Page 3 of 3 FirstFirst 123
Results 21 to 28 of 28

Thread: Computer Forensics Career

  1. #21
    AFAIK, the feds won't get involved unless...

    A.) It's a federal matter.. Ie. across state lines, or involves the federal government.


    B.) The total money (damages, theft, whatever) is greater than at least $10,000.



    I know that when a friend of mine got busted (I did not know him at the time, I met him afterward) the Secret Service made the bust, started the investigation, but dropped the case to the State of Florida when they found they only had about a 3-4,000 dollar case.

  2. #22
    Banned
    Join Date
    Jul 2001
    Posts
    1,100
    Greetings:

    Originally posted here by Winston
    AFAIK, the feds won't get involved unless...

    A.) It's a federal matter.. Ie. across state lines, or involves the federal government.

    That pretty much describes almost ALL computer crimes. What the feds choose to prosecute or not, at this point in time, is mainly decided by the greater "impact" the prosecution will have. IE, how many people will the prosecution help to deter, or how hot-button of a political issue is the subject matter, how high profile is the case, etc. They are simply too backlogged to deal with everything that's thrown their way.

  3. #23
    Senior Member
    Join Date
    Oct 2002
    Posts
    181
    Well I cant speak for what goes on in the US, but over here in the UK the police do have and require full time Computer Forensics experts. However in that line of work for the police over 60% of your time will be spent on child porn cases. This kind of work is not for the faint hearted, and is something you should think long hard about if you wish to go into forensics. I know that I could not handle that kind of work.

    SittingDuck
    I\'m a SittingDuck, but the question is \"Is your web app a Sitting Duck?\"

  4. #24
    Banned
    Join Date
    Jul 2001
    Posts
    1,100
    Greetings:

    Originally posted here by SittingDuck
    However in that line of work for the police over 60% of your time will be spent on child porn cases. This kind of work is not for the faint hearted, and is something you should think long hard about if you wish to go into forensics. I know that I could not handle that kind of work.

    SittingDuck
    Here in the US the majority of pedo cases are handled by a unique working group inside of the fbi/doj called "Innocent Images". I had the honor, and I do mean honor, of meeting some of these people when I was lecturing once down at the FBI Training Academy in Quantico.

    These were some of the most dedicated, caring, intelligent people you could ever want to meet. Many of them were female agents, and you could easily tell the true devotion that all of them had for the work that they do.

    You're right, this is NOT easy stuff to deal with. I worked on a forensics case once involving a man who was molesting his own daughter, and taking pictures of it to send around the internet. It wasn't pleasant work, to say the least.......

  5. #25
    Junior Member
    Join Date
    Oct 2004
    Posts
    2
    First post, so "Hi all".

    Just wanted to chime in here and say a few things. This thread is weighted fairly heavily on the police side of forensics work, with little attention to forensics in the corporate world.

    I do forensics in the corporate world. There's a steadily growing trend in the industry (especially the financial industry) toward acquiring in-house forensics people for both the incident response (server farms) side and the internal forensics (fraud, harrassment, etc) side.

    As far as breaking into the field in the corporate world however, the general trend is that the people that do this work are "experts". You don't find private companies hiring forensic people fresh out of college. I'm probably fairly typical, with about 15 yrs of security experience both DoD and private industry.

    With products out there such as Encase that are becoming more and more corporate use friendly, and more easily used in conjunction with intrusion detection systems, heads are turning toward predeploying forensic software in server farms and using the tools as part of an incident response program, as opposed to limiting forensics to a more true to form "after the fact find the facts" tool.

    All that having been said, the best way to break into forensics without going the law enforcement route is probably to find an organization that uses forensics tools as part of an incident response program and get hired there as a general security practicioner, letting your interests be known. Once there, cross-training into the incident response program could be a viable course.

    Good luck.

  6. #26
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672
    Originally posted here by shadowshiv
    First post, so "Hi all".

    Just wanted to chime in here and say a few things. This thread is weighted fairly heavily on the police side of forensics work, with little attention to forensics in the corporate world.

    As far as breaking into the field in the corporate world however, the general trend is that the people that do this work are "experts". You don't find private companies hiring forensic people fresh out of college. I'm probably fairly typical, with about 15 yrs of security experience both DoD and private industry.

    With products out there such as Encase that are becoming more and more corporate use friendly, and more easily used in conjunction with intrusion detection systems, heads are turning toward predeploying forensic software in server farms and using the tools as part of an incident response program, as opposed to limiting forensics to a more true to form "after the fact find the facts" tool.

    Good luck.
    Hi, and welcome.
    Yes corporations are getting in to forensics and they are getting very supportive of it. This was weighted towards law enforcement because that's pretty much how forensics began. It was the government that created the field so it could protect itself and prosecute violators.

    Products like encase are becoming corporate friendly and that marks the beginning of the end of the real forensics field. Companies like guidance churn out so called experts at the rate microsoft turns out MCSE's and we all know how worthless MCSE's are...
    Encase is a point and click forensics tool, where any idiot can be a forensic investigator. Just point, click and voila. But I guess since we live in a Microsoft world of point and click..it's the industry standard... That's my take on it anyways...
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

  7. #27
    Junior Member
    Join Date
    Oct 2004
    Posts
    2
    Interesting response.

    The tool is easy to use, therefore any idiot can be a forensic investigator? I'll ignore the indirect slight to me personally as I'm sure it wasn't the intent.

    But that aside I still have an issue with the basic premise. The tool that one uses has no impact on the quality of the investigator. "Any idiot" cannot sit down behind Encase and hope to actually do the job. There is no button in Encase called "Find Evidence".

    Just like any other tool, one must understand the science behind forensic investigation in order to be effective with it.

    The reason that Encase is becoming popular in the corporate world while admittedly in part because of it's ease of use, is more directly tied to its ability to conduct investigations over the network without impact on the network itself or the normal use of the systems that its being used to investigate. That opens up a whole world of capability that we've not been able to really enjoy before.

    You also state that products becoming corporate friendly marks the end of the real forensics field. I don't see the logic in that statement. Did the prevalence of windows mark the end of the "real electrical engineering field", or the end of the "real programming field"? I think not. There will always be a need for "real forensics", and a place for "real forensic scientsists".

    Products like Encase simply expand the use of the tools that people in "the real forensics field" use into areas where they've not been useful before. In the corporate world, forensics takes a place not only in the "real forensics field" as you seem to know it, but also in the incident response field.

    Point and click, and network usability will never replace what forensics is, nor remove the need for it. What it will do is expand it's usefullness.

  8. #28
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672
    There was absolutely no slight intended. If you took it that way, I apologize. I don't intend to discredit anyone, and don't get me wrong..Encase is a good tool.

    I really question the accuracy of any investigation that occurs over a network. Talk about avenues of data corruption...injected packets in to a forensic investigation..whoa baby..hold on to your hats with that, although I guess it doesn't matter for internal audits.

    Do you have to understand the science to be good at anything? With point and click utilities you don't have to be..you can always subpoena an encase programmer to come and explain anything you need.

    I do question it becoming overly corporate friendly. While more companies are creating incident response and investigative teams..a lot are just handing it to their admins and saying "here, you are our investigator now". Only the big companies can afford to have specific investigators. I do agree with a need for these teams and people but it's a double edged sword. Technology has a way of degrading as it progresses. It all began with the military, then the corporations get a hold of it, then the home owner gets a hold of it, and by that time...yes any idiot can use it. It's a natural progression(or is that regression ).

    I understand forensics as it is, and as it is becoming. The 2 sides of the coin..incident response and "real forensics". Right now, Incident response seems to be driving the field, because first responders need to be able to process machines in a way that protects the evidence in case something serious(crimes) has occured. I certainly hope what the field is quickly becoming does not take away from the "real forensics", because that is the really interesting piece of the industry.
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •