Computer forensics job

wrfortiscue

I was thinking at one point of doing computer forensics. I have no relevant exp and I live in Austin. Working helpdesk for four years, and thinking of jumping to WGU masters in security but not sure yet. How would I go about to getting in this field?

dmoore44

Who do you work for now? Do they have a security or forensics team, in your area, you could shadow and perhaps join as a junior analyst?

If not, check out meetup.com for various infosec related groups and start attending and growing your network. After you're established a bit, maybe you can start to give lightening talks about security related topics that interest you. To help build up practical skills, build yourself a forensics lab and start working with the SANS SIFT distro; grab some old hard drives you've got laying around and start trying to recover data from them (your adventures would make good fodder for aforementioned lightening talks).

tedjames

Hello, my fellow Austinite! Udemy.com hosts several inexpensive courses in various types of forensics: https://www.udemy.com/courses/search/?ref=home&src=ukw&q=forensics&lang=en

https://www.cybrary.it/ also has some free forensics-related training.

beads

Forensics is the one weird discipline of Security in that its functionally one of apprenticeship, you have to be taught by another forensics examiner to be recognized by a court as an "forensics expert". The easiest way to accomplish this is to take the entry level Windows forensics class with SANS. If you enjoy forensics after that you will need to understand scripting, some development and programming as well as looking to get enough experience with both EnCase and FTK in order to certify in one or both products. But I like them both but for different reasons which isn't uncommon for the industry.

Taking or retaking a really good course on technical writing will also benefit you if you weren't a English major. Forensics examiners tend to spend more time tracking information and writing reports than the forensics itself.

You will also find that forensics is about as an expensive hobby as you would ever imagine. So I suggest you wade in and take a deep look around before truly committing yourself. A fully functioning lab could easily run you $20,000 without training. I am talking a couple of kits, various dongles, encryption breaking software and a Tableau accelerator.

This is a pretty good write up though I disagree a bit with the private label comments (ACE or FTK and EnCase). This may be due to regional differences but everyone knows EnCase as the gold standard. I like FTK because of certain features at times but use both and Autopsy. Depends on the client and the type of case at hand.

http://www.tomsitpro.com/articles/computer-forensics-certifications,2-650.html

- b/eads

wrfortiscue

thanks for the replies. Maybe I won't go into it, I don't know. I'm still lost career wise. I want to do something that I know the vast majority isn't doing either, and I know everyone does security lol. I just don't know what to invest in.

beads

@wrfortiscue;

Oh don't let me scare you off by any means. I just don't want to scare you with the sticker shock, thats all. I do forensics but generally connected to client work. Computers and phone compromises or something really wacky happens I have the lab to jump in and take care of it. People do **** things like loose the password to a major presentation to the board or loose the quarterly financials on a USB. I'm cool with all that but I'm going to charge you a steep rate to recover it as well. Call it a "convenience fee".

Also keep in mind that the tools and lab portion of this is going to be provided by your employer. In my case I am the employer but I do use my lab often enough to make it worthwhile.

Read up. Take a look. Forensics may indeed be for you.

- b/eads

wrfortiscue

beads wrote: »

@wrfortiscue;

Oh don't let me scare you off by any means. I just don't want to scare you with the sticker shock, thats all. I do forensics but generally connected to client work. Computers and phone compromises or something really wacky happens I have the lab to jump in and take care of it. People do **** things like loose the password to a major presentation to the board or loose the quarterly financials on a USB. I'm cool with all that but I'm going to charge you a steep rate to recover it as well. Call it a "convenience fee".

Also keep in mind that the tools and lab portion of this is going to be provided by your employer. In my case I am the employer but I do use my lab often enough to make it worthwhile.

Read up. Take a look. Forensics may indeed be for you.

- b/eads

Thanks I appreciate your insight.

the_Grinch

beads wrote: »

@wrfortiscue;

Oh don't let me scare you off by any means. I just don't want to scare you with the sticker shock, thats all. I do forensics but generally connected to client work. Computers and phone compromises or something really wacky happens I have the lab to jump in and take care of it. People do **** things like loose the password to a major presentation to the board or loose the quarterly financials on a USB. I'm cool with all that but I'm going to charge you a steep rate to recover it as well. Call it a "convenience fee".

Also keep in mind that the tools and lab portion of this is going to be provided by your employer. In my case I am the employer but I do use my lab often enough to make it worthwhile.

Read up. Take a look. Forensics may indeed be for you.

- b/eads

Definitely some good to know info!