YOU CAN HAVE A COURSE LIKE ence ENCASE CERTIFICATION.
Encase is the forensic tools for law enforcement.

Thanks Don....

Long time lurker... first time poster....

Not all that interested in a cert, it's nice to have but my need in this case isn't for something I can throw on the resume..... my requirements are to formalise some training in methodology, to learn more about legal considerations and to improve my forensic skills in *NIX systems.

I spoke to 7safe and whilst they seem very good for someone not particularly technical, I got the strong impression that their course was not meant to teach highly technical methods of forensics.

I've heard that SANS courses were very technical and the course guide highlights this, I was hoping to find someone who's done their GIAC Forensics course to see what it was actually like.

We're not using Encase (yet!), so that ones not the best fit.... plus I'm hoping we might be able to get training included in the purchase if it goes through.

Kind Regards

Busker

You are also going to keep in mind why you are going to need the knowledge or cert.  If it is going to be an internal security/forensics/incident response issue then go with whatever you prefer.  If you are going to be doing work that will be presented in court, then you are probably going to have to lean towards EnCase and the EnCE.  Encase has passed all major court challenges so it is going to be considered a reliable platform in which to gather evidence.  FTK and a lot of the open source tools suites have changed recently or under go changes on a regular basis.  Every time that happens they will be challenged again in court.  If you are the person on the stand when that happens it really freaking blows. You are probably going to be put on the spot to explain the entire theory of computer forensics (across multiple file systems), and the very specific technical workings of the tools you used and why it can be trusted to produce legally verifiable evidence.