• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Getting into Computer Forensics

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Computer Forensics and Incident Response

View previous topic :: View next topic  
Author Message
bugs_whats_up_doc
Just Arrived
Just Arrived


Joined: 11 Sep 2003
Posts: 4
Location: UK

Offline

PostPosted: Fri Dec 12, 2003 11:16 am    Post subject: Getting into Computer Forensics Reply with quote

I`m interested in getting into computer forensics as a job. I`m currently just finishing my degree in Computer Studies. I would like to know what everyone things about certification is it applicable in this line of work? I am going to set up a lab to perform "test break-ins" and iv already learned alot about security from these forums and the web. At the moment I think I need to learn PHP or some other scripting language.

Is this job more commonly freelance experts or is it best to join a company?

thanks

Craig Dunn
Back to top
View user's profile Send private message Send e-mail Yahoo Messenger MSN Messenger
Networkguy
Trusted SF Member
Trusted SF Member


Joined: 29 Apr 2002
Posts: 16777215
Location: UK

Offline

PostPosted: Fri Dec 12, 2003 11:30 am    Post subject: Reply with quote

You could always become a special constable Very Happy

http://www.theregister.co.uk/content/55/34473.html
Back to top
View user's profile Send private message
Mongrel
SF Mod
SF Mod


Joined: 30 May 2002
Posts: 8


Offline

PostPosted: Fri Dec 12, 2003 12:41 pm    Post subject: Reply with quote

bugs_whats_up_doc - did you read through SFDC's
Security/Network Security Jobs & Certifications thread?

There's a good starter post there called
To Certify or not to certify?

I'd think that Certified Ethical Hacker would be good but the real
place to check with would be potential employers.

Read through online job postings, government sites,
law enforcement sites, contact people like
Semper Fi Global Communications or others who
do forensics professionally. Ask what they look for in line of certs.

I think that many pros will say that certs aren't important and that certain
experience is moreso.

In that case, find specific skills, software and other equipment that they
use.

You're going to be involved with things like gathering evidence for legal
cases so there's that aspect to consider as well. Look into UK
requirements for that.
Back to top
View user's profile Send private message
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Fri Dec 12, 2003 12:47 pm    Post subject: Reply with quote

If you want to get into computer forensics and incident response you need some serious in depth technical skills of both Windows and Linux at the file system and software level. You need to know how to extract file streams, read slack space, examine the mbr and so on.

You need a good array of hardware devices as you need to be able to mirror disks that are both SCSI and IDE, tapes are useful. You need a good electronic toolkit and a lot of experience.

It's a seriously technical area.

This is a good book:

Incident Response & Computer Forensics Second Edition

I'm also currently reviewing another seminal forensics text.

There are some specific forensics courses but they are very expensive, I would suggest subscribing to Bugtraq Forensics list and Yahoo Internet Crime list.

It's best to join a company if you wish to do this professionally, unless you have big backing you wont get jobs because you HAVE to be legally watertight and know exactly what you are doing when conducting forensic examinations (chain of evidence, integrity and assurability etc.).

If it's what you want to do, go for it as it's a very interesting area but from what I've seen you post on the forum you have 3-5 years to go before you could be a competent forensics investigator.


Last edited by ShaolinTiger on Fri Dec 12, 2003 1:23 pm; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website
bugs_whats_up_doc
Just Arrived
Just Arrived


Joined: 11 Sep 2003
Posts: 4
Location: UK

Offline

PostPosted: Fri Dec 12, 2003 1:08 pm    Post subject: Reply with quote

Thanks ShaolinTiger for all the information, it was really usefull to know the kinda skills I would need I read your review on Incident Response and Forensics and found it very interesting.

I realise it is a VERY skilled area and I may even change my mind again over what area I would like to go into, but i`m thinking I would like to develop some of these skills for myself, and if I manage to turn this into a career then it would be good. but if I dont then I still have the skills
Back to top
View user's profile Send private message Send e-mail Yahoo Messenger MSN Messenger
tejaaa
Just Arrived
Just Arrived


Joined: 25 Oct 2002
Posts: 3


Offline

PostPosted: Fri Dec 12, 2003 1:18 pm    Post subject: Re: Getting into Computer Forensics Reply with quote

bugs_whats_up_doc wrote:
I`m interested in getting into computer forensics as a job. I`m currently just finishing my degree in Computer Studies. I would like to know what everyone things about certification is it applicable in this line of work? I am going to set up a lab to perform "test break-ins" and iv already learned alot about security from these forums and the web. At the moment I think I need to learn PHP or some other scripting language.

Is this job more commonly freelance experts or is it best to join a company?

thanks

Craig Dunn


Good luck friend with your future.

Tejaaa
Back to top
View user's profile Send private message
b4rtm4n
Trusted SF Member
Trusted SF Member


Joined: 26 May 2002
Posts: 16777206
Location: Bi Mon Sci Fi Con

Offline

PostPosted: Fri Dec 12, 2003 2:10 pm    Post subject: Reply with quote

It can also be fun to do basic forensics on systems that you work on.

Gives you a chance to learn the techniques and skills involved and you never know what you might turn up! Wink (Be careful and only do it on systems you are directly responsible for - gotta respect peoples privacy Wink Wink )

pop over to www.atstake.com and grab The Sleuth Kit and Autopsy install them on a linux system and start learning.

Even if you decide not to persue forensics as a career you'll pick up a lot of useful knowledge.
Back to top
View user's profile Send private message Send e-mail
spoofedpackets
Just Arrived
Just Arrived


Joined: 03 Mar 2003
Posts: 1
Location: Atlanta

Offline

PostPosted: Fri Jan 23, 2004 4:47 am    Post subject: Reply with quote

Another good app is called "F.I.R.E" short for Forensics and Incident Response Environment.

Website located here

http://fire.dmzs.com/


its a hot bootable cd with all kinds of tools for forensics examinations. I would definatly spend some time checking this out. I have been reading

"Incident Response Investigating Computer Crime"

http://www.amazon.com/exec/obidos/tg/detail/-/0072131829/ref=pd_sim_books_5/securitforums-20/102-5799452-3026540?v=glance&s=books

and

"Computer Forensics - Computer Crime Scene Investigations"

http://www.amazon.com/exec/obidos/tg/detail/-/1584500182/qid=1074825940//ref=sr_8_xs_ap_i9_xgl14/securitforums-20/102-5799452-3026540?v=glance&s=books&n=507846


Both are good books. I am a novice in the forensics field and i got a lot of good info out of these two books and the fire program.

Good Luck
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger
Swifty
Just Arrived
Just Arrived


Joined: 17 Dec 2003
Posts: 0
Location: Here & There

Offline

PostPosted: Sun Feb 08, 2004 1:18 am    Post subject: Reply with quote

Sorry to bump this thread but I thought I'd a my 2 cents worth. You may want to try this website: www.forensic-training.police.uk | www.forensic.gov.uk | www.forensic-science-society.org.uk |

www.worktrain.gov.uk/Script/occupationdetails2_4.asp?lngSessionID=38703084&strLastPage=occupationsearchresults2_3.asp&strKeyWord=forensic+scientist&blnSingleResult=False&lngCareerID=595
Back to top
View user's profile Send private message
throck
Just Arrived
Just Arrived


Joined: 08 Dec 2003
Posts: 0


Offline

PostPosted: Mon Feb 23, 2004 9:58 pm    Post subject: Reply with quote

Forensic's? Go here: http://www.honeynet.org/misc/chall.html
And then "Recover and analyze a floppy".
This site contains many good labs which are live in the wild. For anyone not up to par on the how to- there is one very detailed step by step post mortem for each lab along with the tools used.
Some of the people that solved it may not have used all free tools, so be sure to read more than one of the explanations.
Also, I recommend the archive site
http://www.honeynet.org/scans/archive.html where you can view and disect scans. One is analyzing a months worth of scans.
Pass this URL around, it's definately a top ten for this security site.
If you like this, I can post more that are along this same genre. Rolling Eyes
Back to top
View user's profile Send private message
ChrisM
Just Arrived
Just Arrived


Joined: 13 Apr 2004
Posts: 0


Offline

PostPosted: Thu Apr 22, 2004 3:42 pm    Post subject: Reply with quote

I think you are going to need to get at least your masters. Try to get into a government program.
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Computer Forensics and Incident Response All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register