Forensics as a career 1

[BryanHec]

I am ready for my life career transformation. I am thinking about Forensics. I do have a degree on Computer Sciences and a lot of experience as a developer. What are the prospects of someone like me getting into this field? What do I need to learn? How much is the earning potential on this field? How much job is out there? Where could I get training on this field?

Thank you

 

[Stevehewitt]

I'm not in forensics myself - i'm a network administrator; so take my advice as you see fit!

If your a dev at the moment, then I would say that there is rather a lot of changes in direction needed to be made.

I'd start with the basics of networking, maybe something like CompTIA Network+. Then other items such as Security+.

They are only basics though and just the starting point.

Worth looking into how networks operate, followed by how attacks are performed.
Most attacks in general are performed against Windows - so I'll look into how the OS performes and operates in a detailed level. From IIS through to Active Directory. I would also take a look at Windows backoffice system as there are many exploits there - such as SQL and Exchange.

I don't really use Linux much, mainly due to preference rather than anything else - but a lot of forensics are done on *nix based O/S's - so that maybe something else to look into as well.

However I still think the first steps would be networking. Network+ for fundementals, and then maybe some cisco courseware would be a good starting point. Security+ is quite basic but does cover a wide spectrum. (as well as being OS independant)

Firewall configuration on major devices such as CheckPoint, WatchGuard, Cisco, FortiGate etc.

On a Windows OS level then items such as the networking structures, logging, and general network operations (such as AD etc.) Bare in mind that most security issues are from internal users - and as most companies use Windows it maybe the best area. (And don't forget to check out the history of Windows. A copy of Windows95 is truly shocking compared to Windows XP SP2!)

I always look at security from the view of the attacker - rather than the administrator. Tools from sites like

http://www.oxid.it

are great.

Most of the above is general security rather than forensics - however I'd initally say that the difference would be a very indepth knowledge of operating systems and firewalls - in terms of locating logs. Then I would assume that knowledge of networking would be essential for the logs along with information on the operating system. (So Cisco and Windows would be the key ones in my opinon - although it depends what your market niche will be. E.G. Large corporates will be using Cisco stuff, whilst SME will be using Linksys or similar)

Hope this is of some help!

Cheers, and good luck.




Steve.

"They have the internet on computers now!" - Homer Simpson

 

[pansophic]

Your best bets for training in the computer forensics field would be SANS' GCFA and/or ISFCE's CCE.

As far as what material you should study is concerned, it would depend on what type of forensics you would want to specialize in, or if you want to be a generalist. I know people who specialize in email forensics, and understand the strengths and weaknesses of most MTAs and mail clients. And others who specialize in encryption.

Most examiners that I know use EnCase because of its history in the courts (it is generally accepted that its proper use doesn't taint data), but there are freely downloadable Linux distributions like Penguin Sleuth that can be used successfully.

The most important thing to understand about computer forensics examination is that you must ensure that your actions never modify data and preferably never even have the potential of modifying data. Hardware write blockers are common, as are hardware disk imagers.

As far as employability goes, I think that you would have to look at employment boards like Monster or your local classified ads. There is a demand for certified people, but it may not be where you want to be. Or the lifestyle may be too onerous. Many of the specialists that I know must be ready to travel at a moment's notice for indeterminate periods of time. Sometimes to less than desirable places. But they seem to thrive on it, so to each his own.

http://www.sans.org

http://www.certified-computer-examiner.com/

http://www.penguin-sleuth.org

pansophic