.

Forensics Certification/Training Question

<<

busker

Newbie
Newbie

Posts: 2

Joined: Thu Jan 10, 2008 5:16 am

Post Thu Jan 10, 2008 5:24 am

Forensics Certification/Training Question

Hi All,

I was wondering if anyone has experience of either the SANS SEC508 or 7Safe GFIA courses.

My background is in Information Security and Windows/Network engineering and I'm loking for a formal forensics training course. I've done IT forensics work in the past but want to get some formal training in the legal side of things and further my knowledge. 

The SANS course seems more technical and covers UNIX, whilst the 7Safe course is more UK specific and was recommended to me by an ex Policeman who's used them previously.

Any comments would be very welcome.

Kind Regards

buskerman
<<

elite79

Newbie
Newbie

Posts: 1

Joined: Thu Jan 24, 2008 10:01 am

Post Thu Jan 24, 2008 10:08 am

Re: Forensics Certification/Training Question

YOU CAN HAVE A COURSE LIKE ence ENCASE CERTIFICATION.
Encase is the forensic tools for law enforcement.
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu Jan 24, 2008 11:10 am

Re: Forensics Certification/Training Question

Welcome to EH-Net.

If there is a course specifically dealing with UK laws, and that is your main focus, then I would take the advice of your friend.

On the other hand, you may want to focus on the technology more than the laws. Most of the certs such as those listed on this site:

http://www.ethicalhacker.net/content/category/1/29/3/

will deal heavily on the tech and less on the laws. If they do, then the laws they focus on will be more US laws.

Then there's always the question of what you value most... the cert or the knowledge. The certs listed at the link above will be more well known but may not give you exactly the knowledge you want.

Hope this helps,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

busker

Newbie
Newbie

Posts: 2

Joined: Thu Jan 10, 2008 5:16 am

Post Thu Feb 07, 2008 5:41 am

Re: Forensics Certification/Training Question

Thanks Don....

Long time lurker... first time poster....

Not all that interested in a cert, it's nice to have but my need in this case isn't for something I can throw on the resume..... my requirements are to formalise some training in methodology, to learn more about legal considerations and to improve my forensic skills in *NIX systems.

I spoke to 7safe and whilst they seem very good for someone not particularly technical, I got the strong impression that their course was not meant to teach highly technical methods of forensics.

I've heard that SANS courses were very technical and the course guide highlights this, I was hoping to find someone who's done their GIAC Forensics course to see what it was actually like.

We're not using Encase (yet!), so that ones not the best fit.... plus I'm hoping we might be able to get training included in the purchase if it goes through.

Kind Regards

Busker
<<

dean

Post Thu Feb 07, 2008 9:59 am

Re: Forensics Certification/Training Question

Hey busker,

I would have to suggest the SANS forensics training. They do go into the methodology behind preforming forensic recovery and cover the legal aspects as well. The course is technical and not vendor specific. They cover a lot of open source forensic utilities too.

I use both Encase and FTK and prefer FTK. That's a personal preference though and both are good. Additionally any training from 7safe or encase will be specific to their product.

Ther local FBI office here uses encase and I believe that they are now using FTK as well.

dean

Disclaimer: I know some of the courseware authors for the GCFA.
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Thu Feb 07, 2008 10:07 am

Re: Forensics Certification/Training Question

You are also going to keep in mind why you are going to need the knowledge or cert.  If it is going to be an internal security/forensics/incident response issue then go with whatever you prefer.  If you are going to be doing work that will be presented in court, then you are probably going to have to lean towards EnCase and the EnCE.  Encase has passed all major court challenges so it is going to be considered a reliable platform in which to gather evidence.  FTK and a lot of the open source tools suites have changed recently or under go changes on a regular basis.  Every time that happens they will be challenged again in court.  If you are the person on the stand when that happens it really freaking blows. You are probably going to be put on the spot to explain the entire theory of computer forensics (across multiple file systems), and the very specific technical workings of the tools you used and why it can be trusted to produce legally verifiable evidence.
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER
<<

dean

Post Thu Feb 07, 2008 10:27 am

Re: Forensics Certification/Training Question

Good point. Why do you require the tool/knowledge? Internal investigations, Incident  response, etc... Will this data end up in legal's hands? At that point having and following a sound methodology is essential to your case. Chain of evidence, etc....

BTW, FTK/UTK is made by accessdata and is a commercial tool. Sleuthkit that is based on TCT (the Coroners Toolkit) is opensource.

dean

Return to Forensics

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software