IT Forensic "best" cert path

ch1vas

Hi all,

after completing my CCNA and Security+ I'm now studying for the CCNA Security. I have thought a lot about which way I want to head. All I knew is that I want to become an IT Security Professional but didn't know which part of IT Security I like the most. I'm almost certain now that I want to go for IT Forensics jobs. Fortunately we have a few job openings at our local Police station every now and then.

I looked at study programs but 1. I can't afford it and 2. I'm sure I can get certified through self studying like I did for CCNA and Security+ and safe the money which I probably would have to ask a bank for anyways.

So, which certifications would you recommend to get if you'd want to get a job in the IT Forensics field?

Not sure if this will make any difference but I'm already an IT professional with a Computer Science degree and more than 10 years of experience.

Thanks,

***EDIT***

Maybe this would be a good starting point:
http://www.giac.org/certification/certified-forensic-analyst-gcfa
?

Master Of Puppets

ch1vas wrote: »

Not sure if this will make any difference but I'm already an IT professional with a Computer Science degree and more than 10 years of experience.

That's huge. For forensics, it is very important to have the right background. Since you are asking specifically about certs, I'm not going to expand on the whole forensics subject. I think CHFI would be a good start for getting familiar with the subject. However, if you already have some knowledge you may want to skip it. You seem to have your eye on the GIAC certs which are great IMO. I think you should look into the ones SANS offers. The SANS+GIAC combo will be pretty nice to have for a forensics career on the cert side.

docrice

I don't do traditional host forensics as part of my work, but my impression about the field is that GIAC forensics certs might not make much of a difference from a resume perspective. The training may be very valuable, however, and it might be good to get certified in the specific tool(s) which an organization uses (such as EnCase). We've discussed the topic of forensics careers before. Search this forum for past threads.

the_Grinch

Have you contacted the police department you're interested in to see what exactly they look for? At the very least I would call and find out what software they use. From there I would certify in that tool so that you are ready. Forensics is tough because the legal background is as important (if not more important) then the technology background. Also, be prepared as you might be required to attend the police academy. I saw a posting not too long ago for a forensics position in Florida and they wanted someone certified as a peace officer for the position (or be able to complete the academy). From there I would join the HTCIA as that will put you in contact with a lot of local law enforcement people and private sector people who are doing forensics work. You'll find in law enforcement having connections is sometimes that little extra to push you over the edge.

010101

I've been doing forensics for a while. From what I've seen, the EnCE is the only cert that people really pay attention to.
All the SANS stuff blends together. Is the GIAC an entry level cert, a security cert, a management cert. It's like they're all the same.
The eccouncil stuff(CEH, CHFI, etc) isn't respected from what I've seen.

GarudaMin

010101 wrote: »

I've been doing forensics for a while. From what I've seen, the EnCE is the only cert that people really pay attention to.
All the SANS stuff blends together. Is the GIAC an entry level cert, a security cert, a management cert. It's like they're all the same.
The eccouncil stuff(CEH, CHFI, etc) isn't respected from what I've seen.

What about AccessData? I thought EnCE and AccessData are the two big players in forensics (AccessData may be more popular with law enforcement but I don't know for a fact though, just speculating based on pricing and licensing. EnCE is very expensive and I don't think law enforcements can afford it for every office across the US. If they do, then they are wasting taxpayer money.)

JDMurray

ch1vas wrote: »

So, which certifications would you recommend to get if you'd want to get a job in the IT Forensics field?

This is a question that should be asked of the managers who are hiring people for digital forensics work. What certs are asked for in the job posting of the digital forensics positions that you find most appealing?

010101 wrote: »

I've been doing forensics for a while. From what I've seen, the EnCE is the only cert that people really pay attention to.

I have the EnCE and I never get hit up by recruiters or hiring managers for forensics work, mostly because I don't have that kind of digital forensic work experience on my resume.

ch1vas

Thanks for all the advice. I've sent them an email and requested some contact details. The problem is they don't post the job openings. You can just send your resume and if they see fit for you they'll contact you.
Thus I want to polish my resume and maybe add a cert or two (forensics related) before I send it.

Well, lets see if I get some contact details to dig a bit further and find out what they like seeing on resumes.

010101

GarudaMin wrote: »

What about AccessData? I thought EnCE and AccessData are the two big players in forensics (AccessData may be more popular with law enforcement but I don't know for a fact though, just speculating based on pricing and licensing. EnCE is very expensive and I don't think law enforcements can afford it for every office across the US. If they do, then they are wasting taxpayer money.)

I'm not sure about that one. I know FTK software is big, I just don't know anyone who uses it at work.
I've worked with police, SEC, and FBI and they all used EnCase.
Also in EnCase class I was 1 of 2 people who wasn't some sort of cop.
Some people in class had guns on them. Kind of crazy.

JDMurray wrote: »

I have the EnCE and I never get hit up by recruiters or hiring managers for forensics work, mostly because I don't have that kind of digital forensic work experience on my resume.

Really this goes to the OP. From what I've seen, Forensics doesn't have as many open jobs as you would think and they make FAR less money than you would think. Check out salary.com and see if that scares you off.
Also, a lot of people in forensics end up working to prosecute child ****. That is a **** job.
I only do forensics as a third job for financial cases.

As far as getting lesser certs. IMO, why waste 12 months on a lesser cert when you can have the best with a little more effort?

.

the_Grinch

Also, find out if the department has a Reserve Deputy program. A lot of states have this and while it won't get you doing forensics, it will get you some legal background, a background check, and a chance to get to know officers within the department.

JDMurray

010101 wrote: »

Also, a lot of people in forensics end up working to prosecute child ****. That is a **** job.

Actually, only Law Enforcement and the FBI work with CP. Any other forensics people (private, commercial, military, etc.) running across CP are to immediately turn their investigation over to legal authorities.