Thank you for the good recommendations!  Initially, my use for EnCase will be to look for the existence of specific files, programs in memory, and may expand from there.

I am finally getting to play with more tools at work.  One of the most exciting ones is EnCase.  Apparently, licensing is expensive, and training is even more so.  I want to show that I am deserving of training, by being the self-starter I am.  Are there any good books out there for EnCase?

I have Books24x7 through work with access to "EnCase Computer Forensics: The Official EnCE: EnCase Certified Examiner Study Guide, Second Edition".  This pretty much seems to be the only book out there which deals with EnCase specifically.

Are there any other good books that deal specifically with EnCase, or even a forensics book which deals with EnCase specifically?\

Also, anyone have experience with EnCase training?  I think our department may opt for the OnDemand training due to budgeting issues.

Visible Risk (http://visiblerisk.com) posted a podcast hosted by Rocky DeStefano (Visible Risk), along with Rob Lee (SANS / Mandiant), Richard Bejtlich (GE / Tao of Security), Mike Cloppert (Lockheed Martin), and Shawn Carpenter (Netwitness).  Interesting discussion on Advanced Persistent Threat from some of thought leaders in the field.  The audio volume is really low, but it is worth cranking the volume.

http://www.visiblerisk.com/storage/media/VIsibleRisk_Episode_001_APT_Audio.mp3

Good schtuff.

For your scenario, you can shovel a shell/reverse shell using NetCat.  How do you get NetCat on the machine from the outside?  It is so small it can fit inside a buffer overflow or you can combine it with another executable which is run on the inside.

Sounds like Verizon is using their head to find that stick that is up their ass.  Not all vulnerability researchers are classified this way.  I have read numerous personal accounts and methods for being an ethical security researcher and there comes a point where the needs of the many out weight the needs of a few businesses.

Regardless of that fact, security needs these "pimps".  The more we know about the vulnerabilities the more we can mitigation.

Here is a great write-up of a group of security professionals playing urban golf in Seattle.  Basically, a pub crawl while hitting a foam ball down the street.  An innocent bystander was hit with the ball and called the police.  Eric Rachner, who was with the group refused to ID himself and was promptly arrested.  The charges were dropped and the case thrown out, but not before they police said the video of the incident was lost.  Rachner, with the help of his lawyer, reviewed the video systems documents and found there is a log of all the video activity, he requested the log and found the video was not deleted.  Police eventually turned over the video.

Also involved with the group of 20-30 people, was Dan Kaminsky.  I wonder who else was there and why they were all in Seattle?

http://www.seattlepi.com/local/418746_video.html

As stated, your router is blocking the traffic.  If you want to test the security of each of the different distributions you may want to invest a few bucks on a cheap 10/100 hub.  A router will only send traffic out to specific ports, unless you flood it and make it fail back to be a hub, or you use ARP spoofing, or any number of other tricks.  But if you are just doing it for testing, then get a hub which sends traffic to all ports, regardless of which computer it is destined for.

Welcome to the site.  I took a similar approach to information security by coming up through grunt work at the helldesk.  It was strange, I never had much interest in getting my MCSE or whatnot, but once I got into security I've taken off in regards to my certifications.  Security Plus was my first step and it was a good one.

Again, welcome.  If you have any questions, let us know.

http://www.youtube.com/watch?v=x9XWxD6cJuY

'Nuff said.

GPEN is not for the faint of heart.  It is super technical.  My co-worker and brother have taken the course and they both were both dumb founded by the amount of technical information.  They are both well experienced and certified individuals, and are not stupid in any way.

As a holder of two GIAC certs and one on the way, with one self study and two courses, I can safely state without any previous experience it may be near impossible to pass without having the SANS course ware.

With that being said, there are a lot of options when going for a SANS course.  You can do OnDemand, Self Study, life training, and even work study at live training (where you work at the conference, get the training, materials, and certification attempt for around $800).  I think if you are starting off with no experience, then it would take all of your being to do self-study to bring you up to a level where you would be lucky if you drowned in the level of technical details the course offers.

I do not know your experience or commitment level, but you could probably do well to self-study and do the GPEN course.  If you are looking for a more long term and lower budget option, you may want to go the self-study route for Security+ to lay the security foundation > CEH to lay the pen testing foundation with methodology and tools > GPEN.

I would also recommend Counter Hack, because it is a good read, and it not only gives you a lot of the hacker tools and methodology, but it also gives you insight on how to defend these tools.  You would also do well to start learning some of the tools like NMAP, Wireshark, Metasploit, and Cain and Able.  Heck, just start playing with anything on http://sectools.org/.

Good luck!

I fully support this website.  I used it when I was still a contractor and paying for my own certifications.  It really helped save me a few pennies.  They are really easy to deal with.

Man, I fit into most of the categories on the original post, and some in the second.... this is funny.

Sorry, my co-workers won out.  I'll have more practice tests in the future!  One for GCWN and GSEC.

Ok, I passed my GCIA yesterday with an hour to go.  My final score was 85%.  I was less about my score than with my GCIH (94%).  I just wanted to pass, then I was able to take it easy.  The test got a lot easier once I passed.   This was much harder than the GCIH.  A lot of packet reading.  I made easy mistakes when counting the hex and converting.  I made the mistake of not taking a break, I was more concerned about just finishing the test and getting out of there because of personal issues.

It was a good experience.  Now I can move onto my GCWN.  I will am going to offer the practice test to my group, if I do not get an immediate response my next stop will be here. itg33k has first dibs, but I think I may have a simple little quiz to answer to make it fair.

Thank you for all your well wishes.  I am going to be doing a dry run of my index with a practice test this weekend.  Then I may have my second GCIA practice test up for grabs if nobody in my department wants it.