Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Forensics as a career 1

Status
Not open for further replies.
BryanHec

BryanHec

Programmer
Joined
Jul 6, 2006
Messages
9
Location
US
I am ready for my life career transformation. I am thinking about Forensics. I do have a degree on Computer Sciences and a lot of experience as a developer. What are the prospects of someone like me getting into this field? What do I need to learn? How much is the earning potential on this field? How much job is out there? Where could I get training on this field?

Thank you
 
Sort by date Sort by votes
I'm not in forensics myself - i'm a network administrator; so take my advice as you see fit!

If your a dev at the moment, then I would say that there is rather a lot of changes in direction needed to be made.

I'd start with the basics of networking, maybe something like CompTIA Network+. Then other items such as Security+.

They are only basics though and just the starting point.

Worth looking into how networks operate, followed by how attacks are performed.
Most attacks in general are performed against Windows - so I'll look into how the OS performes and operates in a detailed level. From IIS through to Active Directory. I would also take a look at Windows backoffice system as there are many exploits there - such as SQL and Exchange.

I don't really use Linux much, mainly due to preference rather than anything else - but a lot of forensics are done on *nix based O/S's - so that maybe something else to look into as well.

However I still think the first steps would be networking. Network+ for fundementals, and then maybe some cisco courseware would be a good starting point. Security+ is quite basic but does cover a wide spectrum. (as well as being OS independant)

Firewall configuration on major devices such as CheckPoint, WatchGuard, Cisco, FortiGate etc.

On a Windows OS level then items such as the networking structures, logging, and general network operations (such as AD etc.) Bare in mind that most security issues are from internal users - and as most companies use Windows it maybe the best area. (And don't forget to check out the history of Windows. A copy of Windows95 is truly shocking compared to Windows XP SP2!)

I always look at security from the view of the attacker - rather than the administrator. Tools from sites like are great.

Most of the above is general security rather than forensics - however I'd initally say that the difference would be a very indepth knowledge of operating systems and firewalls - in terms of locating logs. Then I would assume that knowledge of networking would be essential for the logs along with information on the operating system. (So Cisco and Windows would be the key ones in my opinon - although it depends what your market niche will be. E.G. Large corporates will be using Cisco stuff, whilst SME will be using Linksys or similar)

Hope this is of some help! :-)

Cheers, and good luck.




Steve.

"They have the internet on computers now!" - Homer Simpson
 
Upvote 0 Downvote
Your best bets for training in the computer forensics field would be SANS' GCFA and/or ISFCE's CCE.

As far as what material you should study is concerned, it would depend on what type of forensics you would want to specialize in, or if you want to be a generalist. I know people who specialize in email forensics, and understand the strengths and weaknesses of most MTAs and mail clients. And others who specialize in encryption.

Most examiners that I know use EnCase because of its history in the courts (it is generally accepted that its proper use doesn't taint data), but there are freely downloadable Linux distributions like Penguin Sleuth that can be used successfully.

The most important thing to understand about computer forensics examination is that you must ensure that your actions never modify data and preferably never even have the potential of modifying data. Hardware write blockers are common, as are hardware disk imagers.

As far as employability goes, I think that you would have to look at employment boards like Monster or your local classified ads. There is a demand for certified people, but it may not be where you want to be. Or the lifestyle may be too onerous. Many of the specialists that I know must be ready to travel at a moment's notice for indeterminate periods of time. Sometimes to less than desirable places. But they seem to thrive on it, so to each his own.



pansophic
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Miluis
  • Locked
  • Question Question
How necessary is an antivirus?
Replies
3
Views
597
Rick998
Rick998
Sameer258
  • Locked
  • Question Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
TheFireman2
  • Locked
  • Question Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
535
hairlessupportmonkey
hairlessupportmonkey
Sparrow4
  • Locked
  • Question Question
AnyConnect + Azure + SAML
Replies
0
Views
799
Sparrow4
Sparrow4
intel233
  • Locked
  • Question Question
ASA5510 - SSL Cert
Replies
0
Views
764
intel233
intel233

Part and Inventory Search

Sponsor

Back
Top