Notifications
Clear all

Student advice?

4 Posts
4 Users
0 Likes
624 Views
(@huzycomp)
Posts: 1
New Member
Topic starter
 

Hey guys I am new around here, sorry if I cannot post questions like this.

I am currently a computer forensics student in the UK heading into my second year very soon. I was wondering if anyone could recommenced anything I can learn in my spare time to help me understand computer forensics better if not make me more valuable to employers for the near future. Books, courses etc, Any help would be great, I currently can program in a few languages Python/C/Java but need to ensure I understand different aspects of computer forensics more before I can script/program any tools.

Lastly, I have been told many times from professionals in the field this field is getting bigger and the demand is increasing for computer forensics. Would you agree?

Thank you for your time and I am very sorry if I cannot post these type of questions here. Thank you!

 
Posted : 06/09/2017 1:29 pm
(@osryx)
Posts: 1
New Member
 

Hi, I would recommend reading the following book The Basics of Digital Forensicn The Primer for Getting Started in Digital Forensics, by John Sammons.

 
Posted : 06/09/2017 5:08 pm
tracedf
(@tracedf)
Posts: 169
Estimable Member
 

Books
Mastering Windows Network Forensics and Investigation (Anson et al.)
Windows Forensic Analysis Toolkit (Harlan Carvey)
Practical Mobile Forensics (Mahalak and Tamma)

It's important to get hands-on. I recommend seeing what you can extract from your own devices. E.g.

Project 1
Image a Windows computer using EnCase Imager and/or FTK Imager.
Mount the image using FTK imager.
Analyze the drive using Autopsy. What can you find with a keyword search? What files can you recover by carving?
Extract browser history using Hindsight and the Nirsoft tools.
Use RegRipper against the registry hives on the image. What files have been opened recently? What was the computer's last IP address? What other questions would you like to answer?

Project 2
Acquire your smartphone using ADB (if you have Android) or iTunes (if you have an iPhone).
Acquire the phone again using a tool such as Magnet Acquire or Belkasoft Acquisition Tool.
Pick a few apps of interest and see what you can find using the SQLite Viewer.

You can use other tools instead of or in addition to what I suggested. The tools I listed are all free. If you prefer Linux, you might want to try SIFT or CAINE instead.

 
Posted : 06/09/2017 5:17 pm
(@athulin)
Posts: 1156
Noble Member
 

I was wondering if anyone could recommenced anything I can learn in my spare time to help me understand computer forensics better if not make me more valuable to employers for the near future.

You need to know the computer platforms that you will be examining. Not just to the level of competence, but to level of expertise what happens 'under the hood'. This kind of information is usually found in books etc. for system administrators, platform and application developers, and sometimes in books of the type 'undocumented <platform>' or 'hacking <platform>'.

Books on forensics typically give you the forensic analysts view, which is usually centered on the questions asked by crime investigators, prosecutors, defense attorneys, etc. Your job, as a FA, is to answer those questions correctly, lucidly and preferably also incontrovertibly.

Knowledge of programming often helps you understand the platform and the environment, especially if it is the system-level programming. It gives you access to the platform SDK(s) which provides the services offered by the platform. Users need a command line or a GUI to do things, and those are necessarily restricted. Programs can use the SDK – and if you understand the SDK, you'll better understand why some forensic 'truths' may only be half-truths.

You should also have a decent knowledge of what's going on in forensic world at large. One book – which unfortunately doesn't touch on computer forensics, but otherwise presents some 'bad forensics' clearly and lucidly – is 'Forensic Science Reform' by Wendy Koen and Michael Bowers.

Lastly, I have been told many times from professionals in the field this field is getting bigger and the demand is increasing for computer forensics. Would you agree?

Yes, in that computers and computer platforms, and ways to extract relevant information, are becoming more and more common. Smartphones are a fairly recent addition, and now Internet-of-Things equipment is probably next in line

No, in that the information extracted and interpreted must still be live up to the same quality requirements. And that's where a major part of your job is not just the mechanics of extracting information, but also knowing if the information obtained can be trusted and how far. And also why you hold that opinion.

It's a curious mix of investigative activities and research activities. I'm leaning more and more toward the research part, as I consider it to be … occasionally dubious, so my answers will be biassed that way.

 
Posted : 07/09/2017 5:43 am
Share: