IT Forensics certs

MasterBullfrog

Hello guys,

I'm a senior at the moment and wanted to do as much as possible to further my chances of landing a job by graduation (FALL 2011). My major is in CIS and up until recently I have been debating between Forensics and security/auditing. Is it possible to do both?

I'm going to start a certification program that my school offers which will cover various forensics tools, etc. It's essentially a new Forensics certification offered by my school.

Is there anything else you guys think I should do before graduation? Anything else I can acquire before I'm done? Any other skills or tools I should master?

Priston

I would think most of the Forensics and security/auditing jobs are DoD jobs.

So CompTIA Security+ (2011 Release) would be a nice start
SSCP and CISSP are others to look at aswell

rogue2shadow

I know its extremely hated but the C|EH / C|HFI combo might help you out as well.

ibcritn

It is possible to do both, but typically the roles are separated.

Auditing/Security - learn port scanning, vulnerability scanning which can be a means to an end for a vulnerability assessment (Nessus, Nmap, Retina) are some options of tools.

-Don't get my wrong knowing the tools isn't the only requirement....understand how ports react to various types of TCP/UDP packets. How to calculate risk, etc....don't just play with the tool and think your solid.

- How these terms relate Risk, Vulnerability, Exploit, Threat, Threat agent, Safeguard. Understanding how these terms relate is important.

Forensics - I wouldn't be the best source of information here, but you would want to understand Incident handling/response, cyber laws, how to handle digital evidence. There are a lot of tools for bit for bit backups which is typically what you'll do with evidence (DD is a popular one)

knowledge of all types of systems (Windows, Linux, network technology, IDS/IPS) are all very helpful.

Snort is an extremely popular IDS which most people use in one way or another, so certainly good idea to gain skills with this software.

Start to listen to podcasts like crazy....this can go a long way for knowledge:
www.pauldotcom.com
www.irongeek.com
www.isdpodcasts.com

are some of my favorite sources for podcasts.

Lastly, NIST has a number of documents out which can be very beneficial for your career goals:
NIST SP 800-30 - Risk Management
There are many more you can do some searching and read up one what you find interesting.

JDMurray

Forensics and security auditing in the non-DoD world is referred to as Electronic Discovery (a.k.a., eDiscovery). This is becoming a booming field because of all of the legal requirements for businesses to keep archives of their electronic records, and locate and present them when required to do so by legal actions. The leader in the fields of computer forensics and eDiscovery software is Guidance Software with their EnCase platform.

I'm looking for people interested in computer forensics cert to see if it's worth opening a forum just for discussing them. We've started talking about them here: http://www.techexams.net/forums/security-certifications/61252-computer-forensics-certifications.html

joshmadakor

rogue2shadow wrote: »

I know its extremely hated but the C|EH / C|HFI combo might help you out as well.

Lol, why do people hate the C|EH so much? Is it because its a test on how to be a script child?

Computadora

joshmadakor wrote: »

Lol, why do people hate the C|EH so much? Is it because its a test on how to be a script child?

I believe it is how to be a script kiddie

MasterBullfrog

JDMurray wrote: »

Forensics and security auditing in the non-DoD world is referred to as Electronic Discovery (a.k.a., eDiscovery). This is becoming a booming field because of all of the legal requirements for businesses to keep archives of their electronic records, and locate and present them when required to do so by legal actions. The leader in the fields of computer forensics and eDiscovery software is Guidance Software with their EnCase platform.

I'm looking for people interested in computer forensics cert to see if it's worth opening a forum just for discussing them. We've started talking about them here: http://www.techexams.net/forums/security-certifications/61252-computer-forensics-certifications.html

Thank you!

I was looking at the EnCase cert and realized that it required a couple years experience or 64 hours of training. Is it possible that I can attain the training somewhere and take the exam without the job experience? My adviser said no, but perhaps there is a way.

ibcritn wrote: »

It is possible to do both, but typically the roles are separated.

Auditing/Security - learn port scanning, vulnerability scanning which can be a means to an end for a vulnerability assessment (Nessus, Nmap, Retina) are some options of tools.

-Don't get my wrong knowing the tools isn't the only requirement....understand how ports react to various types of TCP/UDP packets. How to calculate risk, etc....don't just play with the tool and think your solid.

- How these terms relate Risk, Vulnerability, Exploit, Threat, Threat agent, Safeguard. Understanding how these terms relate is important.

Forensics - I wouldn't be the best source of information here, but you would want to understand Incident handling/response, cyber laws, how to handle digital evidence. There are a lot of tools for bit for bit backups which is typically what you'll do with evidence (DD is a popular one)

knowledge of all types of systems (Windows, Linux, network technology, IDS/IPS) are all very helpful.

Snort is an extremely popular IDS which most people use in one way or another, so certainly good idea to gain skills with this software.

Start to listen to podcasts like crazy....this can go a long way for knowledge:
www.pauldotcom.com
www.irongeek.com
www.isdpodcasts.com

are some of my favorite sources for podcasts.

Lastly, NIST has a number of documents out which can be very beneficial for your career goals:
NIST SP 800-30 - Risk Management
There are many more you can do some searching and read up one what you find interesting.

Thanks again! I had been meaning to ask for some good podcasts to listen to in the car.

I've been playing around with BT4 and came to learn quite a bit from it, prior to it I had never even touched Linux before but I feel comfortable with it now and at the same time I'm still learning more.

Everything you stated is the same thing a Foundstone consultant told me a few months ago, thanks for the information.



Btw, do you guys know if the above stated certifications can be attained without job experience? I would like to do these while still finishing up my undergrad.

white96gt

It would be awesome if with only a college degree and a cert you could get into a specialized computer field like forensics and security. I would start out on a certificate route going through either CISCO, Microsoft or since you said you are starting to get comfortable with Linux you could go for the Linux+. Experience is key and your probably going to have to start out like most people by working help desk/support. I would start looking for some type of entry level job in computers now before you graduate.

Priston

MasterBullfrog wrote: »

Btw, do you guys know if the above stated certifications can be attained without job experience? I would like to do these while still finishing up my undergrad.

I've seen people get the CompTIA security+ exam in less than a month with no job experience.

All the other exams will be doable without experience but will take some time.

JDMurray

MasterBullfrog wrote: »

Thank you!

I was looking at the EnCase cert and realized that it required a couple years experience or 64 hours of training. Is it possible that I can attain the training somewhere and take the exam without the job experience? My adviser said no, but perhaps there is a way.

Yes, the training and experience is EITHER/OR, so you can take the written and practical exam with only the training under your belt.

EnCase training is normally acquired at Guidance Software's offices in Pasadena, CA, or at a forensics symposium, like CEIC. Guidance is also currently providing EnCase training through Cal State Fullerton University Extension classes. And yes, anyway you look at it, the training is expensive.

eansdad

AccessData (Forensics Tool Kit) also has a cert series. I think FTK and EnCase are the big programs for forensics. Also Helix from e-fense seems pretty good.

MasterBullfrog

Priston wrote: »

I've seen people get the CompTIA security+ exam in less than a month with no job experience.

All the other exams will be doable without experience but will take some time.

Awesome, I'm checking it out and it seems possible. I will have lots of free time this summer to study.

JDMurray wrote: »

Yes, the training and experience is EITHER/OR, so you can take the written and practical exam with only the training under your belt.

EnCase training is normally acquired at Guidance Software's offices in Pasadena, CA, or at a forensics symposium, like CEIC. Guidance is also currently providing EnCase training through Cal State Fullerton University Extension classes. And yes, anyway you look at it, the training is expensive.

This is good to know as I'm at Cal Poly Pomona, literally a hop and a skip away. What you're saying is they offer EnCE training there?

So far, I'm debating on Security +, CHFI, CEH.

Does that sound good to you guys?

JDMurray

MasterBullfrog wrote: »

This is good to know as I'm at Cal Poly Pomona, literally a hop and a skip away. What you're saying is they offer EnCE training there?

Cal State Fullerton is about 30 miles down the 57 from Cal Poly Pomona. But you'd have to continue down to the CSUF Garden Grove campus to take the CSUF Extension EnCase classes.

There is a forensics class offered at CSPU Pomoa and by the extension program, but I don't believe it qualifies as official EnCase training.

MasterBullfrog

JDMurray wrote: »

Cal State Fullerton is about 30 miles down the 57 from Cal Poly Pomona. But you'd have to continue down to the CSUF Garden Grove campus to take the CSUF Extension EnCase classes.

There is a forensics class offered at CSPU Pomoa and by the extension program, but I don't believe it qualifies as official EnCase training.

Thanks for the information, I'm currently taking the forensics class at Pomona.

As soon as I'm done with this one I'm going to call over there and find out more. One last thing, I see that the Security+ exam has changed to 301; aside from that, pursuing that later on down the year is a good idea, no?