Computer Forensics Certifications

notnow

When I said I don't know much about, it was a reference meaning I don't have personal, first-hand experience of the coursework and classroom, JD. Go scout up the Edmonds Community College and Steve Hailey as well, it is well worth it since Steve Hailey is the developer of the CSFA.

I actually have in my possession the literature, met the instructors, and am acquainted with people who are enrolled for the City University program. However, I don't know what their classroom experience is, how well they are doing in the local job market, and the perspective of local employers. I considered enrolling, but have not gone any further since I only found out about them around a month ago and just finished taking the SSCP - there are only so many hours in the day.

Now that I have further elaborated my obviously all too brief statement, I will say this much: forensics certifications - don't do any that are only 5-day courses (like CHFI). These certifications may require that at some time in the future that you appear on the stand in a criminal or civil case as an expert witness. As an expert witness you will be asked how much training you have had with your tools, how you acquired your knowledge, etc. The opposing side will have their expert witness sitting by ready to challenge every statement you make, if all you have done is a 5-day course, it won't be fun, you might be liable, and you may never get another case. You need to know a wide collection of tools as well, not just one.

Forensics is not like collecting another cert, it is serious business to practice forensics. But do as you will.

JDMurray

notnow wrote: »

if all you have done is a 5-day course, it won't be fun, you might be liable, and you may never get another case.

No lawyer would put anyone like that in a courtroom. They wouldn't even make it through a deposition. A lawyer looks at a forensic examiner's CV first, and if the experience isn't on there you'll never get a call. Therefore, a $15/hr tool-monkey working in a forensics lab should never need worry about getting called to testify on a case.

And I only replied to your post because you didn't provide a link to City U's program for other interested readers to follow.

JDMurray

For people who may be interested in computer forensics classes and certs from The SANS Institute:

SANS 5 & 6 Day Forensics Courses

SANS vLive! Forensics 508: Advanced Computer Forensic Analysis and Incident Response

veritas_libertas

JDMurray wrote: »

For people who may be interested in computer forensics classes and certs from The SANS Institute:

SANS 5 & 6 Day Forensics Courses

SANS vLive! Forensics 508: Advanced Computer Forensic Analysis and Incident Response

The SANS Computer Forensics web site is great place for learning or expanding knowledge on computer forensics: SANS Computer Forensics Training, Incident Response with Rob Lee

the_Grinch

JD did you read any more of Digital Forensics for Network, Internet, and Cloud Computing: A Forensic Evidence Guide for Moving Targets and Data? Richard Bejtlich gave it a pretty crappy review so I am wondering about your thoughts on it....

JDMurray

"Digital Forensics for Network, Internet, and Cloud Computing (DFFNIACC) is one of the worst books I've read in the last few years."

Yeah, that's an unfavorable review all right. I haven't tried to read it, but now maybe I'll just look at the NetFlow and NetWitness chapters.

JDMurray

The BT4 book review is up!

BackTrack 4: Assuring Security by Penetration Testing | TechExams.net Blogs

Bl8ckr0uter

JDMurray wrote: »

The BT4 book review is up!

BackTrack 4: Assuring Security by Penetration Testing | TechExams.net Blogs

Good Review.


JD, as a person who has taken the oscp course do you feel that this is in line with oscp level knowledge or is it closer to CEH knowledge? I am thinking of picking this book up sometime in the summer (after I am done with the elearnsecurity course and a few other books).

JDMurray

The book is useful for learning material in the CEH, LPT, OCSP, and OSCE certs. The Offensive Security certs actually use BackTrack in the training and exams. CEH has very little material about pen testing, but most of the tools found in the CEH can be used on BackTrack. I've never seen the LPT cert materials, but I'm guessing BackTrack should be very useful too.

onesaint

JD, thanks for the fantastic thread. Ive got family in CF and this has been an interesting to read, helping me to learn more specifically about what they do.

Can you elaborate a bit on the differences between something like incidence response and other CF fields? Ive got a broad understanding of the different areas, but find that things really become refined when laying out a plan for certs to achieve and the desired place to land in the info sec industry.

JDMurray

onesaint wrote: »

Can you elaborate a bit on the differences between something like incidence response and other CF fields?

Computer forensics techniques can be used in an incident response operation, but only if that type of evidence gathering and data collection is needed to document and resolve the incident. CF is formally used when the result of the investigation may be reported in a court of law. If an incident will not involve the legal system (such as with administrative rule violations within a corporation), computer forensics is not used. However, you an still use computer forensics techniques to collect evidence of misuse of company resources, workplace harassment, violations of corporate security policies, etc. This is what most people think computer forensics is really used for.

veritas_libertas

Found an interesting DF presentation at WGU by George Wade of Sobel & Company, LLC:

WGU'S session with Mr. Wade was very informative. It was great to hear from an expert in the field. If you couldn't make it you can still view the recording by going to the link below. While viewing the recording you can also download the files in the share window. First file is just the briefing and the other is a zip file with a video and briefing slides. Enjoy!

WGU Alumni Community - Cyber Forensics Open Forum with George Wade

JDMurray

This is an excellent Forensic 4cast podcast episode featuring a Q&A panel of women "forensicators."

Episode 38 – Independent Women REPOST : Forensic 4cast

JDMurray

One of my computer forensics instructors was interviewed by Tom Hulce of KNX 1070 AM and talks about the series of computer forensics classes I took with him. It's really just a collection of sound bites, but the information is interesting and accurate.

http://www.csufextension.org/ueeimages/ueeCertPDF/Andy_S.mp3

veritas_libertas

JD, have you listened to CyberSpeak? I'm hooked on the podcast, and I'm nearly through listening to all the past episodes.

JDMurray

veritas_libertas wrote: »

JD, have you listened to CyberSpeak? I'm hooked on the podcast, and I'm nearly through listening to all the past episodes.

Yes, I've listened to some of the episodes and do like it. They are released at irregular intervals, so I tend to forget about it. The same is true with Cyber Crime 101, Forensics 4cast and Inside the Core.

onesaint

JDMurray wrote: »

One of my computer forensics instructors was interviewed by Tom Hulce of KNX 1070 AM and talks about the series of computer forensics classes I took with him. It's really just a collection of sound bites, but the information is interesting and accurate.

http://www.csufextension.org/ueeimages/ueeCertPDF/Andy_S.mp3

Great clip JD. Thanks for sharing it.

xzier

Hey guys, any one who have study material for CHFI? I am taking the exam by November 2011. Please let me know.

JDMurray

xzier wrote: »

Hey guys, any one who have study material for CHFI? I am taking the exam by November 2011. Please let me know.

There's some CHFI talk on this thread: http://www.techexams.net/forums/ec-council-ceh-chfi/69106-ceh-v7-100-eligibility-application-fee.html

JDMurray

The August 15, 2011 CyberSpeak podcast has an excellent interview with a CF professional on "the do's and don'ts of testifying in court." Most people think CF is all about searching for evidence on information storage systems. It's also about creating documentation and presenting it in court. It's a must-listen for anyone thinking of going into CF.

veritas_libertas

JDMurray wrote: »

The August 15, 2011 CyberSpeak podcast has an excellent interview with a CF professional on "the do's and don'ts of testifying in court." Most people think CF is all about searching for evidence on information storage systems. It's also about creating documentation and presenting it in court. It's a must-listen for anyone thinking of going into CF.

I enjoyed that one as well. VERY interesting. I watched the videos of the forensic investigators testifying at the Cassie Anthony trial.

JDMurray

veritas_libertas wrote: »

I watched the videos of the forensic investigators testifying at the Cassie Anthony trial.

Hey, post the link(s) for those. I heard the investigator talking about that too and I wanted to watch them. That's the kind of stuff they should have over at www.SecurityTube.net. Somebody needs to make a www.forensicstube.com for sure.

veritas_libertas

Here you go:

The testimony is not just that of Sandra Osborne, but also Sgt. Kevin Stenger.

Video - Police Computer Forensics Expert Sandra Osborne Testifies at the Casey Anthony Murder Trial on June 8, 2011 - National Crime | Examiner.com

JDMurray

veritas_libertas wrote: »

Video - Police Computer Forensics Expert Sandra Osborne Testifies at the Casey Anthony Murder Trial on June 8, 2011 - National Crime | Examiner.com

Anyone doubting the value holding certifications can have should watch the first 4'45" of the first video.

onesaint

JDMurray wrote: »

The August 15, 2011 CyberSpeak podcast has an excellent interview with a CF professional on "the do's and don'ts of testifying in court." Most people think CF is all about searching for evidence on information storage systems. It's also about creating documentation and presenting it in court. It's a must-listen for anyone thinking of going into CF.

Great podcast. Thanks for the link JD. I had watched the testimony of Sandra Osborne and Kevin Stenger, previously. Listening to Jones talk about preparation and perspectives on testimony was quite interesting.

veritas_libertas

Digital Detective: Digital Evidence Discrepancies - Casey Anthony Trial

JDMurray

Digital video forensics--something else for me to throw on my "to learn someday" pile.

Digital Video Forensics On A Shoestring,

onesaint

JDMurray wrote: »

Digital video forensics--something else for me to throw on my "to learn someday" pile.

Digital Video Forensics On A Shoestring,

Oh, how the pile grows. I really wish I could learn like Leeloo Dallas Multi-pass does in the 5th Element. Scan and absorb.

Say, Sgt. Gibson is packing his pistol while sitting there at home, isn't he?

JDMurray

I passed the EnCE (EnCase) written exam and here's my blog article on it: The EnCase Certified Examiner (EnCE) Certification Experience | TechExams.net Blogs

I'm taking the EnCE practical exam now and it's kicking my butt so far. Good thing EnCE candidates are given 60 days to chew on it. And I do mean "chew."

veritas_libertas

JDMurray wrote: »

I passed the EnCE (EnCase) written exam and here's my blog article on it: The EnCase Certified Examiner (EnCE) Certification Experience | TechExams.net Blogs

I'm taking the EnCE practical exam now and it's kicking my butt so far. Good thing EnCE candidates are given 60 days to chew on it. And I do mean "chew."

Do you think the training you took prepared you enough? By the way, I don't know if you have the answer for this or not but, do you know if you need the full version of FTK to take the ACE exam?