□□□□□
    Was it a cost thing? What is the limit?
    Completed: CISSP, GPEN, GWAPT, CCSA R80, eJPT, CySA+, M.S. Information Security
    Current Goal: CCSE
    Continuous Education Plan:​ AWS-SAA, OSCP, CISM
    Book/CBT/Study Material:​ Max Power
  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    Yes, cost was the issue. We had some SANS training approved, but we didn't get quite enough for everybody. Something that isn't $5k a person. Half that would probably work. It's weird here what gets approved and when and how mysteriously 6 months later a ton more money either opens up or gets pulled out of the budget...
  • BurnsieBurnsie Member Posts: 84 ■■□□□□□□□□
    Are you looking for training relating to a certifications (Like GCIH and the like) or are you just looking for forensic training in general? Do you use FTK, Encase, etc.?

    I've been told CCE is the baseline certification in forensics, so you could look into training your folks for that.

    https://www.isfce.com/training.htm

    Their website is horrific, but the certification is very reputable.

    B
  • mokazmokaz Member Posts: 172
    Burnsie wrote: »
    I've been told CCE is the baseline certification in forensics, so you could look into training your folks for that.

    https://www.isfce.com/training.htm

    Their website is horrific, but the certification is very reputable.

    B

    I think you're correct although the work experience needed to qualify for a CCE is quite huge if i'm correct.. Although if i'd be in the forensic field id go for this one yes..
  • EngRobEngRob Member Posts: 247 ■■■□□□□□□□
    You could have everyone try for the SANS work study programs. It would then only run $900 for the course + expenses, although I recall 408 has around a $200 extra optional charge for the write-block hardware.
  • BurnsieBurnsie Member Posts: 84 ■■□□□□□□□□
    mokaz wrote: »
    I think you're correct although the work experience needed to qualify for a CCE is quite huge if i'm correct.. Although if i'd be in the forensic field id go for this one yes..

    As far as I can tell, there is no requirement for work experience if you are doing the instructor led bootcamp or the self paced study option. If you challenge the exam without either, you need to prove 18 months of professional experience. So, it's not bad compared to other certifications. And having some experience is probably a good idea. If you don't know how to read HEX, offsets, and the basics of forensics, you're going to have trouble with any forensics bootcamp because they are going to glaze over that stuff on day 1 and assume you grasped the topics.

    B

    Edit: I took a bootcamp equivalent class at UMUC, CMIT424. While the instructor was a jerk and useless, the class did teach us alot. I can honestly say that I only completed it through the help of my fellow classmates. That class devolved into a large group project because of how poorly the labs were designed and the MIA instructor.
Sign In or Register to comment.