Computer Forensics Certifications
JDMurray
Admin Posts: 13,101 Admin
One of the transient InfoSec topics on TechExams.net is that of Computer Forensics (CF). In 2010, I had a chance to dig into this field and ended up writing this blog article on CF certifications:
Computer Forensics Certifications | TechExams.net Blogs
It looks like I'll be continuing with my CF studies into 2011, and maybe picking up a CF cert or two. If anyone is interested in CF, please post here and we'll see what TechExams.net can get going to contribute to the CF cert community.
--JDMurray
Computer Forensics Certifications | TechExams.net Blogs
It looks like I'll be continuing with my CF studies into 2011, and maybe picking up a CF cert or two. If anyone is interested in CF, please post here and we'll see what TechExams.net can get going to contribute to the CF cert community.
--JDMurray
Comments
-
ibcritn Member Posts: 340I will certainly contribute information when I start studying for CHFI. What sort of information are you looking for?CISSP | GCIH | CEH | CNDA | LPT | ECSA | CCENT | MCTS | A+ | Net+ | Sec+
Next Up: Linux+/RHCSA, GCIA -
mark_s0 Member Posts: 82 ■■■□□□□□□□Great blog post JDMurray!
An interest in digital forensics training was what got me into IT initially. Although my interest now is more network security focused, i'm still interested in any related posts.
During my research into the field, I came across some excellent resources, both forums and tools. I'm not sure on the rules on advertising other forums so I'll leave it up to google for people to find them. I believe SANS do a free linux forensic toolkit to get anyone started with low level data analysis. It comes with FTK Imager.
Real Digital Forensics and File System Forensic Analysis are both books I own and would recommend. I would warn the latter is very in depth.
Mobile phone and PDA knowledge is often required for forensic tech jobs too due to current smartphone capabilities.
I could be wrong, but I heard most states in the US require anyone carrying out forensic work must have a PI license? -
mark_s0 Member Posts: 82 ■■■□□□□□□□JDMurray, what area of forensics do you work in? Private, Gov'ment or Law enforcement?
-
rogue2shadow Member Posts: 1,501 ■■■■■■■■□□Bl8ckr0uter wrote: »I am interested.
+1. I was thinking CHFI in 2012. -
Chris:/* Member Posts: 658 ■■■■■■■■□□I am completing my CHFI in 2011.Degrees:
M.S. Information Security and Assurance
B.S. Computer Science - Summa Cum Laude
A.A.S. Electronic Systems Technology -
JDMurray Admin Posts: 13,101 AdminWhat sort of information are you looking for?
-
JDMurray Admin Posts: 13,101 AdminJDMurray, what area of forensics do you work in? Private, Gov'ment or Law enforcement?Great blog post JDMurray!An interest in digital forensics was what got me into IT initially. Although my interest now is more network security focused, i'm still interested in any related posts.During my research into the field, I came across some excellent resources, both forums and tools.It comes with FTK Imager. Real Digital Forensics and File System Forensic Analysis are both books I own and would recommend. I would warn the latter is very in depth.I could be wrong, but I heard most states in the US require anyone carrying out forensic work must have a PI license?
-
JDMurray Admin Posts: 13,101 AdminI am completing my CHFI in 2011.
-
Chris:/* Member Posts: 658 ■■■■■■■■□□I'm checking if I can do EnCE first then CHFI next. That would take me all of 2011 if I started right now.
I hope you have some capital or access to Encase for the EnCE. I have pretty significant experience with the software but it is really for people who have access to it. That being said EnCE coupled with experience as you have shown will quickly vault you into a great position. Best of luck!Degrees:
M.S. Information Security and Assurance
B.S. Computer Science - Summa Cum Laude
A.A.S. Electronic Systems Technology -
JDMurray Admin Posts: 13,101 AdminThe hitch with the EnCE (and EnCEP) is that attending some sort of training in EnCase is a requirement for the certification. I'm not sure if the college classes I'm taking now will qualify me to take the exam, but I'll find out soon. You can waive the training requirement if you have professional computer forensics examination experience, but I'm not that far yet.
-
Chris:/* Member Posts: 658 ■■■■■■■■□□It should full fill the requirement they really like seeing DCI training though. DCI has a webcast training you can get you into if you can show your employer has a need for you to understand Forensics.Degrees:
M.S. Information Security and Assurance
B.S. Computer Science - Summa Cum Laude
A.A.S. Electronic Systems Technology -
thebogman87 Member Posts: 9 ■□□□□□□□□□I'm in a master's program in High Technology Crime Investigation (a mouthful for what's simply computer forensics) at George Washington University. I am hoping to knock out a few certifications while I'm still in school.. I just don't know which certs I wanna get yet. I'm hoping to get some guidance before I take the plunge haha don't wanna waste time getting certs that aren't going to help me yet.
-
veritas_libertas Member Posts: 5,746 ■■■■■■■■■■I would enjoy getting involved in Computer or Network Forensics eventually. The only hitch with Computer Forensics is that appears to still be heavily bent towards folks with past law enforcement or legal experience.
-
-Foxer- Member Posts: 151Thanks for this thread, there's some useful info. I'm planning on doing CHFI this year as a part of the WGU Masters program.
-
JDMurray Admin Posts: 13,101 Adminveritas_libertas wrote: »The only hitch with Computer Forensics is that appears to still be heavily bent towards folks with past law enforcement or legal experience.
-
thebogman87 Member Posts: 9 ■□□□□□□□□□If you actually want to earn a living in CF then you'll need to learn how to write legal documentation, interact with attorneys and law enforcement personnel, and testify in depositions and court as an expert witness (litigation support specialist). Doing only the technical side of CF will only land you employment as a $15/hr lab tech imaging hard drives, managing the property room, and filling out lots of paperwork.
I'd agree this is true only if you're looking to do what's considered traditional forensics. Computer forensics can also branch out into other fields such as malware forensic research, reverse engineering, and incidence response. I particularly don't have very much interest in law enforcement and criminal justice. I'm more interested in ripping things apart and learning every detail. -
veritas_libertas Member Posts: 5,746 ■■■■■■■■■■If you actually want to earn a living in CF then you'll need to learn how to write legal documentation, interact with attorneys and law enforcement personnel, and testify in depositions and court as an expert witness (litigation support specialist). Doing only the technical side of CF will only land you employment as a $15/hr lab tech imaging hard drives, managing the property room, and filling out lots of paperwork.
Agreed (my Father-In-Law has done some electronic forensics) but how do you get into an IT position that opens the door for this other than having a legal or Law Enforcement position? -
JDMurray Admin Posts: 13,101 Adminthebogman87 wrote: »Computer forensics can also branch out into other fields such as malware forensic research, reverse engineering, and incidence response.
For example, Malware research uses forensics for identifying and collecting Malware from endpoints, midpoints, and networks, and somewhat for the attribution of the Malware's origin. However, the majority of the work in Malware research is falls under the categories of software engineering, computer science, historical research, and report writing/presentation. These fields are probably not what most people interested in computer/network forensics want to be doing most of their time. They are likely to be disappointed by how little true forensics work they end up actually doing as a Malware researcher. -
JDMurray Admin Posts: 13,101 Adminveritas_libertas wrote: »but how do you get into an IT position that opens the door for this other than having a legal or Law Enforcement position?
-
veritas_libertas Member Posts: 5,746 ■■■■■■■■■■The way in now is through the field of Electronic Discovery (eDiscovery). In eDiscovery, forensics techniques are used to collect information from organization to be used in litigation. You work either for the corporation being sued or for a law office that is either on the prosecution or defense. The majority of the hard work is in communicating with the different organizational departments that own the information that is needed. Get use to working with email and database servers, file storage systems (NAS, SAN), AD, LDAP, BlackBerry Enterprise Server (BES), and all sort of software apps used to store and retrieve information. eDiscovery is not true computer forensics (e.g., physical disk imaging, chain of custody, common forensics tools), but it's what gets your foot in the door.
How does someone get into this kind of position? What kind of certifications and education would help? I would assume that at the least an A+ and Bachelor degree? -
JDMurray Admin Posts: 13,101 Adminveritas_libertas wrote: »How does someone get into this kind of position? What kind of certifications and education would help? I would assume that at the least an A+ and Bachelor degree?
-
Chris:/* Member Posts: 658 ■■■■■■■■□□You really want a degree in either Electrical Engineering or Computer Science if you want to get into reverse engineering and malware analysis. That is not to say that is the only way to get there. When I received my forensics training the two gentlemen were ex-army with a ton of experience. If you are in the military you can join one of the special police units to get your foot in the door.
There are a number of certification providers but you do need a solid foundation in the way the world of computers works. It also depends as JD pointed out in what part of the forensics world you want to work in.Degrees:
M.S. Information Security and Assurance
B.S. Computer Science - Summa Cum Laude
A.A.S. Electronic Systems Technology -
thebogman87 Member Posts: 9 ■□□□□□□□□□They are likely to be disappointed by how little true forensics work they end up actually doing as a Malware researcher.
I think I was more disappointed finding out that a lot of computer forensics work is just running grep tools on EnCase haha (not being entirely serious) -
JDMurray Admin Posts: 13,101 AdminYou really want a degree in either Electrical Engineering or Computer Science if you want to get into reverse engineering and malware analysis.
-
Chris:/* Member Posts: 658 ■■■■■■■■□□That is interesting because of the people who I have talked to who do the work for FBI and DOJ told me to earn a degree in CS or EE otherwise they would not pick up the candidate. The exception they did state was of course lots of previous experience but starting out they suggested the degrees.Degrees:
M.S. Information Security and Assurance
B.S. Computer Science - Summa Cum Laude
A.A.S. Electronic Systems Technology -
JDMurray Admin Posts: 13,101 Adminthebogman87 wrote: »I think I was more disappointed finding out that a lot of computer forensics work is just running grep tools on EnCase haha (not being entirely serious)
-
JDMurray Admin Posts: 13,101 AdminThat is interesting because of the people who I have talked to who do the work for FBI and DOJ told me to earn a degree in CS or EE otherwise they would not pick up the candidate. The exception they did state was of course lots of previous experience but starting out they suggested the degrees.
-
Chris:/* Member Posts: 658 ■■■■■■■■□□Oh I agree! Too often HR Goons create speed bumps or unnecessary road blocks.Degrees:
M.S. Information Security and Assurance
B.S. Computer Science - Summa Cum Laude
A.A.S. Electronic Systems Technology -
Broodmdh Member Posts: 10 ■□□□□□□□□□CF is something I've developed quite an interest in, and I'd love to see my career move in that direction. I'm looking into my CHFI for 2011, but I'm not sure how realistic that is. I'd be interested in seeing my CF topics on these boards, too.