±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 3 Overall: 32784
New Yesterday: 6 Visitors: 151

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

Student advice?

Computer forensics training and education issues. If you are looking for topic suggestions for your project, thesis or dissertation please post here rather than the general discussion forum.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

Student advice?

Post Posted: Wed Sep 06, 2017 7:29 am

Hey guys I am new around here, sorry if I cannot post questions like this.

I am currently a computer forensics student in the UK heading into my second year very soon. I was wondering if anyone could recommenced anything I can learn in my spare time to help me understand computer forensics better if not make me more valuable to employers for the near future. Books, courses etc, Any help would be great, I currently can program in a few languages Python/C/Java but need to ensure I understand different aspects of computer forensics more before I can script/program any tools.

Lastly, I have been told many times from professionals in the field this field is getting bigger and the demand is increasing for computer forensics. Would you agree?

Thank you for your time and I am very sorry if I cannot post these type of questions here. Thank you!  

HuzyComp
Newbie
 
 
  

Re: Student advice?

Post Posted: Wed Sep 06, 2017 11:08 am

Hi, I would recommend reading the following book : The Basics of Digital Forensicn: The Primer for Getting Started in Digital Forensics, by John Sammons.  

Last edited by OSryx on Thu Sep 07, 2017 5:25 am; edited 1 time in total

OSryx
Newbie
 
 
  

Re: Student advice?

Post Posted: Wed Sep 06, 2017 11:17 am

Books:
Mastering Windows Network Forensics and Investigation (Anson et al.)
Windows Forensic Analysis Toolkit (Harlan Carvey)
Practical Mobile Forensics (Mahalak and Tamma)

It's important to get hands-on. I recommend seeing what you can extract from your own devices. E.g.

Project 1:
Image a Windows computer using EnCase Imager and/or FTK Imager.
Mount the image using FTK imager.
Analyze the drive using Autopsy. What can you find with a keyword search? What files can you recover by carving?
Extract browser history using Hindsight and the Nirsoft tools.
Use RegRipper against the registry hives on the image. What files have been opened recently? What was the computer's last IP address? What other questions would you like to answer?

Project 2:
Acquire your smartphone using ADB (if you have Android) or iTunes (if you have an iPhone).
Acquire the phone again using a tool such as Magnet Acquire or Belkasoft Acquisition Tool.
Pick a few apps of interest and see what you can find using the SQLite Viewer.

You can use other tools instead of or in addition to what I suggested. The tools I listed are all free. If you prefer Linux, you might want to try SIFT or CAINE instead.  

tracedf
Senior Member
 
 
  

Re: Student advice?

Post Posted: Wed Sep 06, 2017 11:43 pm

- HuzyComp
I was wondering if anyone could recommenced anything I can learn in my spare time to help me understand computer forensics better if not make me more valuable to employers for the near future.


You need to know the computer platforms that you will be examining. Not just to the level of competence, but to level of expertise: what happens 'under the hood'. This kind of information is usually found in books etc. for system administrators, platform and application developers, and sometimes in books of the type 'undocumented <platform>' or 'hacking <platform>'.

Books on forensics typically give you the forensic analysts view, which is usually centered on the questions asked by crime investigators, prosecutors, defense attorneys, etc. Your job, as a FA, is to answer those questions correctly, lucidly and preferably also incontrovertibly.

Knowledge of programming often helps you understand the platform and the environment, especially if it is the system-level programming. It gives you access to the platform SDK(s) which provides the services offered by the platform. Users need a command line or a GUI to do things, and those are necessarily restricted. Programs can use the SDK -- and if you understand the SDK, you'll better understand why some forensic 'truths' may only be half-truths.

You should also have a decent knowledge of what's going on in forensic world at large. One book -- which unfortunately doesn't touch on computer forensics, but otherwise presents some 'bad forensics' clearly and lucidly -- is 'Forensic Science Reform' by Wendy Koen and Michael Bowers.

Lastly, I have been told many times from professionals in the field this field is getting bigger and the demand is increasing for computer forensics. Would you agree?


Yes, in that computers and computer platforms, and ways to extract relevant information, are becoming more and more common. Smartphones are a fairly recent addition, and now Internet-of-Things equipment is probably next in line

No, in that the information extracted and interpreted must still be live up to the same quality requirements. And that's where a major part of your job is: not just the mechanics of extracting information, but also knowing if the information obtained can be trusted and how far. And also why you hold that opinion.

It's a curious mix of investigative activities and research activities. I'm leaning more and more toward the research part, as I consider it to be ... occasionally dubious, so my answers will be biassed that way.  

athulin
Senior Member
 
 

Page 1 of 1