We've used Helix 3 for a couple of issues at work. They were internal issues, that did go to legal. (It's also what started me down the path that has lead me here).

I'd love to get my hands on EnCase, and learn more, but I'd probably have to buy it myself. I don't know how well Helix works compared to EnCase, but it's worked for what we've needed so far.

I used my Safari account and started reading the 2nd edition. I've only got a little way in, in the first part of the book (first 2 chapters down). Kind of wish I bought the second edition now. So far it's been an easy read. I expect that to change in part 2.

Really enjoying the book though. Even if I do finish it before 3rd comes out, I'll probably buy third and read that too.

Not as paranoid, I know about word macros and the easiness of having the word doc do other things. The pdf as an entry vector I don't know about. Doesn't mean it doesn't exist, just that I have more to learn.

Does he ever release in PDF format? Call me paranoid, but I don't like downloading .doc files from the interwebs.

That review guide was one of the books I was looking at. I was looking at the deluxe study guide and another book that makes up the study pack (With the regular study guide). I checked my local library and they have very few books on the subject (read none on sec+).

As for scheduling the test for a month out and forcing the study, that didn't work with my CCNA the last time I took it. I kept pushing it out. Didn't study well either, and never had anything hands on (it had been 4 years since I touched a switch or router at the time). I even had a job depending on me getting my CCNA and still managed to fail because I didn't take my study seriously.

When I'm serious about studying, I can do even the boring parts, just takes forever to read.

Kevin,

With all the free virtualization software out there, I don't think there is really much reason to dual boot anymore.

Just my 2cents.

I've been thinking Sec+ might be the right place to start for me, for my first security cert.

Curious what materials did you like, and which ones did you think were not worth the price when studying?

*edit: and of course being excited about picking someone's brain on learning materials, I forgot to to say congratulations.

Actually, that's from a couple of months ago. The slide share link is new, but The Consumerist had a link to the PDF in April. I vaguely remember seeing it last year too, but I could be wrong on that.

4sh

I wouldn't want to be responsible for it getting out and causing problems elsewhere either. I think what I'm interested in is:

1) what is making it so hard to clear
2) what kind of things to look for on a network that indicates it's there (original detection, in general)
3) What this bad boy is using as an entry vector
4) what your test environment is like

If I was setting this up, which I lack the hardware for at this time, I'd do a chrooted virtual window's box on a system I don't mind destroying the hard drive out of afterward. Although that seems a little expensive when I think about it (constantly going through hard drives).

What's the best way to get involved with a local DC group? I tried to join a local Perl Monger's group once, but they hardly ever met, and when they did, they wanted to focus on showing off what they (the host's company) was working at the time. (*edit: turns out the local DC is no longer DC, it's now ArbSec...)

I'll also remember to shop smart, shop S-Mart.

Some of the stickies are pretty good for where to start.

I think the big question is what are you looking for? For example, my interest is in making my networks stronger than doing pentesting. From what I've read here, I'm leaning toward reading hacking for dummies, follow up with Sec+ for an intro-cert and then follow up with C|EH and OffSec.

(note I've got a lot of the same stuff you do skill wise, just lack any current certs, but doing IT for 13 years).

Not going to ask for a copy, because I fall under the new clause. I wouldn't know what to do with it if I had it anyway.

I'm just wondering if it would be possible to make some kind of training document from what you do with it?

I know, I'm asking a lot. Just looking for good ways to learn things, from people who would know what they're doing.

awesec, what's your native tongue?

I used the site too (about pulling hex from pcap). It allowed me to finish the ISC.SANS.Org puzzle. Which I actually had a lot of fun doing. While TCPXtract was close at pulling the file out, and it worked on my nix box with Open Office, it didnt' work on my office window's box with office 2k3 (with 2k7 plugin).

Xiv,

How did you get management buy in on this? My group has been arguing for thing clients for the 3 years I've been here. It'd save on money, and would make more since, since we have the same problem of people moving around / multiple people using the same work station. Problem is, we keep getting push back from management saying no.

eth3real:
Where / how did you acquire those? From my experience the vendor / var that gives me things to play with usually have no problems answering my questions and helping me out (they see it as good marketing and more likely to make a sale to me).

No. It's a personal blog, if they want to see it, they can find it via Google. If it was a professional blog, and only talked about computer security and nothing else, then maybe. Like Jhaddix's www.securityaegis.com site. (Sorry if it's not a blog). But even then I'd scrub everything I could of personal information.