Computer Forensics Certifications

13567

Comments

  • notnownotnow Member Posts: 7 ■□□□□□□□□□
    When I said I don't know much about, it was a reference meaning I don't have personal, first-hand experience of the coursework and classroom, JD. Go scout up the Edmonds Community College and Steve Hailey as well, it is well worth it since Steve Hailey is the developer of the CSFA.

    I actually have in my possession the literature, met the instructors, and am acquainted with people who are enrolled for the City University program. However, I don't know what their classroom experience is, how well they are doing in the local job market, and the perspective of local employers. I considered enrolling, but have not gone any further since I only found out about them around a month ago and just finished taking the SSCP - there are only so many hours in the day.

    Now that I have further elaborated my obviously all too brief statement, I will say this much: forensics certifications - don't do any that are only 5-day courses (like CHFI). These certifications may require that at some time in the future that you appear on the stand in a criminal or civil case as an expert witness. As an expert witness you will be asked how much training you have had with your tools, how you acquired your knowledge, etc. The opposing side will have their expert witness sitting by ready to challenge every statement you make, if all you have done is a 5-day course, it won't be fun, you might be liable, and you may never get another case. You need to know a wide collection of tools as well, not just one.

    Forensics is not like collecting another cert, it is serious business to practice forensics. But do as you will.
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    notnow wrote: »
    if all you have done is a 5-day course, it won't be fun, you might be liable, and you may never get another case.
    No lawyer would put anyone like that in a courtroom. They wouldn't even make it through a deposition. A lawyer looks at a forensic examiner's CV first, and if the experience isn't on there you'll never get a call. Therefore, a $15/hr tool-monkey working in a forensics lab should never need worry about getting called to testify on a case.

    And I only replied to your post because you didn't provide a link to City U's program for other interested readers to follow.
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    JDMurray wrote: »
    For people who may be interested in computer forensics classes and certs from The SANS Institute:

    SANS 5 & 6 Day Forensics Courses

    SANS vLive! Forensics 508: Advanced Computer Forensic Analysis and Incident Response

    The SANS Computer Forensics web site is great place for learning or expanding knowledge on computer forensics: SANS Computer Forensics Training, Incident Response with Rob Lee
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    JD did you read any more of Digital Forensics for Network, Internet, and Cloud Computing: A Forensic Evidence Guide for Moving Targets and Data? Richard Bejtlich gave it a pretty crappy review so I am wondering about your thoughts on it....
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    "Digital Forensics for Network, Internet, and Cloud Computing (DFFNIACC) is one of the worst books I've read in the last few years."

    Yeah, that's an unfavorable review all right. I haven't tried to read it, but now maybe I'll just look at the NetFlow and NetWitness chapters.
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    JDMurray wrote: »

    Good Review.


    JD, as a person who has taken the oscp course do you feel that this is in line with oscp level knowledge or is it closer to CEH knowledge? I am thinking of picking this book up sometime in the summer (after I am done with the elearnsecurity course and a few other books).
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    The book is useful for learning material in the CEH, LPT, OCSP, and OSCE certs. The Offensive Security certs actually use BackTrack in the training and exams. CEH has very little material about pen testing, but most of the tools found in the CEH can be used on BackTrack. I've never seen the LPT cert materials, but I'm guessing BackTrack should be very useful too.
  • onesaintonesaint Member Posts: 801
    JD, thanks for the fantastic thread. Ive got family in CF and this has been an interesting to read, helping me to learn more specifically about what they do.

    Can you elaborate a bit on the differences between something like incidence response and other CF fields? Ive got a broad understanding of the different areas, but find that things really become refined when laying out a plan for certs to achieve and the desired place to land in the info sec industry.
    Work in progress: picking up Postgres, elastisearch, redis, Cloudera, & AWS.
    Next up: eventually the RHCE and to start blogging again.

    Control Protocol; my blog of exam notes and IT randomness
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    onesaint wrote: »
    Can you elaborate a bit on the differences between something like incidence response and other CF fields?
    Computer forensics techniques can be used in an incident response operation, but only if that type of evidence gathering and data collection is needed to document and resolve the incident. CF is formally used when the result of the investigation may be reported in a court of law. If an incident will not involve the legal system (such as with administrative rule violations within a corporation), computer forensics is not used. However, you an still use computer forensics techniques to collect evidence of misuse of company resources, workplace harassment, violations of corporate security policies, etc. This is what most people think computer forensics is really used for.
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    Found an interesting DF presentation at WGU by George Wade of Sobel & Company, LLC:
    WGU'S session with Mr. Wade was very informative. It was great to hear from an expert in the field. If you couldn't make it you can still view the recording by going to the link below. While viewing the recording you can also download the files in the share window. First file is just the briefing and the other is a zip file with a video and briefing slides. Enjoy!
    WGU Alumni Community - Cyber Forensics Open Forum with George Wade
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    This is an excellent Forensic 4cast podcast episode featuring a Q&A panel of women "forensicators."

    Episode 38 – Independent Women REPOST : Forensic 4cast
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    One of my computer forensics instructors was interviewed by Tom Hulce of KNX 1070 AM and talks about the series of computer forensics classes I took with him. It's really just a collection of sound bites, but the information is interesting and accurate.

    http://www.csufextension.org/ueeimages/ueeCertPDF/Andy_S.mp3
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    JD, have you listened to CyberSpeak? I'm hooked on the podcast, and I'm nearly through listening to all the past episodes.
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    JD, have you listened to CyberSpeak? I'm hooked on the podcast, and I'm nearly through listening to all the past episodes.
    Yes, I've listened to some of the episodes and do like it. They are released at irregular intervals, so I tend to forget about it. The same is true with Cyber Crime 101, Forensics 4cast and Inside the Core.
  • onesaintonesaint Member Posts: 801
    JDMurray wrote: »
    One of my computer forensics instructors was interviewed by Tom Hulce of KNX 1070 AM and talks about the series of computer forensics classes I took with him. It's really just a collection of sound bites, but the information is interesting and accurate.

    http://www.csufextension.org/ueeimages/ueeCertPDF/Andy_S.mp3

    Great clip JD. Thanks for sharing it.
    Work in progress: picking up Postgres, elastisearch, redis, Cloudera, & AWS.
    Next up: eventually the RHCE and to start blogging again.

    Control Protocol; my blog of exam notes and IT randomness
  • xzierxzier Registered Users Posts: 4 ■□□□□□□□□□
    Hey guys, any one who have study material for CHFI? I am taking the exam by November 2011. Please let me know.
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    xzier wrote: »
    Hey guys, any one who have study material for CHFI? I am taking the exam by November 2011. Please let me know.
    There's some CHFI talk on this thread: http://www.techexams.net/forums/ec-council-ceh-chfi/69106-ceh-v7-100-eligibility-application-fee.html
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    The August 15, 2011 CyberSpeak podcast has an excellent interview with a CF professional on "the do's and don'ts of testifying in court." Most people think CF is all about searching for evidence on information storage systems. It's also about creating documentation and presenting it in court. It's a must-listen for anyone thinking of going into CF.
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    JDMurray wrote: »
    The August 15, 2011 CyberSpeak podcast has an excellent interview with a CF professional on "the do's and don'ts of testifying in court." Most people think CF is all about searching for evidence on information storage systems. It's also about creating documentation and presenting it in court. It's a must-listen for anyone thinking of going into CF.

    I enjoyed that one as well. VERY interesting. I watched the videos of the forensic investigators testifying at the Cassie Anthony trial.
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    I watched the videos of the forensic investigators testifying at the Cassie Anthony trial.
    Hey, post the link(s) for those. I heard the investigator talking about that too and I wanted to watch them. That's the kind of stuff they should have over at www.SecurityTube.net. Somebody needs to make a www.forensicstube.com for sure.
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
  • onesaintonesaint Member Posts: 801
    JDMurray wrote: »
    The August 15, 2011 CyberSpeak podcast has an excellent interview with a CF professional on "the do's and don'ts of testifying in court." Most people think CF is all about searching for evidence on information storage systems. It's also about creating documentation and presenting it in court. It's a must-listen for anyone thinking of going into CF.

    Great podcast. Thanks for the link JD. I had watched the testimony of Sandra Osborne and Kevin Stenger, previously. Listening to Jones talk about preparation and perspectives on testimony was quite interesting.
    Work in progress: picking up Postgres, elastisearch, redis, Cloudera, & AWS.
    Next up: eventually the RHCE and to start blogging again.

    Control Protocol; my blog of exam notes and IT randomness
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    Digital video forensics--something else for me to throw on my "to learn someday" pile.

    Digital Video Forensics On A Shoestring,
  • onesaintonesaint Member Posts: 801
    JDMurray wrote: »
    Digital video forensics--something else for me to throw on my "to learn someday" pile.

    Digital Video Forensics On A Shoestring,


    Oh, how the pile grows. I really wish I could learn like Leeloo Dallas Multi-pass does in the 5th Element. Scan and absorb.

    Say, Sgt. Gibson is packing his pistol while sitting there at home, isn't he?
    Work in progress: picking up Postgres, elastisearch, redis, Cloudera, & AWS.
    Next up: eventually the RHCE and to start blogging again.

    Control Protocol; my blog of exam notes and IT randomness
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    I passed the EnCE (EnCase) written exam and here's my blog article on it: The EnCase Certified Examiner (EnCE) Certification Experience | TechExams.net Blogs

    I'm taking the EnCE practical exam now and it's kicking my butt so far. Good thing EnCE candidates are given 60 days to chew on it. And I do mean "chew." icon_study.gif
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    JDMurray wrote: »
    I passed the EnCE (EnCase) written exam and here's my blog article on it: The EnCase Certified Examiner (EnCE) Certification Experience | TechExams.net Blogs

    I'm taking the EnCE practical exam now and it's kicking my butt so far. Good thing EnCE candidates are given 60 days to chew on it. And I do mean "chew." icon_study.gif

    Do you think the training you took prepared you enough? By the way, I don't know if you have the answer for this or not but, do you know if you need the full version of FTK to take the ACE exam?
Sign In or Register to comment.