Computer Forensic certs and career...

YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
Over the past couple of months I've been networking a little more and I've met a couple security professionals. One of them I met for lunch the other day and he said..we need computer forensic people bad, if you get a couple of forensic certs, I could get you into our company... So of course I was like hell yeah, I might actually have a foot in the security door. Pentesting was my 1st choice, but computer forensic is a close second.

So now I have a couple questions about the field...google didn't help too much.

- Certs: The certs I know of are CHFI, EnCE, GCFA, CDFE (mile2), CCE... Can someone give me there opinion on which one's are the best to get? (From my research GCFA, EnCE, CHFI)

- Who's in the field? Do you like your job?

- How is the career outlook?

- Any other info would be great

YTF

Comments

  • ipchainipchain Member Posts: 297
    I believe it's important for you to take what other people say with a grain of salt. While some people may tell you that they might 'get you into their company', unless they are making the hiring decision, that is very unlikely to happen. Yes, they may put in a good word for you so that you can interview at their company, but the hiring manager has the final say on who is getting hired and who isn't.

    While there is a shortage of experts on computer forensics, I highly doubt getting 'XYZ' certification will get you hired. There is a misconception in the IT field in that if you go for 'XYZ' certification, you'll land a great job and that could not be farthest from the truth. The truth is, unless you have a proven track record (experience), it is difficult to break into any area as far as IT is concerned. That is not to say that by getting GCFA or any of the aforementioned certifications will not help, but it will certainly take much more than a certification to get hired. You will have to impress the hiring manager with your knowledge and make him/her believe you are the person they are looking for. With that said, I believe you should be ready to be turned down by certain companies; however, I also believe that you should not get discouraged and should keep on trying. There is a company out there for you, it's just a matter of finding it. Persistence is the key, so do not allow anyone to get you down.

    I will now try to answer some of the questions you had. Please take my advice with a grain of salt too as although I am in the 'security' field, I am far from being an expert in computer forensics. With that said, if I were a hiring manager I would look for someone with at least GCFA and EnCE to do forensics, but why you may ask? Well, if you have GCFA that tells me you have a pretty good understanding of the underlying concepts, and EnCE tells me you should be proficient in the use of that tool/application. While someone with these credentials would fall into my 'wishlist' category, I would also consider someone with GCFA, why? Well, quite frankly, that tells me that you are willing to spend big on education to help you in your career, and I am a big advocate of that.

    I will leave the following question up to the experts: "Who's in the field? Do you like your job?". I will say this though - I am yet to find someone complaining about the type of job they are doing and compensation they are getting.

    Career outlook looks very promising. Again, there is a shortage of experts on computer forensics, so this is a field that is not going to go away anytime soon in the near future.
    Every day hurts, the last one kills.
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    I assume you noticed the Sticky including JD's blog post about computer forensics certifications, but just in case, and for anyone else stumbling on this thread from Google or elsewhere:
    http://www.techexams.net/forums/security-certifications/61252-computer-forensics-certifications.html
  • YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    @ ipchain,

    Thank you for your response. I do understand that he can't get me the job for sure, but its definitely worth a shot to do the certifications and see what happens. Also, I know the certs wouldnt make me a pro or expert but I hope it will show employers that I am willing to learn and take steps to become an expert.

    @Webmaster,

    I did read the sticky, it did help a lot as well. Thanks again.
  • ipchainipchain Member Posts: 297
    @ ipchain,
    I do understand that he can't get me the job for sure, but its definitely worth a shot to do the certifications and see what happens. Also, I know the certs wouldnt make me a pro or expert but I hope it will show employers that I am willing to learn and take steps to become an expert.

    Excellent. Getting GCFA cannot hurt, and in this particular case it can actually be of great benefit to you. With that said, if forensics is the way you'd like to go, then I would say go for it and give it a shot.

    Best of luck!
    Every day hurts, the last one kills.
  • JoshsevoJoshsevo Member Posts: 18 ■□□□□□□□□□
    The GCFA is a pretty tough cert to get and youshould plan on getting the GCFE first. GCFA is a bunch of command line Forensics questions and if you don't have expereince with FTK or EnCe then don't plan on maserting the CMD stuff first.

    You and I have spoken on the phone as well on on EH.net so you are aware that I got that job doing Forensics for the DEA. Just waiting to hear back on one small part. I got recruited by them after they found my resume online and showed that I have the experience to get this spot. The intern job that you may get once I leave will be ample enough for you to get in the door and also get hired. Many people look for the Certs that you mentioned and you can get hired with just them. The CCE isn't just a test, it's a 4 part test. Unlike the CHFI. So passing the CCE will allow you to have the tools to complete a case from end to end. There are many more things that you need to know how to do but these can be learned on the job. Not all Forensics cases are multi layer cases where you are looking for hackers, or evidence of things being planted on the HDD.

    The CCE will teach you these things of where to search, how to do it and how to document it properly.

    Good luck passing the EnCe. You need three yrs of experience or take their course. Hell even the guy I intern with doesn't have it. If you get the EnCe you will be hired immediatly as this test is F'n hard.
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    Pentesting was my 1st choice, but computer forensic is a close second.
    Those are two very different professions with very different day-to-day activities. It's sort of like saying that baseball is your first choice, but football is a close second. Maybe you should split the difference and specialize in network forensics. ;)
    - Certs: The certs I know of are CHFI, EnCE, GCFA, CDFE (mile2), CCE... Can someone give me there opinion on which one's are the best to get? (From my research GCFA, EnCE, CHFI)
    You need to ask the hiring manager this question. We're not the ones doing the hiring, so our opinion on "the best computer forensics cert(s)" is little more than academic. IMHO, find out what forensics software the business uses most and get the cert in that (likely either EnCE or ACE).
    Joshsevo wrote:
    Good luck passing the EnCe. You need three yrs of experience or take their course. Hell even the guy I intern with doesn't have it. If you get the EnCe you will be hired immediatly as this test is F'n hard.
    Anyone can take the EnCE courses at any time--even if you have no digital forensics experience. And having the EnCE is no guarantee of a job. In the world of digital forensics, practical hands-on experience is still king. Read my blog article on the EnCE experience:

    The EnCase Certified Examiner (EnCE) Certification Experience - TechExams.net IT Certification Blogs
    The EnCase Certified Examiner (EnCE) Certification Experience - The Practical Exam - TechExams.net IT Certification Blogs
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    You'll probably want to start to focus on whatever OS you plan on doing forensics on. Knowing the ins and outs of the OS, how it accesses the file system, how files change when accessed, etc will be a big requirement. I always laugh when people say how bad the forensic community is hurting for bodies. Anyone who says that and isn't adding "hurting for bodies with experience" should be laughed at. An entire case could be ruined with one piece of tainted evidence and having just a certification will not give you the ins and outs that you need. If you were to look for job postings, you'll be hard pressed to find one that doesn't require experience of some kind.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    @ ipchain,

    GCFA definitely one of the certs I would really like but I might need to do GCFE first...we shall see!

    @ joshsevo,

    Thanks for the feedback, like always lol I only decided GCFA because I've seen more companies ask for that rather than GCFE...but it would be smart to them in order GCFE -> GCFA.

    I'll definitely look into the CCE. I'm just getting use to all the certs for computer forensics, so now I have to learn a little bit more about each..and go from there. The CCE sounds pretty damn hard lol I was hoping the CHFI would give me the basic knowledge, then I could branch out from there.

    I would like to try the EnCE but its pretty damn expensive..

    @ JD

    Yeah they are two different fields, but they both interest me so I'll just have to do a little more research on CF..google isnt that helpful.

    I probably should ask the guy what software his company uses, it would suck if they used FTk and I completed the EnCE lol


    @ thegrinch

    I really like working with linux and I'm probably 65% done studying for the RHCSA..but I read most cases involve windows. So I should probably start mastering windows, then come back to linux.

    I was a little confused with the comment about "hurting for bodies with experience"...were you trying to say there isnt a shortage?


    thanks again!
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    I was saying there is a shortage, but that they want experience. I've spoken with a number of people with Masters degrees in Computer Forensics who still cannot find a job due to the lack of experience. Do they need people? Yes, most definitely, but at the same time most places don't want to just hire people off the street. I am part of the HTCIA and in speaking with people from various law enforcement agencies there is a huge need for people with forensic skills. One gentlemen I know in the private sector does it for a defense contractor and got his daughter interested in forensics. She's currently working on her Masters and with his various connections (plus a school program) she is doing an internship with the State Police.

    Your best bet (if you are really leaning towards forensics) would be to look into some form of forensic education. Preferably at a degree level and then work on getting an internship of some kind. From there add in the certifications while working the internship and once you finish you shouldn't have an issue. I've only found two positions thus far that were entry level for forensics: one was with the FBI and they would train you from the ground up. The other was with a private company and you would just be pulling the data (Evidence Tech) for awhile before you began doing the actually investigation. Like any other security field, experience will be key. Really no different then believing CEH will get you a position as a pentester. It will help, but it isn't the only deciding factor.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    the_Grinch wrote: »
    I was saying there is a shortage, but that they want experience.
    A big reason for this is economic. Experienced examiners will require less training and be productive faster. This is especially true for the hiring in public agencies hurting for budget.
    the_Grinch wrote: »
    I've spoken with a number of people with Masters degrees in Computer Forensics who still cannot find a job due to the lack of experience.
    I'm seeing more of this too on places like LinkedIn. It looks like while the economy is bad people should put off the MSCF because it won't help you get a job. Where it really seems to help is on a CV as credibility to be considered as an expert witness in court, and in the bio for people who want to publish.
    the_Grinch wrote: »
    I've only found two positions thus far that were entry level for forensics: one was with the FBI and they would train you from the ground up.
    Joining the FBI just to learn how to do computer forensics is like joining the military just to learn how to shoot a rifle. icon_lol.gif
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    LOL, I always thought most people did forensics to get into the law enforcement arena. The FBI's program was pretty nice as there were various courses you were required to complete and then you would work under a mentor for a number of months. I do have to laugh at all the different opinions on this subject. I've spoken with IRS Agents, FBI Agents, State Police, and local police...many will say "Oh the technical skills are what matter, we can teach anyone the law side of it." Some private sector people will tell me "Oh the technical side we can teach anyone, it's the law side of it that matters." Ultimately, you have to make your own path to whatever the end goal is. There is no hard and fast rule to it, there is merely your technical ability, experience, and a healthy sprinkling of luck/God/fate/whatever you believe controls your future (or just the pure randomness if those are your thoughts).
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    the_Grinch wrote: »
    LOL, I always thought most people did forensics to get into the law enforcement arena. The FBI's program was pretty nice as there were various courses you were required to complete and then you would work under a mentor for a number of months. I do have to laugh at all the different opinions on this subject. I've spoken with IRS Agents, FBI Agents, State Police, and local police...many will say "Oh the technical skills are what matter, we can teach anyone the law side of it." Some private sector people will tell me "Oh the technical side we can teach anyone, it's the law side of it that matters." Ultimately, you have to make your own path to whatever the end goal is. There is no hard and fast rule to it, there is merely your technical ability, experience, and a healthy sprinkling of luck/God/fate/whatever you believe controls your future (or just the pure randomness if those are your thoughts).

    LOL, that has been my experience as well.
  • EveryoneEveryone Member Posts: 1,661
    I really like working with linux and I'm probably 65% done studying for the RHCSA..but I read most cases involve windows. So I should probably start mastering windows, then come back to linux.
    Well think about it, Windows is still the most commonly used O/S, so being in Computer Forensics, you'd probably have to investigate Windows based systems the most based on that fact alone.

    My very limited experience in the field revolved mostly around gathering evidence off of Windows systems.
  • demonfurbiedemonfurbie Member Posts: 1,819 ■■■■■□□□□□
    i work in the the legal IT world.

    here is a few tips for you

    1. learn linux well most all the tools you will use are based in linux
    2. documentation is your friend everything you do write it down, ive seen others forget to put down 1 step they did and the entire case got tossed out of court.
    3. get ready for long work hours and high stress
    4. make sure you can write reports like your talking to some one who thinks everything on a computer is "the google"
    wgu undergrad: done ... woot!!
    WGU MS IT Management: done ... double woot :cheers:
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    Everyone wrote: »
    Well think about it, Windows is still the most commonly used O/S, so being in Computer Forensics, you'd probably have to investigate Windows based systems the most based on that fact alone.
    Windows is the desktop OS most commonly encoutnered by digital forensics people, and OS X is the second. (I've been told by FBI agents that upwards of 25% of criminal cases involve Macs because they have lots of pre-loaded software and most criminals find them easier to use than Windows.) Linux is rarely encountered on desktops, and more likely to be found on servers. After desktops, portable media devices (cell phones, iPods, tablets, etc.) are the most common devices. Many examiners specialize in only analyzing evidence from portable devices.
  • EveryoneEveryone Member Posts: 1,661
    JDMurray wrote: »
    Windows is the desktop OS most commonly encoutnered by digital forensics people, and OS X is the second. (I've been told by FBI agents that upwards of 25% of criminal cases involve Macs because they have lots of pre-loaded software and most criminals find them easier to use than Windows.) Linux is rarely encountered on desktops, and more likely to be found on servers. After desktops, portable media devices (cell phones, iPods, tablets, etc.) are the most common devices. Many examiners specialize in only analyzing evidence from portable devices.

    Sounds about right. I did have to deal with a few Blackberries as well. Mobile devices will probably be #1 soon.
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    Everyone wrote: »
    Sounds about right. I did have to deal with a few Blackberries as well. Mobile devices will probably be #1 soon.
    Oh you know it. They certainly are used to store information useful as evidence in court cases. Don't personal mobile devices already outnumber desktops+laptops?
  • EveryoneEveryone Member Posts: 1,661
    JDMurray wrote: »
    Oh you know it. They certainly are used to store information useful as evidence in court cases. Don't personal mobile devices already outnumber desktops+laptops?

    I'm sure they do, I just don't have any data handy to back that up.
  • YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    @ demonfurbie,

    From your experience this job entails high stress and long hours?

    @ JD and everyone,

    Do you think the CF field will be a hot career in about 2-10 years because everyone uses computers, PDA's, smartphones..etc and cyber crime continues to be on the rise?
  • demonfurbiedemonfurbie Member Posts: 1,819 ■■■■■□□□□□
    With the work I do its all about finding evidance for court cases, I get calls at leaast once a week from a DA wanting a file on a computer that they are sending to you now and they need it in the morning

    Depending on the system it can be an all nighter then in the morning iafter I've been up all night I'm expected to testify about the file
    wgu undergrad: done ... woot!!
    WGU MS IT Management: done ... double woot :cheers:
  • EveryoneEveryone Member Posts: 1,661
    Do you think the CF field will be a hot career in about 2-10 years because everyone uses computers, PDA's, smartphones..etc and cyber crime continues to be on the rise?

    It will only continue to grow yes. You're thinking a little too narrow here, it isn't just about "cyber crime". A computer or mobile device could provide evidence for any number of crimes. They don't have to be used in the actual committing of the crime to hold valuable information that could solve a case. The more computers, mobile devices, etc. that are in use, the more likely they are to end up as evidence.

    "Crime" is too limiting as well, just look at the definition of the word "forensic". Civil Action is another area. IMHO, "e-Discovery" is a form of Computer Forensics. You could be gathering information from companies involved in a merger or acquisition for the FTC to look at. Documents, e-mails, and any other form of electronic record, from PCs and servers, etc. There's also investigating compliance with various regulations, SOX, HIPAA, etc.
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    Do you think the CF field will be a hot career in about 2-10 years because everyone uses computers, PDA's, smartphones..etc and cyber crime continues to be on the rise?
    CF will become the "hot career" when the economy gets better because CF is expensive. The training is expensive. The equipment and software is expensive. The facilities are expensive. Trained and experienced examiners are expensive. The time in court charged by expert witnesses is expensive. (And so on...)

    Until private and public organizations can afford all of the CF work they need done, there will be a small number of over-worked examiners with jobs and a bunch of us "wannabes" on the outside wanting to get in.

    Learn and train in CF now for the opportunities that will be there in that 2-10 year time frame. If you wait to train until the jobs are available, everybody else who didn't will find CF employment and you will find yourself still waiting.
  • YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    Awesome answers. I might be able to get an internship next month, that would make such a difference..I hope it happens.

    Along with the internship (hopefully)..I hope to pass the CHFI and CDFE (mile 2 cert) by the beginning of Feb. and hopefully take SANS 408 or 508 in March (Orlando). I would feel really good about my career if every one of those things came true over the next 4 months.
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    In regards to mobile forensics, with the lack of certifications and documentation what are everyone's thoughts on gaining experience and working in that area?
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • demonfurbiedemonfurbie Member Posts: 1,819 ■■■■■□□□□□
    the_Grinch wrote: »
    In regards to mobile forensics, with the lack of certifications and documentation what are everyone's thoughts on gaining experience and working in that area?


    i would suggest picking one type of mobile device and learning everything about it, for me it was android

    ios is also a good one

    the best way to learn is to do so see if you can hit ebay for an old iphone 3 or something off contract, update the os hide a file on the phone have some one else lock it and see what it takes to get in to it, same can be said with android
    wgu undergrad: done ... woot!!
    WGU MS IT Management: done ... double woot :cheers:
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    Lots of books on mobile device forensics:

    Amazon.com: iphone forensics
    Amazon.com: android forensics

    There are also a number of mobile device forensics cert. I was writing up a blog article on them, but never finished it.
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    I just noticed that the SANS Investigate Forensic Toolkit (SIFT) Workstation Version 2.1 has "iPhone, Blackberry, and Android Forensic Capabilities" listed as one of its features. Anyone interested in CF should download the ISO (1.5GB) and try it out in VMware Player (free) or Workstation.
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    I have seen the Mobile Forensic books available, but most seemed not as comprehensive as I would have liked. I'd been interested to see what mobile forensic certs are available (wink wink nod nod). I have Mobile Phone Seizure Certification from BKForensics, it was an interesting course.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • listerlister Member Posts: 38 ■■□□□□□□□□
    would forensics typically include working with law enforecement to read someones "deleted" hard drive?
  • YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    Yes, that could definitely be a job function for CF investigator or analyst.
Sign In or Register to comment.