How vital are indus...
 
Notifications
Clear all

How vital are industrial qualifications?

10 Posts
9 Users
0 Likes
3,532 Views
(@jhooker)
Posts: 17
Active Member
Topic starter
 

Studying for a Bsc(Hons)Forensic Computing here… how vital are industrial qualifications in the field?… as of course, when finishing the degree I want to make myself as attractive as possible. (hides make up)

 
Posted : 24/01/2007 4:13 am
steve862
(@steve862)
Posts: 194
Estimable Member
 

HI,

Having spent time and effort completing a degree I would be impressed with that committment. In interview however I would ignore any qualifications you had and would ask you a number of technical questions that are very much based around the work we do. If you could not answer them sufficienly well you could have a PhD and I wouldn't hire you.

Subjects you want to be very strong on are -

Disk geometry - i would expect you to be able to talk for at least a minute on this.
Open source tools - do you know Linux? can you use dd, xxd, grep and so on?
Apple Macs - I would want you to talk about the file-system at a basic level and be familiar with the command line.
File-systems - How well do you know your file-systems? what happens when you delete files on FAT and NTFS? how to recycle bins differ on the two systems? what could you tell me about MFT records? can you show how files could be hidden in NTFS?
Hardware - You should be able to name pretty much any piece of hardware on sight and tell me what jumper settings are set on drives including SCSI IDs.

These are a guide to the sorts of things I would ask if I were interviewing anyone for a job in computer forensics.

If you are going into the private market doing more in the way of data recovery there would be other considerations, particularly knowing the basic set up and config of servers. In the case of law enforcement you should have some basic knowledge of relevant laws, such as The Protection of Children Act 1978, The Sexual Offences Act 2003 and The Computer Misuse Act 1990 (which has frequently been the subject of a re-think). These three acts cover much. There is also becoming aware of what guidelines govern the way we work, ACPO guidelines.

I've burdened you with a long answer and I hope it more than answers your question. If you do have strong knowledge in these areas you ought to be able to go into an interview full of confidence.

Steve

 
Posted : 24/01/2007 3:21 pm
Jamie
(@jamie)
Posts: 1288
Moderator
 

I think that's a very useful answer, Steve, I've made this post a sticky (it could probably do with a better subject line though).

Jamie

 
Posted : 24/01/2007 10:33 pm
(@sbuddell)
Posts: 6
Active Member
 

Hi,

First of all, I would echo Steve's reply. I would add that you should be prepared for questions along the lines of

1. Describe to me in in terms that a Jury would understand what it means to acquire an image of a hard drive.
2. What should a Forensic IT practitioner consider when confronted with the task of acquiring data from a client pc, that has an open file and is currently attached to a server?
3. What is an NSF file? What difficulties does an NSF file pose to extraction of the data it holds?
4. What are PST and OST files? Where would you expect to find them and are the differences.

In other words be prepared for scenario based questions that are designed to test your aptitude for thinking on your feet and applying your skills.

Whatever you do, don't guess. If you don't know something, say so. A prospective employer is looking for your potential to learn, not a loose cannon that may make a well-intentioned but ill-informed snap decision that could adversely effect the value of evidence and/or cost the business a lot of time, money and reputation.

I would add make sure that you are aware of the services that your prospective employer has to offer. Do your homework.

And one final plea PLEASE, PLEASE, PLEASE do not thnk that you are walking into the tv world of 24, CSI and Spooks.

It is a great industry. I hope you have the opportunity to enjoy it.

 
Posted : 25/01/2007 9:32 pm
(@ivalen)
Posts: 30
Eminent Member
 

Studying for a Bsc(Hons)Forensic Computing here… how vital are industrial qualifications in the field?… as of course, when finishing the degree I want to make myself as attractive as possible. (hides make up)

A touch of reality - having seen new college students by the dozen, degrees really don't mean much in the workplace. You're on probation with me - and it's your performance that matters.

And there's the rub. If you start working for me with qualifications and 10 years of investigative experience, then the letters after your name mean much more. College students are unknown entities still putting 'experience with Microsoft Word' on their resume. And you're a million miles from becoming an expert witness.

 
Posted : 13/07/2007 10:28 am
(@ba2llb)
Posts: 38
Eminent Member
 

A touch of reality - having seen new college students by the dozen, degrees really don't mean much in the workplace. You're on probation with me - and it's your performance that matters.

The probationary period is equally beneficial for the employer and the forensic trainee. At the outset of a career though having a degree cannot hurt the candidate unless they expect to ride on it without putting forth effort on the job. This is the reason entry-level positions are vital for the field though there is a dearth of entry-level positions.

And there's the rub. If you start working for me with qualifications and 10 years of investigative experience, then the letters after your name mean much more.

However, getting past human resources generally requires having certain letter combinations after one's name or on the resume. I agree the letters after your name only have value if backed up with practical experience beyond entry-level. At the entry-level. however, the letters are about all most people have to distinguish themselves amongst other candidates.

College students are unknown entities still putting 'experience with Microsoft Word' on their resume. And you're a million miles from becoming an expert witness.

I doubt anyone new to digital forensics would think themselves an expert witness much less ready to testify in a court of law. I have seen digital forensic employment postings explicitly requiring experience with the Microsoft Office suite, likely due to their reports being standardized in that office suite.

Good advice, lvalen.

 
Posted : 28/11/2009 11:07 pm
(@larrydaniel)
Posts: 229
Reputable Member
 

I agree with what you have seen in the other posts. I would add that when I am revewing a person as an examiner, including interns who come to train with us, I am looking not only for technical skills, but soft skills as well.

What kind of presence do you have?
Would you be able to inspire confidence in a client.
Can you speak about technical issues in non technical language.
How well do you write?
Can you think analytically?
How would you respond to answering questions orally under pressure?
How much public speaking have you done? Do you like it or dread it?
Do you like to learn independently?
What are the last 5 books you read and when?
What is the most complicated thing you ever took apart and successfully put back together?
Do you exhibit good listening skills?
Are you task oriented or goal oriented?
What is your learning style?

What is the most overwhelming project or task you were ever assigned and how did you handle it?

This field isn't CSI nor is it working in a lab all day with no contact with clients.

The candidates I look for are well rounded individuals, or to put it another way, nerds with great personalities who like to deal with people, want to solve mysteries and have a passion for life long learning.

 
Posted : 04/10/2012 10:20 am
(@cante2009)
Posts: 4
New Member
 

Hi daniel
Could you pease help us to provide recomendation on 3 best forensic tools
ave you got any experience with Encase, FTK, Paraben, Oxygen ,Cellibrite, X-ways etcc
Please assist us for technical recommendations
for best 3 mobile phone forensic tools and 3 best computer
forensic tools outline the advanced and disvantage
Our requirements for mobile phone for windwos and Mac if possible ( Physical and logical)

1) Recover delete data ( sms, photo, video, contatcs, notes, memo etc) from Iphone 3,4,4s, 5,5s,5c and android phone ( Samsung Galaxy) - private users
2) Recover deleted sms , photos, video from iphone 3,4,4s,5,5s,5c and android Samsung for Criminal or civil matter or insurance ( evidence in court)
3) Tracking the location of phone based on Cell GSM Tower, phone GP forensic S for the last 15 days
4) For forensic investigation extract sms, phone records, phone location for past 5 days
5) For forensic investigation to ,the GPS tag photos ( Photo, location etc..)

For computer forensic for windows
1) Find internet history
2) find deleted data, who did, and when?
3) recovered deleted data
4) find netwok lan /wan vulnerability
5) Find and recover deleted email
6) etc

I am waiting for your feedback to allocate this job ..
Regards
Dilip

 
Posted : 17/03/2014 12:59 am
(@cante2009)
Posts: 4
New Member
 

Hi Daniel
Could you help us
t a technical recommendations
for best 3 mobile phone forensic tools and 3 best computer
forensic tools outline the advanced and disvantage
Our requirements for mobile phone for windwos and Mac if possible ( Physical and Logical recover)

1) Recover delete data ( sms, photo, video, contatcs, notes, memo etc) from Iphone 3,4,4s, 5,5s,5c and android phone ( Samsung Galaxy) - private users
2) Recover deleted sms , photos, video from iphone 3,4,4s,5,5s,5c and android Samsung for Criminal or civil matter or insurance ( evidence in court)
3) Tracking the location of phone based on Cell GSM Tower, phone GP forensic S for the last 15 days
4) For forensic investigation extract sms, phone records, phone location for past 5 days
5) For forensic investigation to ,the GPS tag photos ( Photo, location etc..)

For computer forensic for windows
1) Find internet history
2) find deleted data, who did, and when?
3) recovered deleted data
4) find netwok lan /wan vulnerability
5) Find and recover deleted email
6) etc

Regards
Dilip

 
Posted : 17/03/2014 1:37 pm
(@msbettyhunt)
Posts: 9
Active Member
 

I think that's a very useful answer, Steve, I've made this post a sticky (it could probably do with a better subject line though).

Jamie

Totally agreed in all ways.

 
Posted : 11/11/2019 10:09 am
Share: