Computer Forensics Certifications

12467

Comments

  • colemiccolemic Member Posts: 1,569 ■■■■■■■□□□
    Congrats JD!
    Working on: staying alive and staying employed
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    colemic wrote: »
    Congrats JD!
    Hold on to that until I pass the second exam and post the EnCE cert in our certificate thread. ;)
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    Do you think the training you took prepared you enough?
    Mostly, but not 100%. I still need to Google and thumb through my forensics books for most of the questions. I'm actually learning a lot about EnCase by taking this exam.
    By the way, I don't know if you have the answer for this or not but, do you know if you need the full version of FTK to take the ACE exam?
    From what I have read, the full version of FTK v3 is require to test for the ACE, but I'm not 100% sure on that. I haven't looked at the cert info on Access Data's Web site.
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    JDMurray wrote: »
    Mostly, but not 100%. I still need to Google and thumb through my forensics books for most of the questions. I'm actually learning a lot about EnCase by taking this exam.


    From what I have read, the full version of FTK v3 is require to test for the ACE, but I'm not 100% sure on that. I haven't looked at the cert info on Access Data's Web site.

    Their site claims you need the full version, but I'm wondering if you actually do.
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    Are you on LinkedIn? Try asking in one of the computer forensic discussion groups that has FTK discussions. I vaguely remember reading something about FTK v3 and the ACE cert.
  • core22core22 Member Posts: 27 ■□□□□□□□□□
    Wow, somehow I missed this thread! So many great links - many bookmarked for later review as there's only so many hours...

    Thanks to everyone who has posted :)
    CISSP | GPEN | GWAPT | GCIH | CEH | CHFI | Security+
    BS - InfoSec, Drexel University - Summa Cum Laude
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    JDMurray wrote: »
    Are you on LinkedIn? Try asking in one of the computer forensic discussion groups that has FTK discussions. I vaguely remember reading something about FTK v3 and the ACE cert.

    I received some great answers from ForensicFocus :)

    Digital Forensics - Forums - General Discussion - Education and Training - ACE Certification exam --- Requires full version?
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    That is a good thread. I'm surprised that the ACE cert would allow the exam candidate to use any other tools than FTK itself. Isn't the ACE to certify the candidate's competency with using FTK? The EnCE is certainly that for EnCase.
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    JDMurray wrote: »
    That is a good thread. I'm surprised that the ACE cert would allow the exam candidate to use any other tools than FTK itself. Isn't the ACE to certify the candidate's competency with using FTK? The EnCE is certainly that for EnCase.

    I think I'm going to try for it between semesters. I've been playing with FTK and it's various tools in demo mode. Commercial Forensic tools are incredibly expensive, and I believe FTK is up around $3,000. Unfortunately in my area is there is no university/college teaching digital forensics. This is why I will probably go down to Atlanta for training at Emory University. The nice thing about the CCE Bootcamp besides the hands on training is the free forensic tools you receive.
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Should be noted that the job posting closes tonight at midnight, hadn't realized that or I would have posted sooner!

    I found this the other day and found it pretty interesting.

    USAJOBS - Search Jobs

    Entry level (as long as you have the degree requirements) and they will train you from the ground up. My understanding of the training is as follows:

    2 Week A+ Course (must pass or you lose the job)
    2 Week Network+ Course (must pass or you lose the job)
    (For the above, I don't know if you can bypass the training if you already hold the certs, I'd assume you could, but not 100% sure)
    4 Week Course on the forensic tools used by the FBI (obviously you have to pass)

    Then it is pretty much on the job training. Pay seems pretty good and the position goes all the way up to GS14. You would be mentored by a senior field examiner and as time goes on given your own case load/assist on various cases.

    Note: You'll need to be able to pass the extensive background check. TS-SCI would require a through background investigation (every place you lived, worked, went to school, etc will be checked). Also, you will go through a full scope polygraph exam. This consists of two parts: Counterintelligence (have you ever been apart of a group wanting to overthrow the government, etc) and Lifestyle (have you ever done drugs, etc). Polygraph usually lasts between one to three hours and is interesting to say the least. Time to complete the background check can take up to two years, but usually is completed in three to eight months. The length of time is about 95% dependent on you and how correct your information is. You would repeat this process every 5 years for as long as you are working for the FBI.

    Having been through a process like this I can say it is interesting and frustrating at the same time. Also, it gave me faith in privacy laws as when my investigator came to speak to one of my professors the legal team at my college called the investigator and ripped him a new one (something to the effect of they didn't care who he represented he had no right to get information on a student). They then told him to have the professor get on the phone and told him he was not to say a word to the investigator in regards to me. Ultimately, I wrote a letter stating what it was for and we were good to go.

    Good luck to anyone who applies and note that the last time they attempted to hire for positions like this they ended up cancelling the anouncement.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    Here's a bit of "Friday Fun" for CF people: Computer forensics myths?
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    For people interested in how the EC-Council CHFI cert compares against other CF certs more well recognized in the CF world: CHFI Versus CCE Certification
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Book Review: Digital Evidence and Computer Crime - Slashdot

    New book that came out, looks pretty good!
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    That book is a classic in computer forensics, and the 3rd edition was released May 2011.
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    This podcast is more focused on data recovery than forensics, but I love the way it digs deep into how HDDs work and communicate.

    My Hard Drive Died Podcast - w/Scott Moulton | Podnutz - Tech Podcasts
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    SANS has an online Windows computer forensic exam to assess if you need to take their FOR408 course or you can skip to their FOR508 course. The exam is 46 questions and with a 120-minute time limit. You will need an account on the sans.org Web site to access the exam. And you better know your CF stuff concerning Windows Vista and 7, otherwise you'll be doing a lot of guessing (like I did).

    SANS Computer Forensics Course Assessment
    https://exams.giac.org/exams/overview
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    OK people, I am now EnCE-certified; here's my blog article to provide you all with the experience: The EnCase Certified Examiner (EnCE) Certification Experience – The Practical Exam | TechExams.net Blogs
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Congrats JD and great write up!
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    Congratulations! :D
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    JDMurray wrote: »
    OK people, I am now EnCE-certified; here's my blog article to provide you all with the experience: The EnCase Certified Examiner (EnCE) Certification Experience – The Practical Exam | TechExams.net Blogs

    This was the best and most thorough review I have ever seen on the EnCE. I really enjoyed it and am hoping I will be able to eventually take the exam as well.
  • DevilsbaneDevilsbane Member Posts: 4,214 ■■■■■■■■□□
    JDMurray wrote: »
    That book is a classic in computer forensics, and the 3rd edition was released May 2011.

    I found Amazon.com: File System Forensic Analysis (9780321268174): Brian Carrier: Books to be a good read and an even greater reference tool.
    Decide what to be and go be it.
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    Devilsbane wrote: »
    I found Amazon.com: File System Forensic Analysis (9780321268174): Brian Carrier: Books to be a good read and an even greater reference tool.
    Yes, a very good reference, and Harlan Carvey's Windows Registry Forensics too. I recommended both of those books in my EnCE blog article.
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    http://www.us-cert.gov/reading_room/forensics.pdf Was doing some research and found this paper from USCERT. Contains some great information for people looking to get into forensics and for IT people in general.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • onesaintonesaint Member Posts: 801
    I like the NIST's 800 series publications. There is some good reading in there:
    http://csrc.nist.gov/publications/PubsSPs.html

    It can be a tad outdated, but still interesting (e.g., Guide to Integrating Forensic Techniques into Incident Response cir. 2006).
    Work in progress: picking up Postgres, elastisearch, redis, Cloudera, & AWS.
    Next up: eventually the RHCE and to start blogging again.

    Control Protocol; my blog of exam notes and IT randomness
  • notnownotnow Member Posts: 7 ■□□□□□□□□□
    For the ACE you can get by with version 1.8, but you need a dongle to complete the test as you have to crack passwords and review some history in the image they provide. When you recertify, you will have to answer detailed questions about version 2.2 and up. You can download all versions of FTK but they are limited, I suggest you borrow a dongle from someone with a fully licensed copy or enroll in a course where they use AccessData products. I received my ACE certification last March and my Cybersecurity Forensics Analyst certification last April.
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    Harlan Carvey just created a page on his blog, with a list of FOSS tools for forensic analysis:

    Windows Incident Response: FOSS Tools
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    It's not surprising that FTK Imager is on the top of that list. It's an excellent free tool for imaging electronic media, which is usually the first step in performing a forensic examination of an information storage system.
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    JDMurray wrote: »
    It's not surprising that FTK Imager is on the top of that list. It's an excellent free tool for imaging electronic media, which is usually the first step in performing a forensic examination of an information storage system.

    It certainly is a great tool. I used it yesterday to help recover some photos from a CF memory card. My folks came to see our 8 month old and took about thirty photos. For some reason the FAT table became corrupt and Windows kept asking to format it. After imaging the card I used PhotoRec to carve out the images. I originally wanted to use Androit's tool since I have heard rave reviews, but I'm not up to forking out $999 for something I just want to play with ;)
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    Not every CF card works in every reader, even though it may fit correctly in the slot. Next time I would try the card in several different reader devices before assuming the CF's disk volume or media had become corrupt.
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    It's my fault for not being more specific. The CF card quit working properly in the camera that the photos were being taken in. I then moved the card to the only CF reader I had and it wouldn't read properly there either.

    I'm assume what you are refering to is the different types of CF media? I know there are about four or five different ones.
Sign In or Register to comment.