Do you think the training you took prepared you enough?
Mostly, but not 100%. I still need to Google and thumb through my forensics books for most of the questions. I'm actually learning a lot about EnCase by taking this exam.
By the way, I don't know if you have the answer for this or not but, do you know if you need the full version of FTK to take the ACE exam?
From what I have read, the full version of FTK v3 is require to test for the ACE, but I'm not 100% sure on that. I haven't looked at the cert info on Access Data's Web site.
Mostly, but not 100%. I still need to Google and thumb through my forensics books for most of the questions. I'm actually learning a lot about EnCase by taking this exam.
From what I have read, the full version of FTK v3 is require to test for the ACE, but I'm not 100% sure on that. I haven't looked at the cert info on Access Data's Web site.
Their site claims you need the full version, but I'm wondering if you actually do.
Are you on LinkedIn? Try asking in one of the computer forensic discussion groups that has FTK discussions. I vaguely remember reading something about FTK v3 and the ACE cert.
Are you on LinkedIn? Try asking in one of the computer forensic discussion groups that has FTK discussions. I vaguely remember reading something about FTK v3 and the ACE cert.
That is a good thread. I'm surprised that the ACE cert would allow the exam candidate to use any other tools than FTK itself. Isn't the ACE to certify the candidate's competency with using FTK? The EnCE is certainly that for EnCase.
That is a good thread. I'm surprised that the ACE cert would allow the exam candidate to use any other tools than FTK itself. Isn't the ACE to certify the candidate's competency with using FTK? The EnCE is certainly that for EnCase.
I think I'm going to try for it between semesters. I've been playing with FTK and it's various tools in demo mode. Commercial Forensic tools are incredibly expensive, and I believe FTK is up around $3,000. Unfortunately in my area is there is no university/college teaching digital forensics. This is why I will probably go down to Atlanta for training at Emory University. The nice thing about the CCE Bootcamp besides the hands on training is the free forensic tools you receive.
Entry level (as long as you have the degree requirements) and they will train you from the ground up. My understanding of the training is as follows:
2 Week A+ Course (must pass or you lose the job)
2 Week Network+ Course (must pass or you lose the job)
(For the above, I don't know if you can bypass the training if you already hold the certs, I'd assume you could, but not 100% sure)
4 Week Course on the forensic tools used by the FBI (obviously you have to pass)
Then it is pretty much on the job training. Pay seems pretty good and the position goes all the way up to GS14. You would be mentored by a senior field examiner and as time goes on given your own case load/assist on various cases.
Note: You'll need to be able to pass the extensive background check. TS-SCI would require a through background investigation (every place you lived, worked, went to school, etc will be checked). Also, you will go through a full scope polygraph exam. This consists of two parts: Counterintelligence (have you ever been apart of a group wanting to overthrow the government, etc) and Lifestyle (have you ever done drugs, etc). Polygraph usually lasts between one to three hours and is interesting to say the least. Time to complete the background check can take up to two years, but usually is completed in three to eight months. The length of time is about 95% dependent on you and how correct your information is. You would repeat this process every 5 years for as long as you are working for the FBI.
Having been through a process like this I can say it is interesting and frustrating at the same time. Also, it gave me faith in privacy laws as when my investigator came to speak to one of my professors the legal team at my college called the investigator and ripped him a new one (something to the effect of they didn't care who he represented he had no right to get information on a student). They then told him to have the professor get on the phone and told him he was not to say a word to the investigator in regards to me. Ultimately, I wrote a letter stating what it was for and we were good to go.
Good luck to anyone who applies and note that the last time they attempted to hire for positions like this they ended up cancelling the anouncement.
WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff
For people interested in how the EC-Council CHFI cert compares against other CF certs more well recognized in the CF world: CHFI Versus CCE Certification
SANS has an online Windows computer forensic exam to assess if you need to take their FOR408 course or you can skip to their FOR508 course. The exam is 46 questions and with a 120-minute time limit. You will need an account on the sans.org Web site to access the exam. And you better know your CF stuff concerning Windows Vista and 7, otherwise you'll be doing a lot of guessing (like I did).
This was the best and most thorough review I have ever seen on the EnCE. I really enjoyed it and am hoping I will be able to eventually take the exam as well.
http://www.us-cert.gov/reading_room/forensics.pdf Was doing some research and found this paper from USCERT. Contains some great information for people looking to get into forensics and for IT people in general.
WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff
Work in progress: picking up Postgres, elastisearch, redis, Cloudera, & AWS. Next up: eventually the RHCEand to start blogging again. Control Protocol; my blog of exam notes and IT randomness
For the ACE you can get by with version 1.8, but you need a dongle to complete the test as you have to crack passwords and review some history in the image they provide. When you recertify, you will have to answer detailed questions about version 2.2 and up. You can download all versions of FTK but they are limited, I suggest you borrow a dongle from someone with a fully licensed copy or enroll in a course where they use AccessData products. I received my ACE certification last March and my Cybersecurity Forensics Analyst certification last April.
It's not surprising that FTK Imager is on the top of that list. It's an excellent free tool for imaging electronic media, which is usually the first step in performing a forensic examination of an information storage system.
It's not surprising that FTK Imager is on the top of that list. It's an excellent free tool for imaging electronic media, which is usually the first step in performing a forensic examination of an information storage system.
It certainly is a great tool. I used it yesterday to help recover some photos from a CF memory card. My folks came to see our 8 month old and took about thirty photos. For some reason the FAT table became corrupt and Windows kept asking to format it. After imaging the card I used PhotoRec to carve out the images. I originally wanted to use Androit's tool since I have heard rave reviews, but I'm not up to forking out $999 for something I just want to play with
Not every CF card works in every reader, even though it may fit correctly in the slot. Next time I would try the card in several different reader devices before assuming the CF's disk volume or media had become corrupt.
It's my fault for not being more specific. The CF card quit working properly in the camera that the photos were being taken in. I then moved the card to the only CF reader I had and it wouldn't read properly there either.
I'm assume what you are refering to is the different types of CF media? I know there are about four or five different ones.
Comments
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
From what I have read, the full version of FTK v3 is require to test for the ACE, but I'm not 100% sure on that. I haven't looked at the cert info on Access Data's Web site.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Their site claims you need the full version, but I'm wondering if you actually do.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Thanks to everyone who has posted
BS - InfoSec, Drexel University - Summa Cum Laude
I received some great answers from ForensicFocus
Digital Forensics - Forums - General Discussion - Education and Training - ACE Certification exam --- Requires full version?
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
I think I'm going to try for it between semesters. I've been playing with FTK and it's various tools in demo mode. Commercial Forensic tools are incredibly expensive, and I believe FTK is up around $3,000. Unfortunately in my area is there is no university/college teaching digital forensics. This is why I will probably go down to Atlanta for training at Emory University. The nice thing about the CCE Bootcamp besides the hands on training is the free forensic tools you receive.
I found this the other day and found it pretty interesting.
USAJOBS - Search Jobs
Entry level (as long as you have the degree requirements) and they will train you from the ground up. My understanding of the training is as follows:
2 Week A+ Course (must pass or you lose the job)
2 Week Network+ Course (must pass or you lose the job)
(For the above, I don't know if you can bypass the training if you already hold the certs, I'd assume you could, but not 100% sure)
4 Week Course on the forensic tools used by the FBI (obviously you have to pass)
Then it is pretty much on the job training. Pay seems pretty good and the position goes all the way up to GS14. You would be mentored by a senior field examiner and as time goes on given your own case load/assist on various cases.
Note: You'll need to be able to pass the extensive background check. TS-SCI would require a through background investigation (every place you lived, worked, went to school, etc will be checked). Also, you will go through a full scope polygraph exam. This consists of two parts: Counterintelligence (have you ever been apart of a group wanting to overthrow the government, etc) and Lifestyle (have you ever done drugs, etc). Polygraph usually lasts between one to three hours and is interesting to say the least. Time to complete the background check can take up to two years, but usually is completed in three to eight months. The length of time is about 95% dependent on you and how correct your information is. You would repeat this process every 5 years for as long as you are working for the FBI.
Having been through a process like this I can say it is interesting and frustrating at the same time. Also, it gave me faith in privacy laws as when my investigator came to speak to one of my professors the legal team at my college called the investigator and ripped him a new one (something to the effect of they didn't care who he represented he had no right to get information on a student). They then told him to have the professor get on the phone and told him he was not to say a word to the investigator in regards to me. Ultimately, I wrote a letter stating what it was for and we were good to go.
Good luck to anyone who applies and note that the last time they attempted to hire for positions like this they ended up cancelling the anouncement.
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
New book that came out, looks pretty good!
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
My Hard Drive Died Podcast - w/Scott Moulton | Podnutz - Tech Podcasts
SANS Computer Forensics Course Assessment
https://exams.giac.org/exams/overview
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff
This was the best and most thorough review I have ever seen on the EnCE. I really enjoyed it and am hoping I will be able to eventually take the exam as well.
I found Amazon.com: File System Forensic Analysis (9780321268174): Brian Carrier: Books to be a good read and an even greater reference tool.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff
http://csrc.nist.gov/publications/PubsSPs.html
It can be a tad outdated, but still interesting (e.g., Guide to Integrating Forensic Techniques into Incident Response cir. 2006).
Next up: eventually the RHCE and to start blogging again.
Control Protocol; my blog of exam notes and IT randomness
Windows Incident Response: FOSS Tools
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
It certainly is a great tool. I used it yesterday to help recover some photos from a CF memory card. My folks came to see our 8 month old and took about thirty photos. For some reason the FAT table became corrupt and Windows kept asking to format it. After imaging the card I used PhotoRec to carve out the images. I originally wanted to use Androit's tool since I have heard rave reviews, but I'm not up to forking out $999 for something I just want to play with
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
I'm assume what you are refering to is the different types of CF media? I know there are about four or five different ones.