Forensic certifications-How to get the experience?

So I've decided to pursue a forensics certification next. I am currently in a management type of security position and don't see them paying for any of the associated costs.

I am interested in the CCE certification. I did a bit of research on this and noticed the necessary software is as follows:

# Norton Utilities
# Forensic Suites

* FTK - Access Data
* Encase - Guidance Software
* Similar Forensic Suites

# Password Recovery Tools

* Password Recovery ToolKit - Access Data
* Passware Kit - lostpassword.com
* Similar password recovery Tools

# A "carving" utility

* DataLifter - datalifter.com
* Similar utility

# A file viewer

* QuickView Plus - Avantstar.com
* Similar Utility

# Suitable wiping utilities
# Suitable checksum or hashing applications
# Utilities that make forensic copies of media
# Utilities to "capture" unallocated space
# CDR Examination Tools

* Infinadyne has excellent CDR/DVD examination tools.
* ISOBuster

# Email Extraction Utilities
# Internet History Viewers
# Metadata Viewing Utilities - Payne Consulting

Is there any way to get the experience without using these expensive tools? A few of them I believe, are thousands of dollars and I don't have the funds to certify myself. What are my options?

Thanks,

Find more posts tagged with

Comments

sexion8

ducatibob wrote:

So I've decided to pursue a forensics certification next. I am currently in a management type of security position and don't see them paying for any of the associated costs.

I am interested in the CCE certification. I did a bit of research on this and noticed the necessary software is as follows:

Thanks,

You're missing the keyword here: "similar tools". There are plenty of open source tools you could use to study. Helix, TCT, Scalpel, etc.. If you're going for the CCE, you should likely famliarize yourself with the concepts and make a list of alternative tools. Remember at the end of the day, they all produce results, so you won't need "one defacto" tool if the end result can be replicated and validated.

http://www.opensourceforensics.org/
http://www.digitalforensicssolutions.com/Scalpel/
http://www.opensourceforensics.org/tools/unix.html

JDMurray

Forensic investigators also need experience in legal proceedings, preferably from a military or law enforcement background. You need to know about following Chain of Custody, understanding legal proceedings, writing affidavits, experience testifying in a courtroom, etc. This is true even if you will be working on a forensics team internal to an organization.

Have a look at the computer forensics jobs on dice.com to get an idea of what experience employers are asking for.

nanga

They are couple of universities which offer forensic classes.I know one particular www.cpd.iit.edu based in chicago which offer the class. ( not recommended though ..sure Am sure there would be far more better or cheaper courses that would be available). u can try their certificate program which usually needs to take 3 courses to complete one

rubberToe

You can play around with Helix. Linux distro now based off Ubuntu. It is more for gathering and discovery than analysis although it does contain FTK and other tools.

Manual:
http://helix.e-fense.com/Docs/Helix0307.pdf

Homepage:
http://www.e-fense.com/helix/

Check out the book:
File System Forensic Analysis by Brian Carrier
Pearson Publishing

Kasor

Computer Forensic is not for everybody, just like IT security. Everybody want to take the CISSP, but they don't have experience and credential to certify.

Unless you are working for law enforcement, law firms, military or private investigation company. Otherwise, I don't see where most people will get their experience from. I know people that took the exam and got the job, but the product(aka report) that generate by them are joke because they don't have experience and skill to be in the field. Anyway,... tools are free.

I have many of them at company from the forensic unit. However, you will not get those really cool tools unless you are Law-Enforcement or mil/gov that assign to conduct the real investigation.

JDMurray

Kasor wrote:

Unless you are working for law enforcement, law firms, military or private investigation company. Otherwise, I don't see where most people will get their experience from.

I looked into electronic and computer forensics as a possible areas of specialization for myself, and found that without a proper legal or law enforcement background, it is extremely unlikely anyone would find employment in forensics. Even a digital forensics lab tech that never goes into the field must have a background that shows s/he knows how to maintain chain of custody.

I did meet someone who had self-training in forensics, but was unable to get an actual forensics job, so he enrolled into a police academy. Before he actually became an officer, he had acquired enough training and networking contacts to get an appointment as a digital forensics examiner. This points out that it's often not just what you know but also who you know.