+ Reply to Thread
Page 1 of 8 1 2345 ... Last
Results 1 to 25 of 192
  1. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,596
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #1

    Default Computer Forensics Certifications

    One of the transient InfoSec topics on TechExams.net is that of Computer Forensics (CF). In 2010, I had a chance to dig into this field and ended up writing this blog article on CF certifications:

    Computer Forensics Certifications | TechExams.net Blogs

    It looks like I'll be continuing with my CF studies into 2011, and maybe picking up a CF cert or two. If anyone is interested in CF, please post here and we'll see what TechExams.net can get going to contribute to the CF cert community.

    --JDMurray
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  2. SS -->
  3. InfoSec Pro ibcritn's Avatar
    Join Date
    Nov 2010
    Posts
    338
    #2
    I will certainly contribute information when I start studying for CHFI. What sort of information are you looking for?
    Last edited by ibcritn; 12-20-2010 at 08:11 PM.
    Reply With Quote Quote  

  4. Member
    Join Date
    Aug 2008
    Location
    UK
    Posts
    82

    Certifications
    A+, Network+, CCNA
    #3
    Great blog post JDMurray!

    An interest in digital forensics was what got me into IT initially. Although my interest now is more network security focused, i'm still interested in any related posts.

    During my research into the field, I came across some excellent resources, both forums and tools. I'm not sure on the rules on advertising other forums so I'll leave it up to google for people to find them. I believe SANS do a free linux forensic toolkit to get anyone started with low level data analysis. It comes with FTK Imager.
    Real Digital Forensics and File System Forensic Analysis are both books I own and would recommend. I would warn the latter is very in depth.

    Mobile phone and PDA knowledge is often required for forensic tech jobs too due to current smartphone capabilities.

    I could be wrong, but I heard most states in the US require anyone carrying out forensic work must have a PI license?
    Reply With Quote Quote  

  5. Member
    Join Date
    Aug 2008
    Location
    UK
    Posts
    82

    Certifications
    A+, Network+, CCNA
    #4
    JDMurray, what area of forensics do you work in? Private, Gov'ment or Law enforcement?
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #5
    I am interested.
    Reply With Quote Quote  

  7. Cyber Ninja III rogue2shadow's Avatar
    Join Date
    Apr 2010
    Location
    MD
    Posts
    1,498

    Certifications
    CISSP, GXPN, OSCE, OSCP, OSWP, CEH, CNDA, CPT, Security+, Network+, A+
    #6
    Quote Originally Posted by Bl8ckr0uter View Post
    I am interested.
    +1. I was thinking CHFI in 2012.
    Reply With Quote Quote  

  8. Command Line Ninja Chris:/*'s Avatar
    Join Date
    Apr 2010
    Location
    In the void
    Posts
    657

    Certifications
    NSTISSI (4012 & 4011), eCPPT, CEH, CHFI, EDRP, CWSP, CWNA, RHCSA, VCP 3, G2700, GSEC, CIW:SP:WFA, Security+, Network+, A+
    #7
    I am completing my CHFI in 2011.
    Reply With Quote Quote  

  9. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,596
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #8
    Quote Originally Posted by ibcritn View Post
    What sort of information are you looking for?
    I am just looking for participation by TE member interested in computer forensics. Any input is appreciated!
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  10. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,596
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #9
    Quote Originally Posted by mark_s0 View Post
    JDMurray, what area of forensics do you work in? Private, Gov'ment or Law enforcement?
    I write software that performs forensics(-like) operations for most any type of situation, but Malware discovery/analysis/attribution is the hot thing right now.

    Quote Originally Posted by mark_s0 View Post
    Great blog post JDMurray!
    Thanks!

    Quote Originally Posted by mark_s0 View Post
    An interest in digital forensics was what got me into IT initially. Although my interest now is more network security focused, i'm still interested in any related posts.
    The technical side of CF was what initially pulled me in, but I really like the legal aspects too, although writing all the documentation (chain of custody) is a bit tedious.

    Quote Originally Posted by mark_s0 View Post
    During my research into the field, I came across some excellent resources, both forums and tools.
    I should write up a blog article on free tools to get people started. There are a lot of them out there. I'm using PALADIN from www.sumuri.com a lot now. The trial releases of commercial packages, like EnCase and FTK, are useful for learning too.

    Quote Originally Posted by mark_s0 View Post
    It comes with FTK Imager. Real Digital Forensics and File System Forensic Analysis are both books I own and would recommend. I would warn the latter is very in depth.
    Yeah, it's impossible to do "just a little computer forensics." You need to dive right into storage system and file system structures . It gets down into the meat of computer systems pretty quickly.

    Quote Originally Posted by mark_s0 View Post
    I could be wrong, but I heard most states in the US require anyone carrying out forensic work must have a PI license?
    It does vary by state. Yes for Texas, no for California, and I'm not sure about the rest. There are also exceptions for people who work at law firms, civilian employees of law enforcement agencies, etc. That would be a a good list to compile.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  11. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,596
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #10
    Quote Originally Posted by Chris:/* View Post
    I am completing my CHFI in 2011.
    I'm checking if I can do EnCE first then CHFI next. That would take me all of 2011 if I started right now.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  12. Command Line Ninja Chris:/*'s Avatar
    Join Date
    Apr 2010
    Location
    In the void
    Posts
    657

    Certifications
    NSTISSI (4012 & 4011), eCPPT, CEH, CHFI, EDRP, CWSP, CWNA, RHCSA, VCP 3, G2700, GSEC, CIW:SP:WFA, Security+, Network+, A+
    #11
    Quote Originally Posted by JDMurray View Post
    I'm checking if I can do EnCE first then CHFI next. That would take me all of 2011 if I started right now.
    I hope you have some capital or access to Encase for the EnCE. I have pretty significant experience with the software but it is really for people who have access to it. That being said EnCE coupled with experience as you have shown will quickly vault you into a great position. Best of luck!
    Reply With Quote Quote  

  13. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,596
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #12
    The hitch with the EnCE (and EnCEP) is that attending some sort of training in EnCase is a requirement for the certification. I'm not sure if the college classes I'm taking now will qualify me to take the exam, but I'll find out soon. You can waive the training requirement if you have professional computer forensics examination experience, but I'm not that far yet.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  14. Command Line Ninja Chris:/*'s Avatar
    Join Date
    Apr 2010
    Location
    In the void
    Posts
    657

    Certifications
    NSTISSI (4012 & 4011), eCPPT, CEH, CHFI, EDRP, CWSP, CWNA, RHCSA, VCP 3, G2700, GSEC, CIW:SP:WFA, Security+, Network+, A+
    #13
    It should full fill the requirement they really like seeing DCI training though. DCI has a webcast training you can get you into if you can show your employer has a need for you to understand Forensics.
    Reply With Quote Quote  

  15. Junior Member thebogman87's Avatar
    Join Date
    Dec 2010
    Location
    DC Metro Area
    Posts
    9

    Certifications
    BS Math & Computer Science, A+, Security+
    #14
    I'm in a master's program in High Technology Crime Investigation (a mouthful for what's simply computer forensics) at George Washington University. I am hoping to knock out a few certifications while I'm still in school.. I just don't know which certs I wanna get yet. I'm hoping to get some guidance before I take the plunge haha don't wanna waste time getting certs that aren't going to help me yet.
    Reply With Quote Quote  

  16. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,652

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #15
    I would enjoy getting involved in Computer or Network Forensics eventually. The only hitch with Computer Forensics is that appears to still be heavily bent towards folks with past law enforcement or legal experience.
    Currently working on: Resting
    Reply With Quote Quote  

  17. Senior Member
    Join Date
    Mar 2010
    Location
    Utah
    Posts
    151

    Certifications
    MCITP: EA, C|EH, CHFI, EDRP, G2700, A+, Network +, Project+, Security+, plus some CIW certs.
    #16
    Thanks for this thread, there's some useful info. I'm planning on doing CHFI this year as a part of the WGU Masters program.
    Reply With Quote Quote  

  18. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,596
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #17
    Quote Originally Posted by veritas_libertas View Post
    The only hitch with Computer Forensics is that appears to still be heavily bent towards folks with past law enforcement or legal experience.
    If you actually want to earn a living in CF then you'll need to learn how to write legal documentation, interact with attorneys and law enforcement personnel, and testify in depositions and court as an expert witness (litigation support specialist). Doing only the technical side of CF will only land you employment as a $15/hr lab tech imaging hard drives, managing the property room, and filling out lots of paperwork.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  19. Junior Member thebogman87's Avatar
    Join Date
    Dec 2010
    Location
    DC Metro Area
    Posts
    9

    Certifications
    BS Math & Computer Science, A+, Security+
    #18
    Quote Originally Posted by JDMurray View Post
    If you actually want to earn a living in CF then you'll need to learn how to write legal documentation, interact with attorneys and law enforcement personnel, and testify in depositions and court as an expert witness (litigation support specialist). Doing only the technical side of CF will only land you employment as a $15/hr lab tech imaging hard drives, managing the property room, and filling out lots of paperwork.
    I'd agree this is true only if you're looking to do what's considered traditional forensics. Computer forensics can also branch out into other fields such as malware forensic research, reverse engineering, and incidence response. I particularly don't have very much interest in law enforcement and criminal justice. I'm more interested in ripping things apart and learning every detail.
    Reply With Quote Quote  

  20. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,652

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #19
    Quote Originally Posted by JDMurray View Post
    If you actually want to earn a living in CF then you'll need to learn how to write legal documentation, interact with attorneys and law enforcement personnel, and testify in depositions and court as an expert witness (litigation support specialist). Doing only the technical side of CF will only land you employment as a $15/hr lab tech imaging hard drives, managing the property room, and filling out lots of paperwork.
    Agreed (my Father-In-Law has done some electronic forensics) but how do you get into an IT position that opens the door for this other than having a legal or Law Enforcement position?
    Currently working on: Resting
    Reply With Quote Quote  

  21. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,596
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #20
    Quote Originally Posted by thebogman87 View Post
    Computer forensics can also branch out into other fields such as malware forensic research, reverse engineering, and incidence response.
    True, but you need to consider just how much forensics is--or isn't-- used in other fields.

    For example, Malware research uses forensics for identifying and collecting Malware from endpoints, midpoints, and networks, and somewhat for the attribution of the Malware's origin. However, the majority of the work in Malware research is falls under the categories of software engineering, computer science, historical research, and report writing/presentation. These fields are probably not what most people interested in computer/network forensics want to be doing most of their time. They are likely to be disappointed by how little true forensics work they end up actually doing as a Malware researcher.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  22. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,596
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #21
    Quote Originally Posted by veritas_libertas View Post
    but how do you get into an IT position that opens the door for this other than having a legal or Law Enforcement position?
    The way in now is through the field of Electronic Discovery (eDiscovery). In eDiscovery, forensics techniques are used to collect information from organization to be used in litigation. You work either for the corporation being sued or for a law office that is either on the prosecution or defense. The majority of the hard work is in communicating with the different organizational departments that own the information that is needed. Get use to working with email and database servers, file storage systems (NAS, SAN), AD, LDAP, BlackBerry Enterprise Server (BES), and all sort of software apps used to store and retrieve information. eDiscovery is not true computer forensics (e.g., physical disk imaging, chain of custody, common forensics tools), but it's what gets your foot in the door.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  23. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,652

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #22
    Quote Originally Posted by JDMurray View Post
    The way in now is through the field of Electronic Discovery (eDiscovery). In eDiscovery, forensics techniques are used to collect information from organization to be used in litigation. You work either for the corporation being sued or for a law office that is either on the prosecution or defense. The majority of the hard work is in communicating with the different organizational departments that own the information that is needed. Get use to working with email and database servers, file storage systems (NAS, SAN), AD, LDAP, BlackBerry Enterprise Server (BES), and all sort of software apps used to store and retrieve information. eDiscovery is not true computer forensics (e.g., physical disk imaging, chain of custody, common forensics tools), but it's what gets your foot in the door.
    How does someone get into this kind of position? What kind of certifications and education would help? I would assume that at the least an A+ and Bachelor degree?
    Currently working on: Resting
    Reply With Quote Quote  

  24. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,596
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #23
    Quote Originally Posted by veritas_libertas View Post
    How does someone get into this kind of position? What kind of certifications and education would help? I would assume that at the least an A+ and Bachelor degree?
    Look up eDiscovery jobs on dice.com and check what hiring managers are asking for in terms of education, certification, and experience. I would suggest first searching on the term "electronic discovery" and then going on from there.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  25. Command Line Ninja Chris:/*'s Avatar
    Join Date
    Apr 2010
    Location
    In the void
    Posts
    657

    Certifications
    NSTISSI (4012 & 4011), eCPPT, CEH, CHFI, EDRP, CWSP, CWNA, RHCSA, VCP 3, G2700, GSEC, CIW:SP:WFA, Security+, Network+, A+
    #24
    You really want a degree in either Electrical Engineering or Computer Science if you want to get into reverse engineering and malware analysis. That is not to say that is the only way to get there. When I received my forensics training the two gentlemen were ex-army with a ton of experience. If you are in the military you can join one of the special police units to get your foot in the door.

    There are a number of certification providers but you do need a solid foundation in the way the world of computers works. It also depends as JD pointed out in what part of the forensics world you want to work in.
    Reply With Quote Quote  

  26. Junior Member thebogman87's Avatar
    Join Date
    Dec 2010
    Location
    DC Metro Area
    Posts
    9

    Certifications
    BS Math & Computer Science, A+, Security+
    #25
    Quote Originally Posted by JDMurray View Post
    They are likely to be disappointed by how little true forensics work they end up actually doing as a Malware researcher.
    I think I was more disappointed finding out that a lot of computer forensics work is just running grep tools on EnCase haha (not being entirely serious)
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 8 1 2345 ... Last

Social Networking & Bookmarks