I'm wanting to get into the computer forensics field and just wanted to know how I should go about it.  Is a certification course from my local college enough to get into an internship or something and are there jobs even out there right now for forensics?

Also, have you ever had cases where you've had to sift through someone's computer that was running Linux?  Just a curious question really.  I used to be like use Linux it's all pro and stuff in high school and all, but now I'm like meh.  If you like it use it lol.

Personally, I see Forensics as the ultimate Security profession whatever this implies. I can not imagine somebody heading straight to Forensics as it is a field that needs massive experience in almost any kind of technology.

One can probably trade some years of experience by gaining important academic knowledge through postgraduate studies.

Generally speaking, I see Forensics as the top of everything within the IS field. Probably I am wrong so I expect to hear many opposite opinions.

I'm no expert. Far from it. But here is what I've seen.

schools will give you a good baseline to start with (so do certification exams). Any time you can get training is not a bad thing. However find out the people you can intern with and see what they say about the program.

Learn to be an administrator. It helps. Not just with Pen-Testing. You need to know the layout of how the server should look. Know if something doesn't belong (like ...).

Pick up a scripting language for help with log analysis.

Doing Nix isn't all that different than doing Windows (from my experience). Make a forensically clean copy of the data, and then work with that. (At least I never work with the original).

Lastly, make sure you know your local laws. Where I'm at for example, you have to have a PI License, or work for a PI Firm (from the way I understand the law).

@Bryce

Stuff I've done forensics wise was pretty boring.

1) go look at USER X's hard drive to see if he's been surfing porn at work (after user tried to delete the images).

2) go through SALESDROID Z's computer see if she was sending our information to other people without using the work account

3) SALESDROID A sent us back his laptop, but he wiped it first. We need you to recover all the data.

No, I'm not kidding either.

You can be an in-house forensics expert.  Larger corporations typically have these.  I work for a consulting company.   We provide forensic services to lawyers.   It's all on the civil side.

I do the in-house stuff. I usually recommend hiring an external company for the stuff that is going to court.

impelese, if it doesn't say required, you can probably skip it. But from what I understand the CEH teaches you how to get in to the network, and personally I think that would be a bonus when trying to do the forensics, if you're doing forensics for a network breach.

Anything you can learn and do is a bonus to you / makes you look more valuable.

I also am going to school for Computer Forensics & Network Security.  I graduate in June 2011.  I am all done with both majors and now have just a few BS classes.

I was bored one night and sent out random emails to different companies around my town and I got a hit and they are the biggest and best Computer Forensics company in town.  I was able to get hired by them as an intern, although I have not done much with them due to my full time job hrs they are waiting for me to get out of school and then they might bring me on board FT. 

I am helping myself right now by paying for some "boot camp" courses out of my own pocket and I know they will pay off later.

I just got my Security+ and in Oct will have my Network+.  Then in Feb will have my CHFI and then in May have my CEH/CPT.hopefully.  I am paying for these out of my own pocket.  I have to sacrifice a little now for it to pay off in the long run.

Think about it and maybe you should too.

Wayne

I understand what you are saying in reagrds to taking the CEH first but what if I have a little expierence with the Forensics side more than I do the hacker side.  I assume I would pick up on the CHIFI info quicker than the CEH info.  I plan on taking both the CHFI and CEH through Infosec early next yr and can swap one for the other but how important is it really?