±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 33074
New Yesterday: 5 Visitors: 171

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

Best fundamentals training

Computer forensics training and education issues. If you are looking for topic suggestions for your project, thesis or dissertation please post here rather than the general discussion forum.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

Best fundamentals training

Post Posted: Tue Aug 22, 2017 12:51 pm

We have some new investigators that have pretty much no experience in computer forensics. They come from an IT admin background.

I was tasked with updating our "training roadmap" to see what training classes are out there and what classes new investigators should follow to have a solid base to get them up and running as soon as possible.

I would appreciate your input on what you guys thing is the best "computer forensics fundamentals" classes on the market ?

By fundamentals, I mean the following:
- Understanding the importance of data integrity (hash values, write blockers, etc.)
- Computer forensics workflow (collection, processing, analysis, reporting, etc.)
- Handling and preserving digital evidence
- File system basics (FAT, NTFS, ExFAT), file slack, unallocated space, etc.
- Windows artefacts
- Proper documentation and reporting

When I started in this field several years ago, the first training pretty much everyone got was the "Guidance Software EnCase 1" class. This class did an overview of many concepts (data integrity, hash values, write blockers, documentation, reporting, etc.) Then, you would take the other EnCase classes (Windows Forensics, Mac, etc.)

Now, many "basics" classes are available from multiple vendors, such as:
- SANS FOR500 - Windows Forensics
- DF120 - Foundations in Digital Forensics with EnCase
- InfoSEC Institute - Computer and Mobile Forensics Boot Camp

If you have taken those classes, I would greatly appreciate your feedback.  

ThePM
Senior Member
 
 
  

Re: Best fundamentals training

Post Posted: Tue Aug 22, 2017 2:22 pm

I took Guidance Software's Forensics I and II a couple of years ago and I thought it was very good. I've seen a lot of complaints about Infosec Institute plagiarizing content, e.g. attrition.org/errata/c...institute/ . I would avoid Infosec Institute for that reason. I have not taken the SANS forensics training.

What tools do you primarily use in your lab? I would lean toward vendor training if something appropriate is available. In addition to Guidance, I think Magnet, AccessData, and BlackBag all offer fundamentals training.

Whatever you decide, I would recommend doing a little pre-training before you send them off. These courses can be a lot to take in at once and it's easier if it's not your first exposure to every topic in the syllabus. John Sammons's the Basics of Digital Forensics looks like it covers enough for a basic intro and should give your people the lay of the land before they walk into class. I would also recommend that they spend some time playing around with your primary toolkit before they leave for class. E.g. if you still use EnCase, show them how to image a drive and process it then let them spend time (with any books/manuals you might have for reference) just poking around and looking for things.  

tracedf
Senior Member
 
 
  

Re: Best fundamentals training

Post Posted: Tue Aug 22, 2017 2:31 pm

I'm going to throw this out there...from what I've seen in 20 yrs in the industry, the "best" course doesn't matter if the person comes back and there's nothing that requires them to use what they learned.  

keydet89
Senior Member
 
 
  

Re: Best fundamentals training

Post Posted: Tue Aug 22, 2017 3:17 pm

This about the cheapest computer forensic training that I took.

www.cpcc.edu/aaaf

If you are part of a law enforcement agency then you can take CF classes from NW3C for free.  

bntrotter
Senior Member
 
 

Page 1 of 1