Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
· Home
· Content
· Forensic Downloads
· Forensics Feedback
· Forums
· Members List
· Statistics
· Surveys
· Top 10
· Topics
· Training Reviews
· Web Links
· Your Account

Our Membership

Latest: williamlucas
New Today: 0
New Yesterday: 0
Overall: 29661

Computer Forensics
This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.

Recent Posts

 Puma Suede zapatos compactos a menudo usan esas sutilezas
 Software to search an FTK Lite Mounted drive with keyword
 How much can be found?
 Computer Forensic in responding to Data Breach issues
 A bunch of numbers about digital evidences collection

Computer Forensics World Forums

Pages Served
We received
page views since August 2004

Security Sources

OnGuard Online
ISO 17799 ISO 27001
ISO 27000 Toolkit
ISO 27001 & 27000
Security Policies

Computer Forensics World: Forums

Computer Forensics World :: View topic - Any help appreciated...
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Any help appreciated...

Post new topic   Reply to topic    Computer Forensics World Forum Index -> Digital Forensics: Getting Started
View previous topic :: View next topic  
Author Message

Joined: Dec 14, 2011
Posts: 3

PostPosted: Wed Dec 21, 2011 7:04 am    Post subject: Any help appreciated... Reply with quote

I have been working in the IT field for 10+ years, the most recent 8 at an IT consulting firm that prides itself in being an "all-in-one" provider for our clients. Whether it's infrastructure, app/web development, business intelligence, virtualization...we have specialized individuals or teams that are more than capable of meeting a company's needs. However, we are not certified to offer much assistance in the area of computer forensics. Sure we can restore deleted files or basic tracking of computer activity history, but most of the advanced stuff we typically outsource or refer to a company that is certified to deal with these matters. Last year, one of our larger clients was involved in a litigation where they were a 3rd party and all data/evidence was collected on their servers. The company would only allow me to be their onsite consultant and protect their best interest, so I was forced to participate in the entire process. I'm not going to lie, I was out of my element and a bit overwhelmed at first, but by the end of the 7 month ordeal and a 12 hour deposition later, I had developed a pretty good understanding of what all computer forensics entailed. I would now like to pursue the possibility training/certifications and perhaps begin offering these types of services to current clients. My question is, would I be better off purchasing EnCase or FTK and doing their specialized certification process or are the CFCE, GCFE, CCE certifications more prestigious and industry accepted? Thanks again for any help.
Back to top
View user's profile

Joined: Jan 01, 2007
Posts: 1130
Location: USA

PostPosted: Wed Dec 21, 2011 7:56 am    Post subject: Reply with quote

From what you describe, you were really more involved with eDiscovery. An equally interesting and specialized field unto itself.

One of the major players in that field is Kroll. They also provide training. You can find more information on at w w w . krollontrack . com/certification-courses/

EnCase and FTK are really just the starting point for software. As you do more work you will find they are good generalist tools, but that you require many specialized tools.

And then there is the hardware. Dedicated computers, storage devices, write blockers, specialized devices for phones, and the list goes on. There can be a pretty high entry fee so make sure to do some research before the sticker shock sets in.

The training for the CFCE, GCFE and CCE provide more information on the process and not just the use of a particular tool like EnCE and ACE. Again they are all just a starting point. I am sure at some point you will want some Criminal Justice training.

Also keep in mind some States require a PI license, so make sure you understand the legalities.
Back to top
View user's profile

Joined: Dec 14, 2011
Posts: 3

PostPosted: Wed Dec 21, 2011 9:08 am    Post subject: Reply with quote

You're right, it was more eDiscovery. This case was a little unique in that the company would not allow the court appointed forensic analyst to take any data offsite. He was forced to bring an entrie "moble lab" onsite. They were also adamant that I was aware of every process that was done with their data. The guy was great and in reading several things about his background and published articles he's written, he appears to be a signaficant figure in the CF world. Anwyay, he complied with thier requests and allowed me to ask questions throughout the entire process.

I know alot of people will say "money isn't a factor", but in this case it really isn't. I'm far more concernered, expecically in the begining, with not wasting my time. If I go through a CFCE or CCE and realize at the end that the GCFE adds farm more value and industy recognition, it would be somewhat discouraging. Same being said if it's more important to focus on a specific "out of the box" application and learn it.

From what you're saying, and maybe i'm reading too much into your response, but it doesn't really matter. The EnCase and ACE training are too focused on one particular piece of software, but in real-world practice you'll need several methods and applications to analyze data...and the certifications are general process training, which by themselves don't make anyone more credible than the average computer nerd?
Back to top
View user's profile

Joined: Jan 01, 2007
Posts: 1130
Location: USA

PostPosted: Wed Dec 21, 2011 10:05 am    Post subject: Reply with quote

The only reason I threw in the info on eDiscovery is that as a part of a company you really need to gauge the needs of your clients, how you can fill that need and most especially how you can make money off that need.

The reason training for the CFCE, GCFE and CCE is important is that in addition to teaching computer forensics those classes teach the process. And CF is all about the process, the documentation, the procedures, the documentation, and did I mention the documentation!

Let us say your company decides to jump into CF, sends you to a class on how to run FTK (and the BootCamp class is a very quick introduction) and throws you in with a client. What will be your process for handling evidence? Are you familiar with local and Federal rules of evidence? If not you can get in deep very quickly. How will you report your findings? What in your CV qualifies you when you are being vetted as an expert witness in Court?

And those are just a few things to consider when looking at training.

It is good that money is not a factor, because I would guess your company will be paying out for 2+ years for training and equipment before the first return on investment is seen.
Back to top
View user's profile

Joined: Dec 14, 2011
Posts: 3

PostPosted: Thu Dec 22, 2011 2:20 am    Post subject: Reply with quote

Understood and thanks for your responses.
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    Computer Forensics World Forum Index -> Digital Forensics: Getting Started All times are GMT + 10 Hours
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.10 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003

Forums ©


TMs property of their respective owner. Comments property of posters. 2007 Computer Forensics Science World.
Digital forensic computing news syndication: Computer Forensics Training News or UM Text
Software is copyrighted (c)2003, and is free under licence agreement. All Rights Are Reserved.