+ Reply to Thread
Results 1 to 7 of 7
  1. Senior Member 636-555-3226's Avatar
    Join Date
    Jul 2015
    Posts
    863

    Certifications
    Lots of security certifications, yet the more I learn, the further I have to go...
    #1

    Default Forensics training

    Yes, I know there's a 3-year old sticky with 10 pages of random musings that I don't feel like reading all through.

    SANS training was cut from our budget, but I'm still in need of sending a guy or two to some forensics training for our IR program. At our current IR standpoint, I'll take any class with any type of focus, be it Windows, memory, network, disk, etc.

    Any thoughts as to what's out there and worth doing? Please don't mention EC-Council, I lean towards the "yuck" side unless you can provide a compelling reason otherwise.

    Thanks!
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member supasecuritybro's Avatar
    Join Date
    Jul 2015
    Location
    Miami, FL
    Posts
    157

    Certifications
    CISSP, GPEN, eJPT, CSA+
    #2
    Was it a cost thing? What is the limit?
    Completed: CISSP, GPEN, eJPT, CSA+, M.S. Information Security
    Current Goal: eCPPT
    Five Year Plan:​ RHCSA, CISM, OSCP, GSEC, GCIA, GCIH, GMON, GWAPT, GSE
    Book/CBT/Study Material:​ Web Application Video Course Cybrary
    Reply With Quote Quote  

  4. Senior Member 636-555-3226's Avatar
    Join Date
    Jul 2015
    Posts
    863

    Certifications
    Lots of security certifications, yet the more I learn, the further I have to go...
    #3
    Yes, cost was the issue. We had some SANS training approved, but we didn't get quite enough for everybody. Something that isn't $5k a person. Half that would probably work. It's weird here what gets approved and when and how mysteriously 6 months later a ton more money either opens up or gets pulled out of the budget...
    Reply With Quote Quote  

  5. Member Burnsie's Avatar
    Join Date
    May 2014
    Location
    Hawaii
    Posts
    82

    Certifications
    Security+, AccessData Mobile Examiner, MCP, MTA (98-365)
    #4
    Are you looking for training relating to a certifications (Like GCIH and the like) or are you just looking for forensic training in general? Do you use FTK, Encase, etc.?

    I've been told CCE is the baseline certification in forensics, so you could look into training your folks for that.

    https://www.isfce.com/training.htm

    Their website is horrific, but the certification is very reputable.

    B
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Apr 2014
    Posts
    160
    #5
    Quote Originally Posted by Burnsie View Post
    I've been told CCE is the baseline certification in forensics, so you could look into training your folks for that.

    https://www.isfce.com/training.htm

    Their website is horrific, but the certification is very reputable.

    B
    I think you're correct although the work experience needed to qualify for a CCE is quite huge if i'm correct.. Although if i'd be in the forensic field id go for this one yes..
    Reply With Quote Quote  

  7. ' or 1=1 EngRob's Avatar
    Join Date
    Jun 2013
    Location
    Humid Florida
    Posts
    239

    Certifications
    GPEN, GWAPT, GCIH, GCFE, GSEC, CCNA, CCNA:Security, CCSA(exp), Security+, Network+, Linux+, Server+, A+, Project+, CEH, CHFI
    #6
    You could have everyone try for the SANS work study programs. It would then only run $900 for the course + expenses, although I recall 408 has around a $200 extra optional charge for the write-block hardware.
    Reply With Quote Quote  

  8. Member Burnsie's Avatar
    Join Date
    May 2014
    Location
    Hawaii
    Posts
    82

    Certifications
    Security+, AccessData Mobile Examiner, MCP, MTA (98-365)
    #7
    Quote Originally Posted by mokaz View Post
    I think you're correct although the work experience needed to qualify for a CCE is quite huge if i'm correct.. Although if i'd be in the forensic field id go for this one yes..
    As far as I can tell, there is no requirement for work experience if you are doing the instructor led bootcamp or the self paced study option. If you challenge the exam without either, you need to prove 18 months of professional experience. So, it's not bad compared to other certifications. And having some experience is probably a good idea. If you don't know how to read HEX, offsets, and the basics of forensics, you're going to have trouble with any forensics bootcamp because they are going to glaze over that stuff on day 1 and assume you grasped the topics.

    B

    Edit: I took a bootcamp equivalent class at UMUC, CMIT424. While the instructor was a jerk and useless, the class did teach us alot. I can honestly say that I only completed it through the help of my fellow classmates. That class devolved into a large group project because of how poorly the labs were designed and the MIA instructor.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks