Computer/ Digital Forensics Certification Track

Hi Guys,

I have been thinking for a while that I want to get into computer forensics as its an area that has always fascinated me.

I have looked into doing a degree as I dont have one.

But I am wondering if its something I could get into by doing certs?

If so what would be a good track I.e easiest then building up like you would with theci networking certs?

I.E Net+ CCENT CCNA CCNP CCIE

I live in the UK

Thanks in advance.
Goals for 2013 Network+ [x] ICND1 [x] ICND2 [ ]

Comments

  • McxRisleyMcxRisley Member Posts: 494 ■■■■■□□□□□
    There really aren't very many forensics certs to choose from. The only one I know of is the CHFI from EC-Council.
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    McxRisley is right on the money. You are mainly looking at vendor specific certifications (EnCase, ACE, etc). I'm in mobile forensics, but work with the computer crimes unit and they all maintain certifications in the suite of tools they utilize. Once you have some experience you can look into CCE and CFCE. FBI's program for examiners consists of A+ and Network+ before then getting the forensic related stuff.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • dazl1212dazl1212 Member Posts: 377
    What would be a beginners level cert? I already have my N+ would it be worth pursuing a degree in the subject bearing in mind the financial implications of that?
    Goals for 2013 Network+ [x] ICND1 [x] ICND2 [ ]
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    Ec-Council CHFI is NOT a forensics , do not waste your time


    IF you can afford it or get your employer to pay then SANS GCFE/GCFA are a great choice.

    your other options would be ACE, vendor stuff like EnCase, FTK,....
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


  • dazl1212dazl1212 Member Posts: 377
    Any study guides or courses that aren't thousands of £$?

    Ive just order this https://www.amazon.co.uk/gp/product/0128016353/ref=oh_aui_detailpage_o00_s00?ie=UTF8&psc=1
    Goals for 2013 Network+ [x] ICND1 [x] ICND2 [ ]
  • scascscasc Member Posts: 461 ■■■■■■■□□□
    Try https://www.7safe.com/professional-development/certified-digital-forensics-courses if you are in the UK. They have some really good courses and are endorsed by CREST. You can even obtain a training passport for a good price.
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    The book you selected is probably a good introduction (I haven't read it), but it seems to be a mile wide and an inch thick. The issue being that you can read a book, but your jurisdiction is going to dictate what your processes and procedures will be. Laws vary country to country and in the US, state to state (there are things in my State that the county agencies can do that I am not allowed to and vice versa). As an example, prior to my officially starting with my agency and being trained I started reading a very good book on smartphone forensics. Book was great, but the chapters on procedures, policies and the law was a crapshoot. Somethings my agency did, other's they didn't and maybe a hybrid of things.

    With forensics it is very tough to go through training and then not apply it. The lab and the field are like being on different planets. I'd also suggest looking at job postings in your area and see what companies or agencies are looking for. I've found that most places want someone who is trained and certified already with time under their belt. My last suggestion is truly consider whether this is a field you want to be in. As I've often written, I enjoy the work, but it is very mentally draining when it comes to the things you will have to look at. I've been doing forensics for almost a year and I (along with family and friends) have noticed a difference in my personality. You will most definitely see some truly horrifying things and could be setting next to someone who has committed acts that you wouldn't wish on your worst enemy. I don't know of anything that can prepare someone for it and you will definitely know almost instantly if you can stomach it.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • dazl1212dazl1212 Member Posts: 377
    Thanks Grinch and SCASC I want to do something self paced that I can study from home. I havent really got the money to pay for something like that upfront and havent really got good enough credit to put it on a credit card. Ideally something that will get my foot in the door even if it requires me taking a paycut. A bit like the CCENT helped me change jobs,

    I think I will be OK with the stuff that I will see, granted i havent ever seen a video or picture of child abuse so that could trouble me but I am pretty good at putting things to the back of my mind.

    I want to do something that will help people in some way and forensics and investigation has always interessted me
    Goals for 2013 Network+ [x] ICND1 [x] ICND2 [ ]
  • PC509PC509 Member Posts: 804 ■■■■■■□□□□
    UnixGuy wrote: »
    Ec-Council CHFI is NOT a forensics , do not waste your time


    IF you can afford it or get your employer to pay then SANS GCFE/GCFA are a great choice.

    your other options would be ACE, vendor stuff like EnCase, FTK,....

    Hey! I have the CHFI! Yea, you're right. I REALLY overstudied for that exam. I have my own opinions of EC Council, but try and judge the exams on their own merit. The CHFI is at best an entry level exam that goes over the very basics. Using the networking track analogy from above, I'd put it below the Net+. It's the introduction part of a good book. Just a basic overview. I was very disappointed in the exam.
  • dazl1212dazl1212 Member Posts: 377
    PC509 wrote: »
    Hey! I have the CHFI! Yea, you're right. I REALLY overstudied for that exam. I have my own opinions of EC Council, but try and judge the exams on their own merit. The CHFI is at best an entry level exam that goes over the very basics. Using the networking track analogy from above, I'd put it below the Net+. It's the introduction part of a good book. Just a basic overview. I was very disappointed in the exam.
    Being honest thats what I want right now, but I dont meet the prerequisites I dont think as I havent worked in Security for 2 years, although I guess some of the work I have done could be construed as having security elements involved.

    Dont fancy paying for the classes either if its that simple.
    Goals for 2013 Network+ [x] ICND1 [x] ICND2 [ ]
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    No problem! I will say that my work has been deeply rewarding and if I had to go back I would still make the decision to take the job. I lucked out in that my agency was willing to train. I had been in IT Security for three years (with a degree in Computing Security) so that definitely helped me big time. Plus I had worked with my agency on a joint case in the past so they knew me.

    Personally, I'd aim for a security job with a company that also does some form of forensics or incident response. That would get your foot in the door and then you can go from there into a purely forensic role. Also, look around for jobs in law enforcement. More often than not they'll take someone who is an IT person and put them through computer forensics training because in law enforcement true IT people are hard to find. As an example, there was an officer in my Cellebrite course who got selected by his department because he was able to rename an icon on the Chief's computer. Mind you he was a self taught techie and had a great amount of knowledge, but this is a story I hear variations of every time I meet other investigators. 90% were street guys with aptitude for IT and 10% are IT people who became investigators.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • dazl1212dazl1212 Member Posts: 377
    That makes a lot of sense. I'm going to do the access data ACE exam as its free and pretty simple from the sounds of things and might do the security+ and see if that can get my foot in the door. There also a digital intelligence role with the local police force I'm going to apply for.

    Do you think I should still pursue my degree? Would you say just doing a normal degree would suffice?
    Goals for 2013 Network+ [x] ICND1 [x] ICND2 [ ]
  • dazl1212dazl1212 Member Posts: 377
    I have also signed up to do a degree online in computing and psychology with the open university.
    Goals for 2013 Network+ [x] ICND1 [x] ICND2 [ ]
  • BlackBeretBlackBeret Member Posts: 683 ■■■■■□□□□□
    dazl1212 wrote: »
    I'm going to do the access data ACE exam as its free and pretty simple from the sounds of things and might do the security+ and see if that can get my foot in the door.

    Just a heads up, the exam is free but you need FTK in order to complete the exam. FTK is nowhere near free, and the free/demo versions weren't up to date enough to complete the exam when I went to recertify last time (after leaving a company that had FTK, where I originally got ACE certified).

    Remember, with vendor specific exams you typically need their tools.
  • dazl1212dazl1212 Member Posts: 377
    BlackBeret wrote: »
    Just a heads up, the exam is free but you need FTK in order to complete the exam. FTK is nowhere near free, and the free/demo versions weren't up to date enough to complete the exam when I went to recertify last time (after leaving a company that had FTK, where I originally got ACE certified).

    Remember, with vendor specific exams you typically need their tools.
    Thanks for the heads up, I may just try and get the security+ done for now and concentrate on my degree.
    Goals for 2013 Network+ [x] ICND1 [x] ICND2 [ ]
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    A degree definitely will not hurt. At my agency a degree is a minimum if you do not have a ton of experience already (obviously they prefer both). I know a local college near by to be has a two year degree and certificate in computer forensics where you come out with EnCase certification when you are done. Perhaps there is something similar in the UK?
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • IronmanXIronmanX Member Posts: 323 ■■■□□□□□□□
    I seen mention of an ACE mobile forensics certification but cant find any info on it other then dead links to the official site.

    Does this cert no longer exist?
  • IronmanXIronmanX Member Posts: 323 ■■■□□□□□□□
    cyberguypr wrote: »


    Training - Products and Services

    Yeah so thst is the computer forensics cert.

    Do the images contain the ftk etc... Software so that one may be able to learn how to use the software with out purchase?

    I'm hoping so because that is some expensive software.

    The mobile cert looks to be called AME
    http://www.techexams.net/forums/security-certifications/114534-passed-accessdata-mobile-examiner-ame.html

    Here is mention of the ACE and AME
    https://www.syntricate.com/partners.html
  • stryder144stryder144 Member Posts: 1,684 ■■■■■■■■□□
    No, the images do not contain the FTK software.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • IronmanXIronmanX Member Posts: 323 ■■■□□□□□□□
    stryder144 wrote: »
    No, the images do not contain the FTK software.

    How have people who do not purchase the software pass the certification?.

    Maybe thats a dumb question but i'll ask it anyway haha.
  • stryder144stryder144 Member Posts: 1,684 ■■■■■■■■□□
    Never having used FTK, nor taken any forensics courses, I can't say for sure. I think that a lot of those who are certified do so because the organization they work for has it and they need/want their analysts certified on the tools. Not to mention, some schools that have digital forensics courses will use it and I would imagine that students interested in getting a foot in the forensics door would study for the exam and take it after their semester is over.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • ThePawofRizzoThePawofRizzo Member Posts: 389 ■■■■□□□□□□
    the_Grinch wrote: »
    A degree definitely will not hurt. At my agency a degree is a minimum if you do not have a ton of experience already (obviously they prefer both). I know a local college near by to be has a two year degree and certificate in computer forensics where you come out with EnCase certification when you are done. Perhaps there is something similar in the UK?[/QUOTE

    I have to agree. If you get to a point where working on a reputable degree is something you can swing, even if it's only a class per term to slowly work through it, I highly recommend. Certainly a degree is not the be all, end all, and getting certs is also important - and may be a better beginning in the short term as well. However, a degree is often a baseline requirement for a lot of jobs. I work with a couple talented co-workers who have years of experience, and no degree (and mostly no certs either), but even they fear changing jobs should the need arise due to competing with others with a degree or certs.
  • nisti2nisti2 Member Posts: 503 ■■■■□□□□□□
    Hello,

    You can go with EnCase Certs. There are a few people only in the world as [FONT=&quot]EnCase[/FONT][FONT=&quot] [/FONT][FONT=&quot]Certified eDiscovery Practitioner(EnCEP[/FONT][FONT=&quot]) [/FONT]and one of them was my Forensic teacher from Argentine.

    Hope that help!

    All the best!
    2020 Year goals:
    Already passed: Oracle Cloud, AZ-900
    Taking AZ-104 in December.

    "Certs... is all about IT certs!"
  • IronmanXIronmanX Member Posts: 323 ■■■□□□□□□□
    stryder144 wrote: »
    Never having used FTK, nor taken any forensics courses, I can't say for sure. I think that a lot of those who are certified do so because the organization they work for has it and they need/want their analysts certified on the tools. Not to mention, some schools that have digital forensics courses will use it and I would imagine that students interested in getting a foot in the forensics door would study for the exam and take it after their semester is over.


    I've been doing some research I see that people have recommended getting FTK version 1.81 since that version allowed a trial. Something like 5000 files max for a case.

    Now if I could find a place to download it from that i trusted I would try it out.
    Looks like Access Data took down their download in 2014.

    However maybe that version is too old to be useful for the cert.
    Free cert but $4000 software required icon_sad.gif
  • shochanshochan Member Posts: 1,004 ■■■■■■■■□□
    Here is a great article on what you can focus on - https://www.hackread.com/top-7-cyber-forensic-tools/
    CompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP
Sign In or Register to comment.