Posted: Wed Dec 21, 2011 7:04 am Post subject: Any help appreciated...
I have been working in the IT field for 10+ years, the most recent 8 at an IT consulting firm that prides itself in being an "all-in-one" provider for our clients. Whether it's infrastructure, app/web development, business intelligence, virtualization...we have specialized individuals or teams that are more than capable of meeting a company's needs. However, we are not certified to offer much assistance in the area of computer forensics. Sure we can restore deleted files or basic tracking of computer activity history, but most of the advanced stuff we typically outsource or refer to a company that is certified to deal with these matters. Last year, one of our larger clients was involved in a litigation where they were a 3rd party and all data/evidence was collected on their servers. The company would only allow me to be their onsite consultant and protect their best interest, so I was forced to participate in the entire process. I'm not going to lie, I was out of my element and a bit overwhelmed at first, but by the end of the 7 month ordeal and a 12 hour deposition later, I had developed a pretty good understanding of what all computer forensics entailed. I would now like to pursue the possibility training/certifications and perhaps begin offering these types of services to current clients. My question is, would I be better off purchasing EnCase or FTK and doing their specialized certification process or are the CFCE, GCFE, CCE certifications more prestigious and industry accepted? Thanks again for any help.
From what you describe, you were really more involved with eDiscovery. An equally interesting and specialized field unto itself.
One of the major players in that field is Kroll. They also provide training. You can find more information on at w w w . krollontrack . com/certification-courses/
EnCase and FTK are really just the starting point for software. As you do more work you will find they are good generalist tools, but that you require many specialized tools.
And then there is the hardware. Dedicated computers, storage devices, write blockers, specialized devices for phones, and the list goes on. There can be a pretty high entry fee so make sure to do some research before the sticker shock sets in.
The training for the CFCE, GCFE and CCE provide more information on the process and not just the use of a particular tool like EnCE and ACE. Again they are all just a starting point. I am sure at some point you will want some Criminal Justice training.
Also keep in mind some States require a PI license, so make sure you understand the legalities.
You're right, it was more eDiscovery. This case was a little unique in that the company would not allow the court appointed forensic analyst to take any data offsite. He was forced to bring an entrie "moble lab" onsite. They were also adamant that I was aware of every process that was done with their data. The guy was great and in reading several things about his background and published articles he's written, he appears to be a signaficant figure in the CF world. Anwyay, he complied with thier requests and allowed me to ask questions throughout the entire process.
I know alot of people will say "money isn't a factor", but in this case it really isn't. I'm far more concernered, expecically in the begining, with not wasting my time. If I go through a CFCE or CCE and realize at the end that the GCFE adds farm more value and industy recognition, it would be somewhat discouraging. Same being said if it's more important to focus on a specific "out of the box" application and learn it.
From what you're saying, and maybe i'm reading too much into your response, but it doesn't really matter. The EnCase and ACE training are too focused on one particular piece of software, but in real-world practice you'll need several methods and applications to analyze data...and the certifications are general process training, which by themselves don't make anyone more credible than the average computer nerd?
The only reason I threw in the info on eDiscovery is that as a part of a company you really need to gauge the needs of your clients, how you can fill that need and most especially how you can make money off that need.
The reason training for the CFCE, GCFE and CCE is important is that in addition to teaching computer forensics those classes teach the process. And CF is all about the process, the documentation, the procedures, the documentation, and did I mention the documentation!
Let us say your company decides to jump into CF, sends you to a class on how to run FTK (and the BootCamp class is a very quick introduction) and throws you in with a client. What will be your process for handling evidence? Are you familiar with local and Federal rules of evidence? If not you can get in deep very quickly. How will you report your findings? What in your CV qualifies you when you are being vetted as an expert witness in Court?
And those are just a few things to consider when looking at training.
It is good that money is not a factor, because I would guess your company will be paying out for 2+ years for training and equipment before the first return on investment is seen.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum