Computer Forensics ...
 
Notifications
Clear all

Computer Forensics Newbie

11 Posts
6 Users
0 Likes
561 Views
(@chrono1)
Posts: 5
Active Member
Topic starter
 

Hello, my name is Terrell. I just want to say that I really appreciate this forum. I just got my b.s. in computer science, and I've been interested in computer forensics for a while now, but never really knew how to get into the field. I lucked up and found this forum somehow. The computer science program I went through focused a lot on programming, not with actually dealing with computer hardware and os's. So, for the past year, I've been teaching myself about hardware and os's (self-study for A+ exam, but haven't taken it). I know a little about networking, and I'm enrolling in an MCSA class next week, since I can only learn so much on my own without the proper tools. My question is, can anyone recommend any resources and training exercises to help learn the art of computer forensics. Oh, and also, how did you guys get interested in the field? I was taking a computer ethics course and became intrigued. Thanks for any help. I really appreciate it.

 
Posted : 18/09/2004 6:39 am
(@gmarshall139)
Posts: 378
Reputable Member
 

My advice to you is to get into law enforcement. Look around for a small to medium size progressive department. They will like your background in computers. Go to work on the streets for awhile. It's fun, and you'll get a chance sooner or later to demonstrate your computer knowledge. Talk to them about doing computer forensics, even if just on a part time basis at first. The classes by Guidance Software really are the best anywhere, if you can afford them. Sure the're specific to Encase, but it's the best thing going now.

 
Posted : 18/09/2004 1:41 pm
Jamie
(@jamie)
Posts: 1288
Moderator
 

Hi Terrell,

Welcome to Forensic Focus.

I think Greg's probably right in as far as growing law enforcement departments probably represent the easiest way to enter the forensic computing field. That said, police work doesn't suit everyone and I would always recommend thinking long and hard about how you're going to feel about the material you are likely to be exposed to.

Another option is to simply work in another field for a while where you can build up your technical knowledge before deciding to make the move into forensics. Anything you learn elsewhere will usually come in handy at some stage 🙂

As far as resources are concerned…read as much as you can. Which reminds me, I really must put that "Recommended Reading" page together…

Jamie

 
Posted : 19/09/2004 2:18 pm
(@chrono1)
Posts: 5
Active Member
Topic starter
 

Thanks for the advice. Are any of you guys in law enforcement? Do police officers handle the forensic work or does this role belong to civilians in support positions? I've been thinking about getting into law enforcement, but I love computers too much; I don't want to leave that path behind. That's why I want to do computer forensics. Hopefully I can get some info from the local pd's this week; Ivan had everyone frantic down here last week. How did you guys get into the field?

 
Posted : 20/09/2004 1:25 am
(@gmarshall139)
Posts: 378
Reputable Member
 

Are any of you guys in law enforcement? Do police officers handle the forensic work or does this role belong to civilians in support positions?

In mine and most other departments around here most forensic work is done by investigators with additional responsibilities in investigating the cases. I suppose some places, particularly larger departments will have civilians who strictly do the forensics.

 
Posted : 20/09/2004 1:31 pm
Jamie
(@jamie)
Posts: 1288
Moderator
 

Just a short note to say that the recommended reading page is now up and can be found here:

http://www.forensicfocus.com/computer-forensics-books.php

I think the first two books listed will be of the greatest help to someone starting out in this field, hope you find 'em useful.

I'll add further books shortly.

Kind regards,

Jamie

 
Posted : 05/10/2004 1:18 am
(@jjl556)
Posts: 2
New Member
 

I am coming to computer forensics from the other end of the spectrum. After 14 years as a Police Officer/Investigator, my department decided it wanted the capability to do in-house examinations. I had an expressed interest but little comptuer experience. My Dept. recently sent me to intermediate and advanced training with EnCase but I am still pretty lost. I find myself in the position of having to go back now and learn the basics. When I got back to my Dept., I was given the task of setting up a lab from scratch. I am currently trying to do that while learning the basics. It will be a while before I am comfortable doing an evidentiary exam. It was so much easier just catching the bad guys the old fashion way!!!! My department, a medium size police dept. in SW VA, decided against using civilian examiners due to the nature of some of the investigations and the expense. We wanted an in-house capability because of forensic backlog at the state level.

 
Posted : 05/04/2005 3:48 pm
Jamie
(@jamie)
Posts: 1288
Moderator
 

Welcome to the Forensic Focus forums. Feel free to start a new topic if you're looking for any specific advice on setting things up etc.

Kind regards,

Jamie

 
Posted : 05/04/2005 3:53 pm
(@jjl556)
Posts: 2
New Member
 

Thanks Jamie,

I have already found the recommended list very useful and I am sure I will have a lot of questions to post after I get a little more knowledge.

 
Posted : 05/04/2005 3:55 pm
(@lonelywolf)
Posts: 31
Eminent Member
 

i'm relatively new to this "land", i think that study and certifications are very important, they denotes a particular "Path" follewed by someone in it's studies….however, sometimes i'd like to think that the first think really important here, is to (or start to) know how things "works" and how "access" to certain data and where/what to search for…interactions…

IMO the key is to know and to understand and aboveall, manipulate all this information to make your own duty.

maybe u already know this issue, but IMO i think it's important to start with the knowledge of x86 architecture (or another one, of course) and maybe this is underrate or it seems too "far", learn how data are organized on the disk, structure, file system, os's internal (i'm starting in going deeper 🙂 ) networking…then, when u know many of this things, u should evaluate tools and information that shows to you, how to use to discover "things" or to understand what happen or goes wrong…in windows for example IMO it's important to have a look to the PE executable format..

🙂 there are a LOT of things…maybe too much 😛

ps.

Locard Rules 😛

 
Posted : 05/04/2005 4:19 pm
Page 1 / 2
Share: