EH-Net

There are only a few certs that I know about CHFI, GCFA, and EnCE. From your experience or knowledge, can you tell me which one you would prefer and why?

Thanks

I saw the thread wasn't getting too much attention. I figure I'll add on my opinion. I threw each certification onto Dice (http://www.dice.com/) 1 at a time and noticed EnCE had the most results for open jobs. I'm not a forensics guy on my end, but it looks like be either EnCE or GCFA are top listed. They all look well known in the forensics industry but I would prefer to hold the GCFA due to the GIAC certifications looking really nice on a resume. A job I noticed that was listed for it that wasn't listed for the CHFI and EnCE roles were Malware Reverse Engineer - that sounds pretty wicked. ;)

Think about it in regards to what the certs actually mean.  The GCFA and others like it are meant to show that you're very familiar with the process of forensics and generally familiar with a variety of tools.  The EnCE and others like it are meant to show that you're very familiar with one tool and generally familiar with the overall process of forensics. 

If you're focusing on traditional forensics and face a lot of time on the witness stand, a tool based cert (eg. EnCE) will go far since the opposing lawyers will spend a lot of effort trying to find weaknesses in the various tools and processes you use as well as your experience with each.  If you have a cert in a well known, vetted product like EnCase and you follow your checklists to the letter it is hard to get yourself in trouble and hard for them to portray you as being unskilled/unfamiliar with your tools.

If you're focusing on non-traditional forensics (more incident response focused and less litigation focused) then the general certs will probably go farther as they suggest that your skillset is broad versus deep. (familiar with a lot of tools and platforms rather than being an expert witness in one specific tool)  You can also specialize with additional certs like the GREM for malware, network forensics, etc.  Please note that I'm implying that much of this is about appearances.  I know folks that are skilled in both areas, but many people will eventually choose to favor one path over the other.

As of right now I would prefer a job with less litigation but I really don't know enough right now to choose. I think my course of study is to read about 3-5 forensic books..I started http://www.amazon.com/Computer-Forensics-JumpStart-Michael-Solomon/dp/0470931663/ref=sr_1_11?ie=UTF8&qid=1323789441&sr=8-11 and I should be done with it later tonight or tomorrow..

the next book will be http://www.amazon.com/System-Forensic-Analysis-Brian-Carrier/dp/0321268172/ref=pd_sim_b_2

3.http://www.amazon.com/Windows-Forensic-Analysis-Toolkit-Second/dp/1597494224/ref=pd_sim_b_1

4.http://www.amazon.com/Digital-Forensics-Open-Source-Tools/dp/1597495867/ref=pd_sim_b_4

I'm trying to read 75-100 pages a day but I'll probably start taking notes after the 1st book..so the number of pages will probably go down.

After those 4 books, I should have a good understanding of CF..so I'll start studying for the CHFI...then move to GCFA (if the money situation works out)...if I'm not burnt out by that point..EnCE

This book was refered to me by a Sr Computer Forensics Analyst years ago and then a few months later in school this was the one we used as the book for the class.  Very good book

http://www.amazon.com/Digital-Evidence-Computer-Crime-Third/dp/0123742684/ref=sr_1_6?ie=UTF8&qid=1323818518&sr=8-6

Think about picking it up.

CCE was always highly regarded as it includes a practical portion of the exam. Not sure how many certs they give out a year or how well they've been doing lately, but thought I'd throw it into the mix:

http://www.isfce.com/certification.htm

Don