+ Reply to Thread
Page 3 of 8 First 123 4567 ... Last
Results 51 to 75 of 192
  1. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,597
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #51
    Remember that "forensics" is about collecting, analyzing, and documenting evidence that may be used in a court of law. You would need to think about the kinds of evidence that is traveling around a network that needs collecting, analyzing, and documenting.

    You would start with the topology of the network and the kinds of systems and services available on it. Next you would look at the network traffic and determine what kinds of useful data and meta-data you could derive from it (that is, what would a prosecuting or defense attorney ask to see).

    Time-lines are usually very important in a case, so knowing "who was doing what when and where" is something that needs to be discovered too. Either you are collecting this information as part of your normal business operations (Operational Forensics) or you are sifting it out of log files and databases after the fact.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  2. SS -->
  3. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    3,828

    Certifications
    BS-CST CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA CMFF
    #52
    Nice, thanks JD!
    WIP:
    MS in Legal Studies - Drexel University
    Mobile Forensics
    Kotlin
    Python
    Reply With Quote Quote  

  4. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    3,828

    Certifications
    BS-CST CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA CMFF
    #53
    JD had two questions for you. What are your thoughts on the CHFI? Worth going for? Finally, what are your thoughts on getting a Masters in Digital Forensics as a way to get into the field?
    WIP:
    MS in Legal Studies - Drexel University
    Mobile Forensics
    Kotlin
    Python
    Reply With Quote Quote  

  5. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,597
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #54
    Quote Originally Posted by the_Grinch View Post
    JD had two questions for you. What are your thoughts on the CHFI? Worth going for? Finally, what are your thoughts on getting a Masters in Digital Forensics as a way to get into the field?
    I've have those same two questions myself. I'm not sure if I have my final answers, but...

    When looking at the CF certs held by "real" CF people, I never see the CHFI; it's always EnCE, ACE, CCE, CCFE, CFCE, etc. Considering how expensive EC-Council cert have gotten, for myself I would probably only go after the CHFI if someone else paid for it and the training. However, the course material still looks good enough to learn from even if you don't take the exam.

    Most CF people do not have a Masters degree, let alone one in CF/DF, so it's not necessary to go to that extreme to learn, or get a job in, CF. It's such a highly specialized Masters degree that I would really consider something more security-generic, such as MSIA or MSIT-IS. That way, if you decide to switch to a different security field, your Masters doesn't seem only relevant for CF.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  6. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,652

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #55
    I've been looking at the ACE cert, but it appears to require experience with Acess Data's FTK. The only certification I can think of that might have value while also being vendor neutral is the GCFA from GIAC. I spent a couple evenings thoroughly looking through ForensicFocus.com

    Your thoughts JD?
    Currently working on: Resting
    Reply With Quote Quote  

  7. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,597
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #56
    I think most CF certs will be mostly vendor-neutral with some material about the most popular CF software packages (it's like trying to make a cert exam that doesn't mention Windows, Cisco, etc.). A few CF cert are highly vendor-specific and usually created by companies that make CF products. These are simply to provide a level of assurance that people have a minimal level of competency for using specific CF products.

    The ACE is specifically for testing the candidate on the use of FTK for conducting a forensics investigation. The EnCE is the same but for using EnCase. I would not attempt either of those certs unless you have done actual casework using them. The Sybex EnCE Study Guide supposedly has all of the information needed to pass the EnCE written exam, but the experience of knowing how to apply that information is what you need to pass. And then, after you pass the written exam, there is the practical exam, where you actually use EnCase to perform a simulated examination and make a written report. During the exam should not be the first time you attempt to use the software.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  8. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,652

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #57
    So would something like the GIAC GCFA or EC-Council CHFI be a good beginning point? I'm starting to get more and more interested but I'm not sure how someone would get hired without any experience with EnCase, etc.

    edit: I've read through much of ForensicFocus.com, but I would be curious to hear your thoughts or anyone else on TE that might have some experience with computer forensics.
    Last edited by veritas_libertas; 04-11-2011 at 08:40 PM.
    Currently working on: Resting
    Reply With Quote Quote  

  9. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,597
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #58
    You usually get into CF by being a member of a legal firm, law enforcement, or being a civilian working for law enforcement, or military law/police. CF requires you to know a lot about working with law enforcement and the court system, so they like people with that background. eDiscovery is a side-way to get into forensics, but they usually want people who already have experience.

    I have asked around about internships and volunteer positions, but because of the current economic situation, programs like that have been scaled back or indefinitely suspended. Doing real CF for criminal/civil cases requires an extensive background check, which is rather expensive, and most agencies don't have the money for that right now.

    In addition to looking for commercial forensics and eDiscovery jobs on dice, monster, etc., have a look at city, county, state, and federal job sites for forensics examiner and analyst positions. That will give you a good idea of what's being looked for. Here is a typical CF job at my local DA's office.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  10. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,597
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #59
    I've been thumbing through a copy of Amazon.com: Digital Forensics for Network, Internet, and Cloud Computing: A Forensic Evidence Guide for Moving Targets and Data (9781597495370): Terrence V. Lillard: Books and it looks like a good coverage of network forensics for anyone interested.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  11. Junior Member Registered Member
    Join Date
    Apr 2011
    Posts
    7
    #60

    Default CSFA & Training

    I just took the CSFA & it is a hard test. You receive a case and have less than 3-days to perform an analysis and write a report. Edmonds Community College in Lynnwood, WA has a 2-year program in information security, forensics is a huge part of it. The head of the department is Steve Hailey, a recognized expert in the field of forensics. After you finish the computer forensics classes you can take the AccessData certification, which I successfully completed for FTK/PRTK.

    City University in Bellevue, WA has a program in reverse-engineering/malware analysis, I don't know as much about it.
    Reply With Quote Quote  

  12. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,597
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #61
    Quote Originally Posted by notnow View Post
    City University in Bellevue, WA has a program in reverse-engineering/malware analysis, I don't know as much about it.
    It looks like those courses are part of City U's MS InfoSec program: Master of Science in Information Security (MSIS) - City University of Seattle
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  13. Junior Member Registered Member
    Join Date
    Apr 2011
    Posts
    7
    #62

    Default Uhm - why don't you post the Edmonds CC link too?

    When I said I don't know much about, it was a reference meaning I don't have personal, first-hand experience of the coursework and classroom, JD. Go scout up the Edmonds Community College and Steve Hailey as well, it is well worth it since Steve Hailey is the developer of the CSFA.

    I actually have in my possession the literature, met the instructors, and am acquainted with people who are enrolled for the City University program. However, I don't know what their classroom experience is, how well they are doing in the local job market, and the perspective of local employers. I considered enrolling, but have not gone any further since I only found out about them around a month ago and just finished taking the SSCP - there are only so many hours in the day.

    Now that I have further elaborated my obviously all too brief statement, I will say this much: forensics certifications - don't do any that are only 5-day courses (like CHFI). These certifications may require that at some time in the future that you appear on the stand in a criminal or civil case as an expert witness. As an expert witness you will be asked how much training you have had with your tools, how you acquired your knowledge, etc. The opposing side will have their expert witness sitting by ready to challenge every statement you make, if all you have done is a 5-day course, it won't be fun, you might be liable, and you may never get another case. You need to know a wide collection of tools as well, not just one.

    Forensics is not like collecting another cert, it is serious business to practice forensics. But do as you will.
    Reply With Quote Quote  

  14. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,597
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #63
    Quote Originally Posted by notnow View Post
    if all you have done is a 5-day course, it won't be fun, you might be liable, and you may never get another case.
    No lawyer would put anyone like that in a courtroom. They wouldn't even make it through a deposition. A lawyer looks at a forensic examiner's CV first, and if the experience isn't on there you'll never get a call. Therefore, a $15/hr tool-monkey working in a forensics lab should never need worry about getting called to testify on a case.

    And I only replied to your post because you didn't provide a link to City U's program for other interested readers to follow.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  15. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,597
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #64

    Default SANS Forensics Classes and Certifications

    For people who may be interested in computer forensics classes and certs from The SANS Institute:

    SANS 5 & 6 Day Forensics Courses

    SANS vLive! Forensics 508: Advanced Computer Forensic Analysis and Incident Response
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  16. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,652

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #65
    Quote Originally Posted by JDMurray View Post
    For people who may be interested in computer forensics classes and certs from The SANS Institute:

    SANS 5 & 6 Day Forensics Courses

    SANS vLive! Forensics 508: Advanced Computer Forensic Analysis and Incident Response
    The SANS Computer Forensics web site is great place for learning or expanding knowledge on computer forensics: SANS Computer Forensics Training, Incident Response with Rob Lee
    Last edited by veritas_libertas; 04-29-2011 at 02:28 PM.
    Currently working on: Resting
    Reply With Quote Quote  

  17. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    3,828

    Certifications
    BS-CST CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA CMFF
    #66
    JD did you read any more of Digital Forensics for Network, Internet, and Cloud Computing: A Forensic Evidence Guide for Moving Targets and Data? Richard Bejtlich gave it a pretty crappy review so I am wondering about your thoughts on it....
    WIP:
    MS in Legal Studies - Drexel University
    Mobile Forensics
    Kotlin
    Python
    Reply With Quote Quote  

  18. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,597
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #67
    "Digital Forensics for Network, Internet, and Cloud Computing (DFFNIACC) is one of the worst books I've read in the last few years."

    Yeah, that's an unfavorable review all right. I haven't tried to read it, but now maybe I'll just look at the NetFlow and NetWitness chapters.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  19. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,597
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #68
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  20. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #69
    Quote Originally Posted by JDMurray View Post
    Good Review.


    JD, as a person who has taken the oscp course do you feel that this is in line with oscp level knowledge or is it closer to CEH knowledge? I am thinking of picking this book up sometime in the summer (after I am done with the elearnsecurity course and a few other books).
    Reply With Quote Quote  

  21. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,597
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #70
    The book is useful for learning material in the CEH, LPT, OCSP, and OSCE certs. The Offensive Security certs actually use BackTrack in the training and exams. CEH has very little material about pen testing, but most of the tools found in the CEH can be used on BackTrack. I've never seen the LPT cert materials, but I'm guessing BackTrack should be very useful too.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  22. Senior Member onesaint's Avatar
    Join Date
    May 2011
    Location
    Los Angeles
    Posts
    781

    Certifications
    CCNA, RHCSA
    #71
    JD, thanks for the fantastic thread. Ive got family in CF and this has been an interesting to read, helping me to learn more specifically about what they do.

    Can you elaborate a bit on the differences between something like incidence response and other CF fields? Ive got a broad understanding of the different areas, but find that things really become refined when laying out a plan for certs to achieve and the desired place to land in the info sec industry.
    Reply With Quote Quote  

  23. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,597
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #72
    Quote Originally Posted by onesaint View Post
    Can you elaborate a bit on the differences between something like incidence response and other CF fields?
    Computer forensics techniques can be used in an incident response operation, but only if that type of evidence gathering and data collection is needed to document and resolve the incident. CF is formally used when the result of the investigation may be reported in a court of law. If an incident will not involve the legal system (such as with administrative rule violations within a corporation), computer forensics is not used. However, you an still use computer forensics techniques to collect evidence of misuse of company resources, workplace harassment, violations of corporate security policies, etc. This is what most people think computer forensics is really used for.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  24. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,652

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #73
    Found an interesting DF presentation at WGU by George Wade of Sobel & Company, LLC:

    WGU'S session with Mr. Wade was very informative. It was great to hear from an expert in the field. If you couldn't make it you can still view the recording by going to the link below. While viewing the recording you can also download the files in the share window. First file is just the briefing and the other is a zip file with a video and briefing slides. Enjoy!
    WGU Alumni Community - Cyber Forensics Open Forum with George Wade
    Currently working on: Resting
    Reply With Quote Quote  

  25. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,597
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #74
    This is an excellent Forensic 4cast podcast episode featuring a Q&A panel of women "forensicators."

    Episode 38 – Independent Women REPOST : Forensic 4cast
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  26. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,597
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #75
    One of my computer forensics instructors was interviewed by Tom Hulce of KNX 1070 AM and talks about the series of computer forensics classes I took with him. It's really just a collection of sound bites, but the information is interesting and accurate.

    http://www.csufextension.org/ueeimag...PDF/Andy_S.mp3
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

+ Reply to Thread
Page 3 of 8 First 123 4567 ... Last

Social Networking & Bookmarks