Computer Forensics Certifications

JDMurray

veritas_libertas wrote: »

I'm assume what you are refering to is the different types of CF media? I know there are about four or five different ones.

No, I'm talking about using the same media with different readers doesn't always work.

I've been told by digital forensic people who work a lot with media cards that not every media card works with every media reader that fits that card. Over the years there have been changes made in how Compact Flash devices are manufactured, and this has caused newer media not to work with some older readers or devices. There are also "shoddy" media readers that are not electronically capable of reading the same type of card from every manufacturer.

To mitigate this, digital forensics people must carry a variety of different readers for the same types of flash media to verify if the media is truly bad/damaged, or if the first reader they tried isn't compatible with the media.

veritas_libertas

I'm glad you brought that up since I have never heard of it before. Thanks for the info!

veritas_libertas

For those interested, Eric Huber posted on G+ that Champlain College now has an online or in-class Master of Science in Digital Forensic Science. The program will not be available until Fall of 2012.

Master of Science in Digital Forensic Science | Graduate Studies

Champlain College's newest graduate program, the Master of Science in Digital Forensic Science, to launch in fall 2012, is designed for full- and part-time students with experience in the industry who want to develop their scientific expertise. In a field with few graduate-level opportunities, Champlain's program, developed with input from practitioners in law enforcement, private practice and defense, meets a demand for specialized education.

The college was one of the first higher education institutions to offer an undergraduate degree in digital forensics. The new master's degree builds on Champlain's reputation for innovation in digital forensics education and complements our undergraduate offerings and master's program in Digital Forensics Management. Champlain's Digital Forensic Science program will be among the first in the nation to meet the requirements of the American Academy of Forensic Sciences. The college is recognized as an educational center of excellence in information security by the Department of Homeland Security and the National Security Agency.

shellersperk

Working on preparation to take the CCFE exam, cant seem to find any kind of test preparation materials out there. Can anybody point me in the right direction?

JDMurray

shellersperk wrote: »

Working on preparation to take the CCFE exam, cant seem to find any kind of test preparation materials out there. Can anybody point me in the right direction?

Looking on the IACRB's Web site, I don't see anything about training classes or exam prep materials for the CCFE. It looks like you'll have to email or call (exams@iacertification.org or +1.708.660.0721) and ask. Be sure to post back here when you get an answer.

Why does the CCFE strike your fancy?

YuckTheFankees

JD,

When I try and look at your EnCE review, it says I don't have access to the page...do you know why that is?

JDMurray

YuckTheFankees wrote: »

JD,

When I try and look at your EnCE review, it says I don't have access to the page...do you know why that is?

Give it a try now...

YuckTheFankees

It work's now, thanks a lot. I might have some questions about the EnCE after I read your review.

JDMurray

YuckTheFankees wrote: »

It work's now, thanks a lot. I might have some questions about the EnCE after I read your review.

No prob, anytime.

And let me know if the blog give you anymore trouble. We're, ah, tinkering with it a bit right now.

YuckTheFankees

JD,

Why do you think the EnCE is the most well known CF cert?

In your opinion, what is the best CF cert to get?

idr0p

I would say the CCE is the best for non law enforcement if you are LE the CFCE is the cert to get. EnCE is high up there but it is a vendor issued cert so unless you are in a Encase shop it may raise questions from clients.

-- edit CFCE is open to the general public now. you just need to get a BG check.

JDMurray

YuckTheFankees wrote: »

Why do you think the EnCE is the most well known CF cert?

Because Guidance Software Inc (GSI) has put a lot of money into marketing their EnCase product, which has caused EnCase to be regarded as the #1 CF analysis application. It follows that the cert which proves the bearer is an experienced CF person competent to use EnCase would increase in popularity with CF people and in value with hiring managers as well. It's debateable if FTK 3 (with its ACE cert) is now a better product than EnCase 6--which may be true--but EnCase still holds the brand name recognition.

YuckTheFankees wrote: »

In your opinion, what is the best CF cert to get?

It depends on a several factors, including what kind of CF job(s) you are looking for, if you already have professional CF or law enforcement experience (required for many CF certs), and how much you are willing to spend (CF certs get pricey, esp when you throw in mandatory training classes). Look for postings of the kinds of CF jobs interest you and see what certs/education/experience are being asked for. You also need to consider how far you want to go in a CF career. You'll get tired of the $15/hr, "white lab coat guy" jobs pretty quickly.

And as always, if you have never actually worked in CF, take some classes and talk to professional CF people, especially lawyers and law enforcement. People are often surprised how little of a CF career involves high-tech and how much it does involve the legal system, writing reports, and testifying in court. You also need a spotless background and near-flawless detail to work, as everything you claim in your reports will be attacked by opposing attorneys--including your personal morals and ethics. So be careful what you post on FB and Twitter. If you've already posted "Me with my favorite beer bong" pictures and a "Why I think I should pay no taxes" online rant, you are already of no use to CF, although you might get some "white lab coat guy" jobs doing eDiscovery.

YuckTheFankees

What are the different types of CF jobs? (e-discovery, IR team, CF assessor?)

the_Grinch

I think ACE will be making a bigger push in the market this coming year. A professor of mine just completed it and had some good things to say.

YuckTheFankees

Do you happen to know how much their forensic course's are? They have a PDF showing all the courses they have, but no prices...

JDMurray

They probably want you to contact them for prices. They also have classes at their CF conference, CEIC 2012, which is in LV this year.

YuckTheFankees

I called them last week, but they've been a little slow getting back to me.

In the beginning of the December I really got interested with CF, so I started studying for the CHFI but I've come to realize there is no market for the CHFI. I've looked at a couple hundred CF postings, and 99% of them do not mention the CHFI. I understand the CHFI is mostly basic CF material, but literally no company is looking for someone to have it.

From over the past 2 weeks and looking at a lot of job postings, I found this was the order of the most wanted certifications.

1. EnCE
2. ACE
3. CCE
4. GCFA
5. CFCE
6. GCIH
7. QSA

Right now I'm debating whether to start studying for the EnCE, ACE, or CCE. EnCE would cost roughly around 3600 ( Training from their website (64 hours worth)= 3400.00 + 200 for the exam). CCE would cost roughly 3300 (Bootcamp = 2900.00 + Exam= 395.00). ACE would cost around ?. The exam is free but I would like to take the ACE Bootcamp and Windows XP forensic course (the two courses they suggest to take for the ACE exam). So most likely the ACE training will be the cheapest, but it might be worth the money to get the CCE or EnCE.

JDMurray

That's a lot of money to spend for something that you are only interested in. Are you thinking of getting using certs to get into a CF job? What kind of CF jobs/companies are in your geographical area? And can you relocate to take a CF job?

YuckTheFankees

Sorry I didn't go into further detail. I'm very interested in obtaining a CF job and I'm willing to relocate without a doubt. I live in the Boulder/Denver area. In the past 2 months or so, I've met a couple of awesome guys in the pentesting/ CF field in my area. One of the guys is moving to the East coast for a CF job and once he passes the background check, he's going to put my name in with the guy he has been interning with the past 18 months. The other guy said he could get me an interview with his company if I obtain a couple CF certs. So I have a chance to get a CF internship by the end of JAN, and maybe an actual job after the 1st quarter.

With those opportunities presenting themselves, I definitely think obtaining CF certs is a good idea at this point. I'm leaning towards getting the EnCE then CCE (just because EnCE is more well known).

JDMurray

YuckTheFankees wrote: »

The other guy said he could get me an interview with his company if I obtain a couple CF certs. So I have a chance to get a CF internship by the end of JAN, and maybe an actual job after the 1st quarter.

OK, well, a couple of things to consider are that CF certs are not quick to get if you don't already have the requisite CF work experience. The professional experience is not only a requirements of many CF certs, but it's the hands-on understanding that you need to pass the CF exams (both written and practical). Even certs that accept classroom work in lieu of professional experience (e.g., EnCE) will require weeks or months to complete because of the need to complete the classes first. Another problem is that you have never worked in CF before and really have no idea if you will like it. So make sure you know the details of what a job's duties and responsibilities are. Many subjects that are interesting to study as a hobby by yourself are not necessarily fun to do for a living with other people.

YuckTheFankees

I've already started using FTK, WinHex, and other open source tools. Along with reading a great amount of books so far..

http://www.amazon.com/Windows-Forensic-Analysis-Toolkit-Second/dp/1597494224/ref=sr_1_14?ie=UTF8&qid=1325549900&sr=8-14

Amazon.com: Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry (9781597495806): Harlan Carvey: Books

Amazon.com: Computer Forensics JumpStart (9780470931660): Michael G. Solomon, K Rudolph, Ed Tittel, Neil Broom, Diane Barrett: Books

and half of http://www.amazon.com/System-Forensic-Analysis-Brian-Carrier/dp/0321268172/ref=pd_sim_b_2

So I have been able to understand and learn a great amount of information in the past month or so. But you're right that I dont have any actual experience, so I dont know for sure if I'll like it....but I do know I zip through CF books because I find them very interesting.

I'm most likely going to wait and see if I get the internship because if I do, Ill definitely spend the money on training. Even if I dont get the internship, I'll most likely try EnCase's computer forensic 1 course..just to see how it.

YuckTheFankees

When you took the part 1 for EnCE...did you remember a lot of the stuff you learned from your actual class or did you have to use a lot of other resources? I know you said the EnCE book edition 2, was a helpful resource.

JDMurray

The classes I took were based largely on the book, so I would have to say both the book and the classes were useful for the written (online) exam. The classes were essential for me passing the practical exam, as I have no actual CF work experience to give me understanding of how to tackle (triage, analysis, report writing) the practical.

YuckTheFankees

Did you take the EnCE exam just to widen your horizon's? or would you like to move over to the CF field?

Since you didn't have CF experience, did you find the EnCE exam difficult?

JDMurray

YuckTheFankees wrote: »

Did you take the EnCE exam just to widen your horizon's? or would you like to move over to the CF field?

Like many technical people, I am very interested in CF. Because having CF skills is relevant to my job, I had a chance to take some very good classes at a local university taught by instructors from the FBI and GSI and funded by my employer. As I learned about what working in CF is really all about, I decided that I would like to try CF for a living and applied for the few jobs in my area I could find. The interviews I had showed me that I could work and be valuable in a CF environment, but also that CF jobs tended not to pay well (at least compared to what I could get as a software engineer). I've since scrapped my CF dreams and now work as a security ops guy in a NOC. Network Forensics (NF) is where I'm at now, baby!

YuckTheFankees wrote: »

Since you didn't have CF experience, did you find the EnCE exam difficult?

I found the practical exam difficult, but because of the EnCase hands-on classroom training, I also found it very familiar work. My final report was much more detailed, complete, and useful to a prosecuting attorney thanks to what I learned in the classes. The EnCE book has no real information on writing a useful report, other than how to use EnCase v6's bookmarking feature.

Ah, I just realized that the EnCase v6 exam is no longer offered, and the current exam is only for EnCase v7. I'm guessing it's the same type of exam (both written and practical), but performed using EnCase v7 only. v7 has some report writing tools that go far beyond the bookmarking of v6, so you really need some quality time learning how to use EnCase v7 before taking the EnCE v7 exam. All that being said, the Sybex EnCE v6 book still contains a lot of good information, but it (obviously) won't show you how to use EnCase v7.

YuckTheFankees

What salary range were you getting offered for the CF jobs?

JDMurray

YuckTheFankees wrote: »

What salary range were you getting offered for the CF jobs?

I never got to the offer stage, but the listed ranges in the job descriptions were $60-92K for Southern California. A big problem for me was that people with experience were much preferred, because they would require less training (i.e., less department budget required to make a new CF examiner productive). Kids graduating now with CS/CIS degrees would kill for a CF job starting at $65K, but they'd never get hired in this economy.

YuckTheFankees

JDMurray wrote: »

As I learned about what working in CF is really all about, I decided that I would like to try CF for a living and applied for the few jobs in my area I could find.

What exactly made you think about working in the CF field?

veritas_libertas

JDMurray wrote: »

I never got to the offer stage, but the listed ranges in the job descriptions were $60-92K for Southern California. A big problem for me was that people with experience were much preferred, because they would require less training (i.e., less department budget required to make a new CF examiner productive). Kids graduating now with CS/CIS degrees would kill for a CF job starting at $65K, but they'd never get hired in this economy.

Is this because they were entry-level, or is that normal pay for a forensic examiner in SOCAL? Also, were they internal examiner positions or for a company that specializes in forensics?

JDMurray

YuckTheFankees wrote: »

What exactly made you think about working in the CF field?

Looking for something to do other than software development, and CF is something I've always flirted with but never had an opportunity to really experience. I had to try it on for size to decide if it's something I would want to do for a living.

veritas_libertas wrote: »

Is this because they were entry-level, or is that normal pay for a forensic examiner in SOCAL? Also, were they internal examiner positions or for a company that specializes in forensics?

All different kinds of CF and eDiscovery jobs. Working for legal firms combing through docs and email, traveling tech that images systems on-site for later analysis, "white coat" forensics lab specialist, and forensics examiner for a public office (i.e., law enforcement). SoCal is a really expensive place to live, so the salaries are usually higher than most other places.