±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 1 Overall: 35530
New Yesterday: 7 Visitors: 124

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

New Starter / Certification Path to follow

Computer forensics training and education issues. If you are looking for topic suggestions for your project, thesis or dissertation please post here rather than the general discussion forum.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page 1, 2  Next 
  

keith.bucknall
Member
 

New Starter / Certification Path to follow

Post Posted: Oct 02, 04 23:38

Dear All,

I have just come accross this site and would like to say how resourceful it is, now i ham taking a keen interest in the Security / Forensic area and will shortly but looking to under the EC-Council (www.eccouncil.org) Certified Ethical Hacker and Certified Haker Forensic Investigator.

I have had a quick and also seen the EnCase courses, what i would like to do is build up some courses and exp, i also have my own I.T. company which i would like to start using more for Security / Forensic work..

My main question is what would you guys (the experts!) recomend, any good names of courses and training companies, the one i was currently looking at was www.mile2.com

Once again thanks for your time and help and i look forward to hearing from you..
_________________
Kind Regards
Keith Bucknall
MCSE:Security 2003, MCSA 2003, MCP, A+, N+, Sec+ 
 
  

jamie
Site Admin
 

Re: New Starter / Certification Path to follow

Post Posted: Oct 03, 04 00:09

Hi Keith,

A warm welcome to Forensic Focus.

If you're actually going to use EnCase I thoroughly recommend Guidance Software's training courses in Liverpool.

Cheers,

Jamie
_________________
Jamie Morris
Forensic Focus
Web: www.forensicfocus.com
Twitter: twitter.com/ForensicFocus
Facebook: www.facebook.com/forensicfocus 
 
  

Andy
Senior Member
 

Re: New Starter / Certification Path to follow

Post Posted: Oct 03, 04 10:11

Hi Keith,

It depends on what will be your main software tool? Because depending on which tools you use will usually dictate the training you should undertake. Also will travelling to courses an issue?

Also you possibly need to be aware that there are two fairly distinct areas of computer forensics. There is the post mortem (hands on physical access to the machine) field and the network security/hacking field. I have found that some people tend to specialise is one or the other (and only a few pursue both). You’ll find that if you are conducting work on hard disk drives in ‘forensics’ type investigations then it will be financially more viable for you to do courses relating to this, and leave the other alone.

Yes Guidance do courses in Liverpool, it sounds like Jamie has been on these and so have I. They are good but EnCase is not the only ‘fruit’ – there are many courses and other software available. I am playing devils advocate here, as I am mainly an EnCase user and much prefer it.

However, there is FTK, and you can do a forensic ‘boot camp’ at NSLEC (National Specialist Law Enforcement Centre) Wyboston, UK. www.centrex.police.uk/...ch13.html.

There is also ILook – A fantastic free to law enforcement too (used by the FBI) and written by Elliot Spencer: - www.ilook-forensics.or...ining.html

Using Linux there is SMART www.asrdata.com/tools/ . Some courses are run by Thomas Rude aka ‘farmerdude’ (http://www.crazytrain.com) who is willing to travel to conduct training course. Pre-requisites are based on knowledge and experience. Students for this course should have a minimum of 2 years experience in conducting data forensic examinations and should be familiar with forensic and scientific methodologies.

I notice you say “also have my own I.T. company which i would like to start using more for Security / Forensic work”. Starting out in Forensic Computing is a big step, and I suggest some experience is necessary before actually putting ‘pen to paper’ and making reports/statements for clients, after all it could be someone’s liberty or livelihood that’s at stake as Forensic work usually involves some kind of legal proceedings. IMHO the best course/training I have taken is at the Royal Military College of Science, Cranfield University, UK. Where they do short courses (2 weeks) in Forensic Computing (Forensic Computing Foundation Course).

www.rmcs.cranfield.ac....ses/445868

The course is expensive but is run (or was run) by Prof Tony Sammes and Prof Brian Jenkinson authors of Forensic Computing: A Practitioner's Guide. (http://www.amazon.com/exec/obidos/tg/detail/-/1852332999/104-6682112-5806351?v=glance). Prof Sammes is a leading expert on Forensic Computing and gave evidence on the Hutton enquiry (http://news.bbc.co.uk/2/hi/uk_news/politics/3120462.stm). I therefore feel quite privileged to be lectured by him, and I would recommend this course to anyone.


Andy  
 
  

keith.bucknall
Member
 

Re: New Starter / Certification Path to follow

Post Posted: Oct 03, 04 10:51

Andy

Many thanks for the infomation, i have looked over the links you sent - wow thanks for that. Now to answer your question regading the ethical security and forensics to be perfectly honest i do not know which area to foucs my resources...

I am interested in both areas and both seem to offer the challenge i need, overall i would say the security side is more "well known" but i have always wants to find out how and why people do try and comprimise secruty and then how to go about catching and recording the evidence...

I guess i am really after someone in the industry offering advice for a good challenge and career....

One thing i would say looking over the links they mainly require either min exp or the students working in a Law Enforcement role, my question is how can one get the role without any exp or qualification. I have tried to look around my local Police site for the last few months, plus the Met and H.T.C.U but to no avail...

Would anyone be able to recommend ideas, tips etc.... as i truely do not want to stay a Network Administrator and need to look at specialisng in a field. I noticed the Cranfield courses need a degree as a backgroud all i basically have is the Professional I.T. qualifications...

Arr they must be a way to break into the field..!

Thanks for the information...
_________________
Kind Regards
Keith Bucknall
MCSE:Security 2003, MCSA 2003, MCP, A+, N+, Sec+ 
 
  

jamie
Site Admin
 

Re: New Starter / Certification Path to follow

Post Posted: Oct 03, 04 10:52

Good post, Andy, some very solid advice advice there. I think the question of which tool to use as far as the independent (i.e. non LE/large firm) investigator is concerned is a good one. I also think your comments about the benefit (necessity?) of having previous experience in this field are very valid. Computer forensics involves the "double whammy" of potentially having life changing consequences for those involved (e.g. defendants, victims, companies, etc.) and also being something of a procedural minefield where one slip up can scupper an investigation. There is a growing interest in computer forensics training and a growing number of courses to support this interest, but can any training (other than that done "on the job" under supervision) ever be enough to fully equip someone to competently handle their first investigation on their own? I'm not suggesting that it can't but think it bears reflection at least. Dare I suggest that forums such as these might even play a part in supporting the less experienced investigator who might not have more experienced colleagues to rely on?

BTW I didn't realise that Sammes and Jenkinson were teaching part of the course at Cranfield...you're a lucky chap!

Cheers,

Jamie
_________________
Jamie Morris
Forensic Focus
Web: www.forensicfocus.com
Twitter: twitter.com/ForensicFocus
Facebook: www.facebook.com/forensicfocus 
 
  

keith.bucknall
Member
 

Re: New Starter / Certification Path to follow

Post Posted: Oct 03, 04 11:54

P.S.

Almost forget has anyone seen or heard anything about the C.H.F.I details here:

www.eccouncil.org/CHFI.htm

www.eccouncil.org/CEH.htm

Thanks.....:)
_________________
Kind Regards
Keith Bucknall
MCSE:Security 2003, MCSA 2003, MCP, A+, N+, Sec+ 
 
  

Andy
Senior Member
 

Re: New Starter / Certification Path to follow

Post Posted: Oct 03, 04 15:30

Hi Keith,

I understand your predicament, where to start?

I think I have given an opinion (for what its worth) in another post similar to this. I do deal with both types of the forensic work I mentioned, however my personal preference is, hands on, data acquisition storage and subsequent investigation. I like the challenge of dealing with difficult cases involving lots of different media and using various tools to image and investigate. I prefer paedophile cases to hacking and fraud, simply because the end result is more rewarding to me i.e. bad/sometimes dangerous guys going to prison. Also I feel ‘post mortem’ data investigation more demanding especially if the suspect has been crafty and attempted to hide evidence.

Fraud (although I deal with them a lot) and hacking offences bore me. Network investigation likewise bores me. I would not like to deal solely with Ethical Network security, poring over event and firewall logs. But if this type of work floats your boat then there is a market for it.

Forensic Computing (as opposed to network security) is a newer science, therefore less people involved. There are more business opportunities for those in the private sector whereas being in the police I am a bit restricted in this side of things. You are caught in a chicken & egg situation where you want to gain experience but this can only easily be achieved by doing real forensic work and/or forking out for very expensive training. My advice would be to keep reading the board and any information advice you find relating to technical matters make a note of and build your own database of knowledge (I use WinPM and GKB - General Knowledge Base to keep a record of all the tip, tricks & techniques I come across). This way if you get an interview you can draw upon it.

Of course there are many “Forensic” computing businesses sprouting up all over the place (on the back of a recent increase in workload – Operation Ore), you could always apply to one of these for employment, as I already said it’s a new science and a growing industry and some companies want to branch into it. They may take you on with you network I.T Skills and your desire to learn forensics. This may be a long drawn out process.

There are many top forensic computing consultants/specialist who are purely self taught and have built themselves formidable reputations. However there is one way to prove to a potential employer you have the skills and that’s through qualifications.

I also agree with Jamie if you are going use EnCase it is an advantage to go on their basic course. And again Jamie is right - this board may well prove extremely useful for those not in a position to draw on the knowledge of experienced colleagues.

One thing that did bother me initially is that ethically there is the question of whether posts on this, or any forensic bbs could be exploited by an offender to learn techniques for covering up their tracks and perverting the course of justice. My answer is I don’t think it is too much of an issue nowadays as most techniques in evidence elimination are well documented and easily found doing a Google, and this and other bbs on computer forensics help increase the impartial knowledge of the forensic computing community as a whole (which must be a good thing).


Andy  
 

Page 1 of 2
Page 1, 2  Next