Computer Forensics Certifications
Comments
-
JDMurray Admin Posts: 13,101 AdminCongrats JD!
-
JDMurray Admin Posts: 13,101 Adminveritas_libertas wrote: »Do you think the training you took prepared you enough?veritas_libertas wrote: »By the way, I don't know if you have the answer for this or not but, do you know if you need the full version of FTK to take the ACE exam?
-
veritas_libertas Member Posts: 5,746 ■■■■■■■■■■Mostly, but not 100%. I still need to Google and thumb through my forensics books for most of the questions. I'm actually learning a lot about EnCase by taking this exam.
From what I have read, the full version of FTK v3 is require to test for the ACE, but I'm not 100% sure on that. I haven't looked at the cert info on Access Data's Web site.
Their site claims you need the full version, but I'm wondering if you actually do. -
JDMurray Admin Posts: 13,101 AdminAre you on LinkedIn? Try asking in one of the computer forensic discussion groups that has FTK discussions. I vaguely remember reading something about FTK v3 and the ACE cert.
-
core22 Member Posts: 27 ■□□□□□□□□□Wow, somehow I missed this thread! So many great links - many bookmarked for later review as there's only so many hours...
Thanks to everyone who has postedCISSP | GPEN | GWAPT | GCIH | CEH | CHFI | Security+
BS - InfoSec, Drexel University - Summa Cum Laude -
veritas_libertas Member Posts: 5,746 ■■■■■■■■■■Are you on LinkedIn? Try asking in one of the computer forensic discussion groups that has FTK discussions. I vaguely remember reading something about FTK v3 and the ACE cert.
I received some great answers from ForensicFocus
Digital Forensics - Forums - General Discussion - Education and Training - ACE Certification exam --- Requires full version? -
JDMurray Admin Posts: 13,101 AdminThat is a good thread. I'm surprised that the ACE cert would allow the exam candidate to use any other tools than FTK itself. Isn't the ACE to certify the candidate's competency with using FTK? The EnCE is certainly that for EnCase.
-
veritas_libertas Member Posts: 5,746 ■■■■■■■■■■That is a good thread. I'm surprised that the ACE cert would allow the exam candidate to use any other tools than FTK itself. Isn't the ACE to certify the candidate's competency with using FTK? The EnCE is certainly that for EnCase.
I think I'm going to try for it between semesters. I've been playing with FTK and it's various tools in demo mode. Commercial Forensic tools are incredibly expensive, and I believe FTK is up around $3,000. Unfortunately in my area is there is no university/college teaching digital forensics. This is why I will probably go down to Atlanta for training at Emory University. The nice thing about the CCE Bootcamp besides the hands on training is the free forensic tools you receive. -
the_Grinch Member Posts: 4,165 ■■■■■■■■■■Should be noted that the job posting closes tonight at midnight, hadn't realized that or I would have posted sooner!
I found this the other day and found it pretty interesting.
USAJOBS - Search Jobs
Entry level (as long as you have the degree requirements) and they will train you from the ground up. My understanding of the training is as follows:
2 Week A+ Course (must pass or you lose the job)
2 Week Network+ Course (must pass or you lose the job)
(For the above, I don't know if you can bypass the training if you already hold the certs, I'd assume you could, but not 100% sure)
4 Week Course on the forensic tools used by the FBI (obviously you have to pass)
Then it is pretty much on the job training. Pay seems pretty good and the position goes all the way up to GS14. You would be mentored by a senior field examiner and as time goes on given your own case load/assist on various cases.
Note: You'll need to be able to pass the extensive background check. TS-SCI would require a through background investigation (every place you lived, worked, went to school, etc will be checked). Also, you will go through a full scope polygraph exam. This consists of two parts: Counterintelligence (have you ever been apart of a group wanting to overthrow the government, etc) and Lifestyle (have you ever done drugs, etc). Polygraph usually lasts between one to three hours and is interesting to say the least. Time to complete the background check can take up to two years, but usually is completed in three to eight months. The length of time is about 95% dependent on you and how correct your information is. You would repeat this process every 5 years for as long as you are working for the FBI.
Having been through a process like this I can say it is interesting and frustrating at the same time. Also, it gave me faith in privacy laws as when my investigator came to speak to one of my professors the legal team at my college called the investigator and ripped him a new one (something to the effect of they didn't care who he represented he had no right to get information on a student). They then told him to have the professor get on the phone and told him he was not to say a word to the investigator in regards to me. Ultimately, I wrote a letter stating what it was for and we were good to go.
Good luck to anyone who applies and note that the last time they attempted to hire for positions like this they ended up cancelling the anouncement.WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
JDMurray Admin Posts: 13,101 AdminHere's a bit of "Friday Fun" for CF people: Computer forensics myths?
-
JDMurray Admin Posts: 13,101 AdminFor people interested in how the EC-Council CHFI cert compares against other CF certs more well recognized in the CF world: CHFI Versus CCE Certification
-
the_Grinch Member Posts: 4,165 ■■■■■■■■■■Book Review: Digital Evidence and Computer Crime - Slashdot
New book that came out, looks pretty good!WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
JDMurray Admin Posts: 13,101 AdminThat book is a classic in computer forensics, and the 3rd edition was released May 2011.
-
veritas_libertas Member Posts: 5,746 ■■■■■■■■■■This podcast is more focused on data recovery than forensics, but I love the way it digs deep into how HDDs work and communicate.
My Hard Drive Died Podcast - w/Scott Moulton | Podnutz - Tech Podcasts -
JDMurray Admin Posts: 13,101 AdminSANS has an online Windows computer forensic exam to assess if you need to take their FOR408 course or you can skip to their FOR508 course. The exam is 46 questions and with a 120-minute time limit. You will need an account on the sans.org Web site to access the exam. And you better know your CF stuff concerning Windows Vista and 7, otherwise you'll be doing a lot of guessing (like I did).
SANS Computer Forensics Course Assessment
https://exams.giac.org/exams/overview -
JDMurray Admin Posts: 13,101 AdminOK people, I am now EnCE-certified; here's my blog article to provide you all with the experience: The EnCase Certified Examiner (EnCE) Certification Experience – The Practical Exam | TechExams.net Blogs
-
the_Grinch Member Posts: 4,165 ■■■■■■■■■■Congrats JD and great write up!WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
veritas_libertas Member Posts: 5,746 ■■■■■■■■■■OK people, I am now EnCE-certified; here's my blog article to provide you all with the experience: The EnCase Certified Examiner (EnCE) Certification Experience – The Practical Exam | TechExams.net Blogs
This was the best and most thorough review I have ever seen on the EnCE. I really enjoyed it and am hoping I will be able to eventually take the exam as well. -
Devilsbane Member Posts: 4,214 ■■■■■■■■□□That book is a classic in computer forensics, and the 3rd edition was released May 2011.
I found Amazon.com: File System Forensic Analysis (9780321268174): Brian Carrier: Books to be a good read and an even greater reference tool.Decide what to be and go be it. -
JDMurray Admin Posts: 13,101 AdminDevilsbane wrote: »I found Amazon.com: File System Forensic Analysis (9780321268174): Brian Carrier: Books to be a good read and an even greater reference tool.
-
the_Grinch Member Posts: 4,165 ■■■■■■■■■■http://www.us-cert.gov/reading_room/forensics.pdf Was doing some research and found this paper from USCERT. Contains some great information for people looking to get into forensics and for IT people in general.WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
onesaint Member Posts: 801I like the NIST's 800 series publications. There is some good reading in there:
http://csrc.nist.gov/publications/PubsSPs.html
It can be a tad outdated, but still interesting (e.g., Guide to Integrating Forensic Techniques into Incident Response cir. 2006).Work in progress: picking up Postgres, elastisearch, redis, Cloudera, & AWS.
Next up: eventually the RHCE and to start blogging again.
Control Protocol; my blog of exam notes and IT randomness -
notnow Member Posts: 7 ■□□□□□□□□□For the ACE you can get by with version 1.8, but you need a dongle to complete the test as you have to crack passwords and review some history in the image they provide. When you recertify, you will have to answer detailed questions about version 2.2 and up. You can download all versions of FTK but they are limited, I suggest you borrow a dongle from someone with a fully licensed copy or enroll in a course where they use AccessData products. I received my ACE certification last March and my Cybersecurity Forensics Analyst certification last April.
-
veritas_libertas Member Posts: 5,746 ■■■■■■■■■■Harlan Carvey just created a page on his blog, with a list of FOSS tools for forensic analysis:
Windows Incident Response: FOSS Tools -
JDMurray Admin Posts: 13,101 AdminIt's not surprising that FTK Imager is on the top of that list. It's an excellent free tool for imaging electronic media, which is usually the first step in performing a forensic examination of an information storage system.
-
veritas_libertas Member Posts: 5,746 ■■■■■■■■■■It's not surprising that FTK Imager is on the top of that list. It's an excellent free tool for imaging electronic media, which is usually the first step in performing a forensic examination of an information storage system.
It certainly is a great tool. I used it yesterday to help recover some photos from a CF memory card. My folks came to see our 8 month old and took about thirty photos. For some reason the FAT table became corrupt and Windows kept asking to format it. After imaging the card I used PhotoRec to carve out the images. I originally wanted to use Androit's tool since I have heard rave reviews, but I'm not up to forking out $999 for something I just want to play with -
JDMurray Admin Posts: 13,101 AdminNot every CF card works in every reader, even though it may fit correctly in the slot. Next time I would try the card in several different reader devices before assuming the CF's disk volume or media had become corrupt.
-
veritas_libertas Member Posts: 5,746 ■■■■■■■■■■It's my fault for not being more specific. The CF card quit working properly in the camera that the photos were being taken in. I then moved the card to the only CF reader I had and it wouldn't read properly there either.
I'm assume what you are refering to is the different types of CF media? I know there are about four or five different ones.