Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Getting Started in the Forensics side

  1. #1
    Just burned his ISO
    Join Date
    Nov 2009
    Posts
    4

    Default Getting Started in the Forensics side

    Hi everyone. Ok I did some searching and now I think I am ready for some advice from some experts in the field.

    I am interested in the Forensic Side of security. I am almost done with my Masters in Information, Network & Computer Security, and I have a Bachelors Degree in Computer Science.

    I am currently looking into the following certifications and I am curious on what you guys think I should do first, what order to achieve them, and not do at all.

    Network+ <- thinking about skipping this one altogether.
    Security+ <- same information that was in my Masters program

    OSCP & OSWP <- I want to be able to think like a criminal to beat a criminal

    CCFE, GCFA, & EnCE <- Forensics side

    and possibly;
    GPEN,
    CEH <- not too sure about
    CISSP <- not too sure about

    I want to work for a government agency, local police departments or federal government and maybe do some consultant work on the side.
    This is my long term goals and I know it wont happen overnight. I am thinking about doing Security+, OSCP, & OSWP just to get my foot in the door and gain experience. Please let me know what you think my best bet is. Thanks.

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    The SANS forensics courses are good. There are more of them than just GCFA as well - go check out the SANs website for more information. There are new streams in network forensics and some more general purpose beginner certs now as well. SANs also have GCIH (Incident Response and Hack tools) and GCIA (Intrusion Analysis) which I would highly recommend. If you want to do computer forensics seriously you probably want to take a course that covers the presenting evidence in court part of the process. If presenting evidence in court does not appeal to you (it doesn't to me) you may want to refocus more on the incident responder area rather than the computer forensics examiner area. There is some skills overlap, incident responders do need forensics skills.

    As for the pen testing courses/certifications you mentioned I have the GPEN and OSCP, and while both were great I can say that both had very little to do with forensics or the investigative side of the field. There are better things you can take to learn to think like an attacker and defend against them, GCIH would be a prime example.

    Feel free to ask more questions if required.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    For what it's worth, I worked twenty years both local and state police agencies, and spent five of those years in the state forensic lab, so I have a bit of insight into this.

    Quote Originally Posted by pozer69 View Post
    I want to work for a government agency, local police departments or federal government...
    Then start the process NOW. Yesterday would have been better. The employment process can be anything from 6 months to 3 years. Local departments are typically six months to one year; state and federal agencies are one to three years. It all depends on a number of factors including how much of a background check they require, and what level of clearance you may need to do the job, and the training requirements of the agency (e.g. most police academies are 6 months to a year long). If you are going into a sworn position (i.e. carrying badge and gun), expect that you will not get into a forensic examiner position for several years, and you may very likely have to spend one to five years "on the streets".

    The masters won't mean much at many local and state agencies. It may mean more at the federal level. However, no matter what the level, they will expect to train you to perform to their standards.

    Quote Originally Posted by pozer69 View Post
    ... and maybe do some consultant work on the side.
    Don't bet on this. Many agencies prohibit moonlighting. In fact, if you do, and they find out, it's a firing offense for many agencies. If moonlighting is an absolute requirement for you, find out BEFORE you go through the process and sign a contract. A firing will essentially blacklist you.

    Quote Originally Posted by pozer69 View Post
    ...and I know it wont happen overnight.
    You've got that right.
    Thorn
    Stop the TSA now! Boycott the airlines.

  4. #4
    Junior Member daffyduc's Avatar
    Join Date
    Nov 2009
    Posts
    27

    Default

    Allow me to share my story with the forensics side of this world....

    I was finishing up my BAS (Information System Security) when I was approached by one of my instructors. one of the local agencies was looking for a system forensics person but they wanted someone they could train right out of school ... an internship to hire situation... I jumped all over it.... so the process started.... the interviews were brutal, the promises you made were ridiculous... lie detector tests and all kinds of procedures to make sure you were right for the job.... 3 weeks later me and one other person (from another college) were chosen for the internship only one would get the job.

    so during all this they would not tell us what we would be doing or even for what department.... we were both stoked to get started... well day 1 we are told to show up for work at the local state investigations office.... we are given a tour and meet a couple of the senior guys. they are gods in our eyes.... we finally ask what we will be doing.... we would be prepping the boxes for evaluation making the ghost images to work with that kind of stuff.... we were still very excited. yeah it was grunt work but it was a foot in the door.... after a week of that we were allowed to watch the masters at work and shadow them. after 2 weeks they were walking us through basic procedures and such.... again this was very cool (we were working with ghosts not live cases ... these were cases that have long been closed) after a few months the position was offered to me.... I accepted.... well a whole new world opened up.... they assigned me to the local CPS (child protective services) group.... yeah the computers I would be working with were child porn suspects... going through the data with the expert investigators.... having to look at and catalog every photo, video, email, IM or anything else we could find... then having to testify and talk about that stuff.... not being able to tell your family what you did at work today.... it was rough.... I was allowed to go through the case with an expert shadowing me... gather the data, present the data, file the reports and go through everything up to the trial... the expert did that still.... I was physically ill over what I saw and heard....

    the thought of doing this stuff day in day out made me feel worse.... the one line that sealed it for me was from one of the experts that could tell I was very uncomfortable... he said "dont worry after a month or so you get used to it and they dont bother you anymore....."

    the thought of that being a "normal day" made me rethink my decision....

    had I stayed there would have been free certs, lots of training, lots of great knowledge ... but I could not deal with what I was being exposed to.... not the pics, well you know but the thought that someone would do those things to a child.... and some of the vids, daddy calling her daddy's little pricess or do this for daddy, made me go into an immediate rage.... I could deal with what I was seeing it was the mental aspect of keeping a professional attitude while sitting across the table from this scum bag that posed the problem.... any of the cases we had watched the process for we were required to sit in on the trial.... I had to leave one of them for fear of being arrested..... to watch these scumbags in court and the lawyers defending these people poking holes in the story that are just misleading enough for the guy to walk made me feel like I wanted to hurt them.... like seriously just run over and beat their head in with a chair..... I was not able to keep my cool that day... they read the verdict I walked out.... I was there for about 4 months.... very well paid, probably the best job I will ever have as far as making a difference.... I could not cope with the other side of that....

    if you can cope go for it... its a great field but beware it takes a hardened individual to get through this stuff with their sanity....

    good luck

  5. #5
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by pozer69 View Post
    I want to work for a government agency,
    This is my long term goals and I know it wont happen overnight.
    Agree with Thorin on the "no it won't happen over night" and the "leave the moonlighting alone".
    If you want to get your foot in the door, then maybe you should have a look at the military. We have a couple members that have gone this route, and things have paid off for them. Know you don't have to go be a foot soldier playing in the dirt, but even that helps. Take a look at maybe the Air Force National Guard. The biggest thing will be a good solid line on your resume. Generally if you have worked for one government agency then your chances of getting into another one are expanded exponentially. With your Master's Degree you could shoot for and probably get into a job where. Not to mention Something like the AF Guard would normally be safer than say machine gunner for the marines.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  6. #6
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by daffyduc View Post
    if you can cope go for it... its a great field but beware it takes a hardened individual to get through this stuff with their sanity....
    It does indeed. Law enforcement can be extremely psychologically damaging for a number of different reasons. Those working child exploitation cases tend to some of the worst hit.

    In fact, psych screening is big part of most agencies' application process. Or as I used to tell potential recruits: "We have to find out if you're crazy enough to do this job."
    Thorn
    Stop the TSA now! Boycott the airlines.

  7. #7
    Junior Member g3ksan's Avatar
    Join Date
    Jan 2010
    Location
    Florida
    Posts
    93

    Default

    I'm avctually just getting into forensics. I work for for a law enforcement agency as regular IT. It's honestly not that difficult. I was volunteered for the training and to be the first guy doing it. Processing my first case right now (putting 2tb into FTK takes forever) It's a CP case, which makes me super uncomfortable, but you gotta realize that you are getting these scumbags off the street. I wouldn't mind it if I did it all day, but I have to split that and my computer janitor duties

    Edit: forgot the advice part. Learn how Windows works. Learn the registry, learn how Windows stores passwords and how to crack them. Try to get a trial version of one of the major software players, either FTK or Encase. Learn what they look like and how they work do that when you go somewhere and interview you can say you know how to use the program, you just haven't ha to process live cases.

  8. #8
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by g3ksan View Post
    I'm avctually just getting into forensics. I work for for a law enforcement agency as regular IT. It's honestly not that difficult. I was volunteered for the training and to be the first guy doing it. Processing my first case right now (putting 2tb into FTK takes forever) It's a CP case, which makes me super uncomfortable, but you gotta realize that you are getting these scumbags off the street. I wouldn't mind it if I did it all day, but I have to split that and my computer janitor duties

    Edit: forgot the advice part. Learn how Windows works. Learn the registry, learn how Windows stores passwords and how to crack them. Try to get a trial version of one of the major software players, either FTK or Encase. Learn what they look like and how they work do that when you go somewhere and interview you can say you know how to use the program, you just haven't ha to process live cases.
    I'm stunned. You're working CP and you aren't sworn? Have you been trained in proper evidence procedure and in testimony?
    Thorn
    Stop the TSA now! Boycott the airlines.

  9. #9
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    You should see if there's a HTCIA in your area.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  10. #10
    Junior Member g3ksan's Avatar
    Join Date
    Jan 2010
    Location
    Florida
    Posts
    93

    Default

    Quote Originally Posted by Thorn View Post
    I'm stunned. You're working CP and you aren't sworn? Have you been trained in proper evidence procedure and in testimony?
    Yes. I thought it was odd, but even the director of CID didn't say anything to me. The sheriff initiated the whole process.

    No I was not trained in evidence handling. Everything ha been done on the fly, I checked out the PC I'm working on with the evidence guy. I have not been taught how to testify.

    Is that violating any laws?

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •