Computer Forensics Certifications

One of the transient InfoSec topics on TechExams.net is that of Computer Forensics (CF). In 2010, I had a chance to dig into this field and ended up writing this blog article on CF certifications:
Computer Forensics Certifications | TechExams.net Blogs
It looks like I'll be continuing with my CF studies into 2011, and maybe picking up a CF cert or two. If anyone is interested in CF, please post here and we'll see what TechExams.net can get going to contribute to the CF cert community.
--JDMurray
Computer Forensics Certifications | TechExams.net Blogs
It looks like I'll be continuing with my CF studies into 2011, and maybe picking up a CF cert or two. If anyone is interested in CF, please post here and we'll see what TechExams.net can get going to contribute to the CF cert community.
--JDMurray
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Comments
Next Up: Linux+/RHCSA, GCIA
An interest in digital forensics training was what got me into IT initially. Although my interest now is more network security focused, i'm still interested in any related posts.
During my research into the field, I came across some excellent resources, both forums and tools. I'm not sure on the rules on advertising other forums so I'll leave it up to google for people to find them. I believe SANS do a free linux forensic toolkit to get anyone started with low level data analysis. It comes with FTK Imager.
Real Digital Forensics and File System Forensic Analysis are both books I own and would recommend. I would warn the latter is very in depth.
Mobile phone and PDA knowledge is often required for forensic tech jobs too due to current smartphone capabilities.
I could be wrong, but I heard most states in the US require anyone carrying out forensic work must have a PI license?
+1. I was thinking CHFI in 2012.
M.S. Information Security and Assurance
B.S. Computer Science - Summa Cum Laude
A.A.S. Electronic Systems Technology
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Thanks!
The technical side of CF was what initially pulled me in, but I really like the legal aspects too, although writing all the documentation (chain of custody) is a bit tedious.
I should write up a blog article on free tools to get people started. There are a lot of them out there. I'm using PALADIN from www.sumuri.com a lot now. The trial releases of commercial packages, like EnCase and FTK, are useful for learning too.
Yeah, it's impossible to do "just a little computer forensics." You need to dive right into storage system and file system structures . It gets down into the meat of computer systems pretty quickly.
It does vary by state. Yes for Texas, no for California, and I'm not sure about the rest. There are also exceptions for people who work at law firms, civilian employees of law enforcement agencies, etc. That would be a a good list to compile.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
I hope you have some capital or access to Encase for the EnCE. I have pretty significant experience with the software but it is really for people who have access to it. That being said EnCE coupled with experience as you have shown will quickly vault you into a great position. Best of luck!
M.S. Information Security and Assurance
B.S. Computer Science - Summa Cum Laude
A.A.S. Electronic Systems Technology
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
M.S. Information Security and Assurance
B.S. Computer Science - Summa Cum Laude
A.A.S. Electronic Systems Technology
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
I'd agree this is true only if you're looking to do what's considered traditional forensics. Computer forensics can also branch out into other fields such as malware forensic research, reverse engineering, and incidence response. I particularly don't have very much interest in law enforcement and criminal justice. I'm more interested in ripping things apart and learning every detail.
Agreed (my Father-In-Law has done some electronic forensics) but how do you get into an IT position that opens the door for this other than having a legal or Law Enforcement position?
For example, Malware research uses forensics for identifying and collecting Malware from endpoints, midpoints, and networks, and somewhat for the attribution of the Malware's origin. However, the majority of the work in Malware research is falls under the categories of software engineering, computer science, historical research, and report writing/presentation. These fields are probably not what most people interested in computer/network forensics want to be doing most of their time. They are likely to be disappointed by how little true forensics work they end up actually doing as a Malware researcher.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
How does someone get into this kind of position? What kind of certifications and education would help? I would assume that at the least an A+ and Bachelor degree?
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
There are a number of certification providers but you do need a solid foundation in the way the world of computers works. It also depends as JD pointed out in what part of the forensics world you want to work in.
M.S. Information Security and Assurance
B.S. Computer Science - Summa Cum Laude
A.A.S. Electronic Systems Technology
I think I was more disappointed finding out that a lot of computer forensics work is just running grep tools on EnCase haha (not being entirely serious)
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
M.S. Information Security and Assurance
B.S. Computer Science - Summa Cum Laude
A.A.S. Electronic Systems Technology
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
M.S. Information Security and Assurance
B.S. Computer Science - Summa Cum Laude
A.A.S. Electronic Systems Technology