Computer Forensics - Sheriff Department

jamesleecoleman

Alright so Kent County Sheriff Department has like an auxiliary officer program, called Traffic Squad. Basically I need IT forensics experience and I have no idea where to start. I did take one class in university but that's it. I'm looking to see how I can build experience in doing this because Grand Rapids, MI doesn't really have anything. So that means I have to create my own experience, which I believe that would be difficult to do in this field.

Does anyone have any idea of what I could do to help gain experience?

shochan

Perhaps you can start a small business after you get some more knowledge - https://www.guidancesoftware.com/encase-forensic

Then after you are certified, you could hit up law firms or police depts in case they need any help with sort of forensic work.

Danielm7

Traffic Squad is their forensics role? Have you looked into the SANS courses? Not cheap but if one course is the difference between a job or not the ROI would be pretty high.

LordQarlyn

What shochan suggested may not be a bad idea, especially if you are passionate about computer forensics and have some aptitude for it. If I don't get on the path to CISO, then I will probably work as an independent consultant down the road myself.
Of course, getting the right certs would be a good start, whether you go freelance or work in law enforcement.
I found this in a quick search, it may be a little bit helpful.
Best Computer Forensics Certifications For 2017 - Tom's IT Pro

The certs that start with GC are GIAC certs and the certification exam and training are in the stratosphere, but the others should be relatively obtainable.
EnCase is the leading computer forensics tool, so if you can find a way to get hands on experience with it, that too will get you on a good start.
Also try to network if you can with others in the profession, they are much better qualified to help you get in this profession.

cyberguypr

That sounds hilarious. "Hey guys, secure the computer, all the evidence we need is there. Call the Traffic Squad right away so they can do forensics". I just hope they bring their whistles. LOL!

jamesleecoleman

Thanks for the responses. SANS is very expensive and I really do not have the money for them at the moment. I hope to be able to justify a raise for myself to get paid what I know I should be paid in order to be able to goto SANS training.


Traffic Squad is the name of the department I guess. I wonder if they have some sort of mentor program. I'll have to ask them.


Cyberguypr - Just wow

cyberguypr

So what's the goal here, is this role just a side gig or a full time position?

jamesleecoleman

The goal here is to help catch the bad guys.

cyberguypr

Hmm... OK, let me try again. My point is that based on your previous posts you seem to be inclined to more technical stuff. Those cover different areas of IT so I'm not sure where exactly you want to be and am trying to determine that.

the_Grinch

First rule of law enforcement...make sure you do your research.

KCSO Traffic Squad

Appears that have a forensic unit made up of Reserve Deputies that assist the full time guys. My suggestion is, if you plan on getting into this field, is join the Reserve program and do your time until you can get into the forensic program. It appears to me you get to act as a full deputy would and gaining experience in the legal areas would be very important.

jamesleecoleman

I want to be a Security Analyst. Yes I want hands on experience but I feel that having a broad experience within IT will help me out. If I can do something on the side outside of what I'm doing now would be great.

I'm looking do something where I can help protect people and with the more experience across different domains of IT, the better I can do it.

ITSpectre

jamesleecoleman wrote: »

The goal here is to help catch the bad guys.

Bad boys, bad boys, what you gonna do??? what you gonna do when Jamesleecoleman comes for you!!!!

jamesleecoleman

I did do my research a while back. I thought it would be something that I could just jump into instead of putting in time.

jamesleecoleman

itspectre wrote: »

bad boys, bad boys, what you gonna do??? What you gonna do when jamesleecoleman comes for you!!!!

omg :d hahaha

EnderWiggin

cyberguypr wrote: »

That sounds hilarious. "Hey guys, secure the computer, all the evidence we need is there. Call the Traffic Squad right away so they can do forensics". I just hope they bring their whistles. LOL!

Well, we do call data exchanges across a network "traffic," so it makes sense......

the_Grinch

jamesleecoleman wrote: »

I did do my research a while back. I thought it would be something that I could just jump into instead of putting in time.

I'd doubt they have someone from the street with just IT experience jump right into their forensic unit. In my state it wouldn't happen because while IT skills are important, knowing the law and how to properly document/analyze/extract data it more important. Think of it this way, are they going to say here's James off the street with just the Reserve academy under his belt and a fair bit of IT experience put him right into our forensic unit? Or are they going to say here's Reserve Deputy Smith who's been with us for several years and has expressed an interest in the forensic unit. Now we're going to spend a lot of money to get him trained up and well you know he's been here for years so chances are he won't jump ship. Plus he's testified in court on several occasions so he knows what's expected of him. Pretty simple choice.

I admire the zeal and the interest in helping some of the most vulnerable of our society (i.e. children), but it takes more than just those two things. Law enforcement isn't what we see in one hour crime dramas (and yes I realize you've never stated it was, but I'm putting it out there anyway). It's about 99% paperwork and investigation with just 1% of high intensity awesomeness. The jobs take forever, you're carrying multiple cases, you have your bosses and lawyers poking you to ensure the integrity of the investigation. Oh and you have a defense attorney chomping at the bit to nail you for an issue to get the evidence or the case tossed.

I had prior law enforcement experience before my current job, but the job before this was the best experience for where I am today. Three years of regulatory investigations on cybersecurity related issues. Was it saving lives? No. Was it locking up bad guys? Basically not. It was learning the art of investigating, of working with attorney's and other law enforcement agencies. It was letting the facts lead you to the conclusion and not always the conclusion you wanted. Finally, it was working on a case for sometimes weeks only to have it be dropped, a deal made to end it (not always to your satisfaction) or it being put on the back burner because something else became more important (even after you invested countless man hours).

Some of the best Detectives I work with in Cyber Crimes aren't and weren't IT people. Of course it is great if you got it, but there are things as equally important.

So my suggestion is join, express an interest in assisting the unit when you can, but be ready to crawl before you run. Also, start running and doing push-ups/sit-ups.

Best decision I ever made was getting back into law enforcement. So good luck and hopefully we'll be welcoming you to the family!

ice9

Getting some meaningful real-world experience in digital forensics is tough to get and over the past 20 years I have found more people in the field that kinda of just Fell into the role as already being a law enforcement officer in some capacity.

Your KCSO Traffic Squad website does mention around $1500 to $2000 in equipment, uniforms and tools requirements. I am willing to bet at least one of these costs is a good data write blocker like a Tableau write blocker for dead forensic analysis. Depending on how wealthy the department is, you may or may not get partial reimbursement for some of these purchases.

I wrap up my MS in Digital Forensics this December, and hope to get my career as an analyst shifted in a different direction.

Good Luck!

cyberguypr

Curiosity was killing me so I went and researched this a bit. My thoughts were always along the lines of what the_Grinch said regarding experience requirement.

Here's what they said.

Thank you for your interest in the IT Forensic Analysis Unit of the Kent County Traffic Squad. Because of limited facilities and licenses, at present we are not looking to increase the size of the unit. Nevertheless, I am attaching a document describing the requirements for membership in IT-FAU should you want to pursue it at a later time.

If, indeed, you wish to be ready when an opening occurs, you will first need to have completed the Traffic Squad academy. In addition, you need to have significant training and prior experience not just in computer security, but in computer forensics and possess a minimum of at least one major certification specific to forensics. You need to be aware of two aspects of the unit. First, there is no remuneration for the work; it is solely volunteer work. Second, it should not be considered a training ground to gain experience in computer forensics. You would need significant computer forensic experience outside of the classroom before joining the unit.

The guy running that unit has a Phd, CISSP and a ton of forensic certs. Looks like a serious shop.

The takeaway is that in forensics the stakes are just too high to get entry level folks. I only do corporate computer forensics and always need to supervise my jr. forensicator. In an LE environment tthere's just no room for error and it's usually too fast paced to be a training ground.

JoJoCal19

cyberguypr wrote: »

The takeaway is that in forensics the stakes are just too high to get entry level folks. I only do corporate computer forensics and always need to supervise my jr. forensicator. In an LE environment tthere's just no room for error and it's usually too fast paced to be a training ground.

Prosecutors' political lives are on the line when they pursue these cases, and I'd bet there would be repercussions at the LE level if they have someone green in forensics screwing things up.

jamesleecoleman

JoJoCal19
cyberguypr
ice9
the_Grinch

Thank you so much for the input, I really appreciate it.

the_Grinch - You're input is very very valuable. Thank you!

the_Grinch

Happy to help! Law enforcement is always a big catch-22 when it comes to getting into the computer forensic/cyber crimes area. They want experience, but of course won't always help you to get that experience. This mainly stems from departments getting burned: send someone through the academy and then through $50k worth of training only for that person to realize "Hey I can make six figures in the private sector". They leave and now the department is stuck.

But as others have stated, if you mess up, it can throw an entire case (I've seen it happen recently). With law enforcement being so small that will follow you wherever you go. Suddenly you're in a crap unit with no way out other than to quit or accept your fate.

At the same time it is very easy to shine. That's why I suggested joining and helping if/when you can. I assist a ton of different units at my agency and word spreads fast. Suddenly you're working cases that typically would never hit your desk.

mbarrett

the_Grinch wrote: »

First rule of law enforcement...make sure you do your research.

Appears that have a forensic unit made up of Reserve Deputies that assist the full time guys. My suggestion is, if you plan on getting into this field, is join the Reserve program and do your time until you can get into the forensic program.

100% agree with this - anything you can do to make yourself known to the organization will go a LONG way. Also, if there are any groups (check meetup.com) that gather regularly in your area might be a good way to meet people, develop your skills, education etc. Enroll in some online classes (again, do your research to find out what's best.)