February 3rd, 2003, 08:05 PM
Hey you professionals out there.......
Okay, so I asked this once before but now am getting a little bit more info because I am able to ask a more specific question. Do any of you out there work as a Computer Forencics expert and if so could you tell me the path (educational wise) that you took to get there and what, if any, things you would go about differently to get to the same posisition. Also, with a degree should I still seek a certification in Foundstone or Sans? If so which? I appreciate the help. In college but trying to narrow down my path before to long so I don't have to backtrack.
"Where the tree of knowledge stands, there is always paradise": thus speak the oldest and the youngest serpents.
- Friedrich Nietzsche
February 3rd, 2003, 09:22 PM
Well, while I'm not a computer forensics officer (CFO) (yet) I can tell you what to go for.
Most of the cases a CFO's will do is child pornography. There will be some cases of other sorts, but this seems to be the dominating cases.
As for schooling, A+ is good to have for proof of knowing the ins and outs of a computer. (especially if they trash the bios or something....)
Also, take up some cryptography classes (some use encryptions). While I know that you can use a cracker, it's good to know.
None of the network courses are really good to take because police confiscate the computers and bring them to the CFO guy.
Take something along the lines of Windows Advanced and Linux Advanced courses (so you know the OS in and out as well...)
The reason I say A+ and OS Advanced is so that, say a person created a Linux partition, but with no boot loader (no Lilo, grub or bootmagic) and uses a floppy to boot in, something like that won't be apparent to everyone. But, to an A+ guy, reading the hardrive would tell you that there's something odd about a 30gig drive only using 22gigs......
On top of taking courses, take challenges for yourself. Create scenarios (like the one above) and try to solve it.
While most kiddie porn lovers are dumb as a bed post and leave all their photos out in the open (not encrypted - or even passworded), and even named correctly (ie: kiddie032.jpg, naked6yearold01.jpg, etc), some will put up a challenge.
Also, take some basic programming classes. Some of these people will set hardrive wipers if something is, or isn't, executed at certain times.
(ie: password validator every 2 hours on, pcanywhere group watch, command rename to a malicious replacement)
Hope that points you in some direction.
Also, read the profiling section to this site. here While it is an everyday thing in robberies and murders, it seems to be something left out in most CFO trainings. (usually because the culprit is already caught - so they think...)
*Add: Check out this article posted by t2k2 here
Also, check the CF forum. never checked it myself... maybe I should, eh?