this is actually pretty damn funny. 

I am a former AF info warefare guy, and I have to agree.  it is probably more political than anything.  Someone wants to lift thier leg and mark their territory and work on that next peice of brass.

I am also in Nashville.  Forensics here is a small world...just like everything else in Nashville...you know how the good ole boy network is.  Being a former cop I cant imagine that it would be hard to get good consulting work with Metro, TBI or the state.  From what I understand their forensic program is really under staffed. 

Cheers!
Shane   

What part of TN?  I also live in TN.  Ther eis a good forensic program in north GA:
http://www.kennesaw.edu/coned/sci/index.htm
If you have expereince, you can take some of there classes and get pretty ramped up. 

Are you looking for a degree or certifications?  If you already have a degree (regardless of what it is in, I would go the cert route first.  then top it off in acedemia.  Just my two cents.

I think the biggest thing is to simply be curious.  If you are not curious this is not the field for you.  First be a generalist...then find something you really enjoy and dig...and dig...and dig.

I am completley shocked by this.  This makes no sense at so many levels.  Unless there is a VERY clearly defined principal of what is an investigation and what is not an ivestigation, it cant really hold up in court.  Most of it has to do with who asks you to perform the duty. 

Can this leak into corporate life? 

this is just crazy.

This is a little off topic, but I really do appreciate a genuine notion of ethics in this group.  And it is done with out all the internet board anger\garbage talk\ or what ever you would like to call it.  I dont find that much in my profession....so Cheers to all!

to the person that posted - dont be offended if you are a newbie or a seasoned IT person.  This is good litmus testing just as our profession needs.

There are so many levels of problems here.  If this is the case, it is still not legal to break someones personal email account.  You cant take thier password and rummage through thier account. 

but you can examine the computer.  This is done every day.  Just get a forensic examiner to check it out.  With encase you can peice together a bunch of interesting things like webmail pages.  Plus, if it turns into litigation, you stealing a password isnot going to help matters.

Hey guys,
Are there any tools that any of you recommend to pull flat file EDBs form BKFs?  I am looking at a couple recovery tools, but I am just wondering if any one out there has some good tricks.  Since there is no way to mount these in Encase, it is a pain in the but to extract message stores.  Also, if you use any of the restore software, it wont allow you to restore to anything but and exchange server.

I agree with VJ.  I would just start with the basic certs and move on to the more technical or difficult ones.  Sec+, Ethical Hacker, MCSE or Cisco then maybe move onto something like a CISSP (not technical or difficult but may help in career progression).  The reason I say an MS or Cisco (or a developer track if that is what you are into) is becuase I find that in the security world it is nice to really understand the technology outside of a security context.  That is why I suggest to many people that want to be in security "go be a developer or network engineer first...it will serve you well."   Kinda like being a cop before you are a detective.  It gives you a good perspective. 

I think the most important thing is to find a good company that will give you a well rounded experience.  Personally, when I hire, I dont concentrate on certs.  They help a little when there is a good balance of certs and expereince.

Cheers! 

It really depends on what and why you want to get certified.  I think a PMP is very valuable.  But I dont think it would help you much if you are posting in this forum.

and oh yeah the fact that someone openly placed malicious data on a machine makes proving guilt in court very difficult.  You guys are dead on.  Forensics need to follow a strict set of rules.  What kind of rules did that guy follow?  probably none.  That comes up in almost every case I am part of. "how do we know someone else didnt put this here/edit this/post this...yadda yaddaa" 

Ok I will get off my soap box  

There are so many issues here.  I agree with Cadilac.  There is no difference between the virtual world and physical world.  I think many of you are right on target.  

The only thing I could add is that child porn is a low hanging fruit.  Everyone can agree that it is awful.  If they make it OK to be a hactivist to do this, they can also push the envelope closer to internet regulation and monitoring.  Breaking the law is breaking the law.  

I really quesiton what that guy is doing on CP sites posting CP.  What would happen if I went out and dealt crack or meth - but I I put a tracker in the bags.  I would still be a meth dealer and I would go to jail.  I imagine he is not posting inoceently...he has to be enticing people.  I have to go re-enact the crying game and go cry in my shower....ugh.

This is interesting.  This made me think of how pendulums swing from one side to the other.  Right now people find security in doing bad stuff from their home office…toilet…or what ever special place they have.  Imagine when true street criminals find it easy to extort local companies.  Meaning, they become more localized and crime based.  One scenario would be exactly like old school mobsters…just a little nerdy.  The local coffee shop has a free wireless network that brings in people from all around.  Gangster X decides to take it over and turn it off or start hijacking info.  They tell the owner that this can stop if they pay up a small fee.  They can call the cops…but really what is that going to do if they are threatening violence.  This is a stretch, but the scenerios could get interesting.     

Hi everyone,
this should be an easy question, but I cant seem to find a good list.  so I figured I would ask my new favorite site!

What industry regulations require Pen Testing?  I know the sections in PCI, and I know HIPAA kinda almost suggests it.  What other regs state that you must?