Im off to uni next year and im checking out what i want to do. I know i want to go into the security side of computing but i dont know what.

basically the choice for me is between ethical hacking and system security or forensic computing. can someone explain the major differences to me and which is better :p

cheers

mambo^

several people i know started pen-testing and moved to forensics because they got tired of popping the same shells over and over because admins cant patch boxes.  forensics would definitely be more of a "challenge" because you have to put pieces back together and try to uncover things people tried to hide.  that being said, like don mentioned, alot of forensics cases deal with kiddie P*rn (KP), i frankly dont want to look at that kind of stuff.  something to take into account if you are going that route.

I've been working in IT security for just about a year now, and while I certainly do enjoy my work, I can see that something in my heart is pulling me towards forensics.

The question that raises for me is where do I start?  This isn't the kind of stuff that they teach in college, and while finding stuff on the Internet can be very effective, I literally don't know what it is that I need to know to be effective at the job. 

I can imagine that some classes on evidence collection would be necessary, and that is stuff that I can take here at the university that I work at.  On the computer side, I have access to quite a bit of hardware, and I can make a case for buying some things that I might need.  What I need is a roadmap.  Anyone have any ideas?

If you are interested in training in Forensics a few places like DeVry. These classes cover ethics to techniques. Also I know that EnCase is a popular Forensics tool that can run you upwards of 2K. But it is what most people use. Such as the Securities and Exchange Commision (SEC). That is how I got my copy of the manual.

You should also have a look at Brian Carrier's sleuthkit  http://www.sleuthkit.org/sleuthkit/ . if you are looking to get your feet wet in forensic work it's a good place to start. Also, the Helix Live CD, http://www.e-fense.com/helix/,  is a knoppix based distro that is geared towards forensic work. It won't automount drives or swap space keeping the drive you are investigating "clean". Another good site is http://www.opensourceforensics.org/ maintained by Brian Carrier. Securityfocus has a mailing list dedicated to forensics too.

I've used both EnCase and FTK (Forensics Toolkit) and am currently looking at Netwitness for more network forensics work. I personally prefer working with FTK. It's a little more intuitive than EnCase for me.  Encase, in their latest version, do have the ability to access drives and perform forensic work across a network which is a great feature. I know that the FBI uses both products.

The technical aspect of forensics is very, very interesting and satisfying (recreating purposely corrupted files, hunting for data hidden in "bad blocks", etc...) but Chris is right and sometimes you find things you would rather not.

As Don said forensics now includes the network and not just the disk. This means that a broader skillset is going to be needed. Whatever direction you decide on remember that the skills from one discipline can be used to augment another. File Forensic analysis skills are invaluable when doing static or behavioral analysis of malware for example.

-dean-