<intro>
While many are reading this, be advised, I need dumps too. See, I'm going to be a doctor and I'm going to place someone's life in my hands. I think I need to read and memorize some books for the sake of passing the exam therefore anyone who may have dumps on becoming a doctor, please post them. After memorizing the books and learning nothing, I think I will now go and place a life in my hands. Anyone want free surgery?
</intro>

If you have to pass an exam like this, why don't you move along to another field. Usually I don't post these kinds of responses but in a situation like this, it's unusually sickening to see how people view the industry and the profession of forensics. Forensics at its best will either convict or exonerate someone of a crime. I've seen personally the downsides of non-competent forensics investigators (http://mobileforensics.wordpress.com/bio/ [see note below on this]) - who often carry the weight of assisting in the conviction or exoneration of someone - not have a clue with *someone* in the end being affected in an adverse way.

If you're taking the exam for the sake of doing something other than taking forensics seriously, you're devaluing the certification for those of us who have passed the exam. Those of us who've taken the time to understand the field and respect OURSELVES enough to take pride in certain arenas.

I've dealt with many individuals in government, private industry, hobbyists and for those that I've seen and corresponded with when it comes to forensics are a prideful bunch. Nary a time I've seen anyone come out with "give me a dump" to make me an expert. I've had the opportunity to learn from some of the best in the industry throughout my years and have learned for the sake of understanding it. NOT for the sake of passing a cert.

A dump will not make you an expert period. Learn the material. You wanna pass the CHFI study what EC-Council would like you to understand.

http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,1802.msg9277/

Understand that in this test there are a lot of questions related to LAWS. You know, those things that can either convict or free someone.


Thankfully there are GOOD forensics investigators out there. Those who've taken the time to learn to investigate. You know, that thing you do when you actually have to use your brain for a change
 
Mobile Forensics Link Note (http://mobileforensics.wordpress.com/bio/)
I was reading this blog as recommended from a friend who works at EnCase. I was performing an analysis of a Blackberry using Oxygen Forensics. After reading the blog and analyzing the procedures used by this former Sergeant Detective and "forensics" expert, I was sad and shocked to see more or less the same. Someone who seemed to perhaps have "read and memorized" a book.

As a forensics expert, everything has to be repeatable, taint free, cross-correlated and stand up in a court of law. Remember, you may need to prove that something happened on a machine (your job is not to see John Smith did this - your role is to present what occurred). The fuse that lit the bomb? I recommend making a working copy and a archive copy. Now reseal and store your exhibit. Think about this for a moment. This shouldn't and ISN'T a recommendation. When you're acquiring evidence, you follow the rules and procedures. There is no "recommending" making any copies of archives. These are 1) mandates 2) common sense. See my gripe here?

Imagine if the woman mentioned in the article were your mother, your sister, your wife. How would you feel if their life were entrusted to some shmoe taking exam dumps?


Go read the books. Understand what you're doing or find another field. Don't degrade and or devalue this certification.

@sil

Excellent post - thanks

I agree guys, It is amazing how I like this feel b ut sometimes I feel that I do not have some progress, like if I stuck in something until I get it well. But it is worth it

smorgan already recommended two books to you, so you might take a look at those.

And just as an FYI, again, my response was off-beat, but I'm hoping its enough to make some readers WANT to do things the right way. A dump makes you nothing more than a fraud at the end of the day. Remember, you're supposed to be an SME (Subject Matter Expert) and in the forensics field, you may (often will) be called to testify. You wouldn't want a fraud representing you if your life was on the line would you?

Anyhow, here is a quick list of books and my reasons for posting them:

1) Windows Forensic Analysis DVD Toolkit, Second Edition
http://www.amazon.com/Windows-Forensic-Analysis-Toolkit-Second/dp/1597494224/ref=pd_sim_b_3

A must have period. So I will quote someone to avoid re-writing a book-long response: "the chapters on Registry Analysis, File Analysis, Executable Analysis, and Rootkit Detection provide and build upon basic concepts that go beyond what is taught in beginning and intermediate computer forensics courses"

--------

2) File System Forensic Analysis
http://www.amazon.com/System-Forensic-Analysis-Brian-Carrier/dp/0321268172/ref=pd_cp_b_3

I suggest reading Jose Nazario's description of this book on the Amazon page. Nuff said

--------

3) Computer Forensics Library Boxed Set
http://www.amazon.com/Computer-Forensics-Library-Boxed-Set/dp/0321525647/ref=pd_sim_b_14

Bejtlich, Dan Farmer, Wietse, Carrier - If you don't recognize these names, you're in the wrong industry

--------

4) The Official CHFI Study Guide
http://www.amazon.com/Official-CHFI-Study-Guide-312-49/dp/1597491977

It's EC-Council's exam. If they say the sky is green, you better answer the sky is green. No matter how wrong they may be. This book will contain the majority of content they'll put on the exam. Take note... There is knowing to pass the exam... And there is knowing for the sake of being an expert and understanding forensics as best as possible. I suggest getting the top three books listed and learning as much as you can from them. This includes either downloading trial software to run it, or finding replacements to accomplish the tasks.

Right now (this week to be exact) I had to go back and forth through using Mandiant's Memoryze, First Response, "First on Scene", RPIER, Red Curtain and a bucketload of other IR/Forensics tools to prep me for January. Do I *need* to... No. I *want* to because I need to understand how things flow/work and alternatives in the event I don't have a specific tool at my disposal. Will I always be able to use foremost or FTK? I can never say yes, so I need to be aware of processes, procedures and how to perform them in as many different methods as I can think of. Remember, any evidence I were to put forward would need to be repeatable.

Some test takers may say something to the tune of: "no money for the books, etc." and it's understandable. If you're on this site or any other site that's similar, books like these are an investment when used properly. So invest in yourself because I can guarantee you, its rare that you will find someone else who will

Anyhow, time to go home 

The first three are seriously must have books... I may or may not have posted it here before. I buy a lot of books from BestBargainBooks.com I have zero affiliation with them other than the fact I'm a customer. I've bough Cisco Press books as low as .01 (seriously) so I can vouch for them being on point:

Computer Forensics : Computer Crime Scene Investigation - Vacca ... Another good book $6.63 ... Come on now, I spend more than that on coffee in a day
http://www.bestbargainbook.com/index.php?file=productdtl&iitemid=342948

Encase Computer Forensics The Official EnCE - If you use EnCase... $5.14
http://www.bestbargainbook.com/index.php?file=productdtl&iitemid=69185

Worth spending even $20 on some of the security books they have there
http://www.bestbargainbook.com/index.php?file=listproduct&icatid=259

Hey,

I need some help/advice,

I am a System admin with a MCSE 2003,

I am looking for a new direction in my career and was interested in the IT security area.

I am thinking of doing ECSA/LPT (CEH combined) or CHFI courses.
Can any one answer my questions below?


1)   Is the ECSA/LPT, CEH ,CHFI recognised by the industry?
2)   Are they sort after qualifications?
3)   Once certified will find jobs for these skills?
4)   Will I need to have any knowledge in any programming languages?
5)   Am I going down the right path?
6)   Can any one explain what a Penetration Tester does (other than the basics)
7)    Will being a certified Hacker have any negativity?

I appreciate it if any one has any real world expertise in theses area’s to give me a heads up please.

Thanks
Silver-535d