±Forensic Focus Partners
New Today: 0
New Yesterday: 1
±Forensic Focus Partner Ads
· Forensics and Bitcoin
· Investigation and Intelligence Framework (IIF) – an evidence extraction model for investigation
· Extracting data from dump of mobile devices running Android operating system
· Development of Digital Forensic Tools on Mobile Device, a Potential Area to Consider?
· Can You Get That License Plate?
· How To Decrypt WeChat EnMicroMsg.db Database?
· A guide to RegRipper and the art of timeline building
· Recovering Evidence from SSD Drives in 2014: Understanding TRIM, Garbage Collection and Exclusions
· FT Cyber Security Summit 2014 – Recap
Digital Forensic Skill Standard
Later, we will also need managerial level professionals to validate these skills. For that process, we'll need management level professionals in this field with at least 5 years of experience.
We might have to host an in-person meeting on campus, but your travel expenses will be reimbursed.
Join us at:
First level of the project is to define "Critical Work Functions".
-- Principal responsibilities required to perform the key purpose, or work-related goal, of the occupation --
- zoltandfwThis is a virtual DACUM forum where participants come to a consensus about skills required in this field.
As another contribution to clarify acronyms:
- An abbreviation for Developing A Curriculum
- A job occupational analysis performed by expert workers in the occupation
The DACUM philosophy states that:
- Expert workers can describe and define their jobs more accurately than anyone else.
- An effective way to define a job is to precisely describe the tasks that expert workers perform.
- All tasks, in order to be performed correctly, require certain knowledge, skills, tools, and worker behaviors.
- In theory there is no difference between theory and practice, but in practice there is. -
- Senior Member
Tony Patrick, B. Inf Tech, CFCE
- Senior Member
It seems like this is a "brutal" industry where many point-of-views exist.
- Those with Information Technology experience think they're better since they know how to setup the services.
- Those with Law Enforcement background think they're better since they know applicable laws better.
- Those with Computer Science background think they're better since they can write the code to automate.
- Those with Engineering background think they are better since they can interrogate at hardware level.
- Those with Accounting background swear that without strong accounting background can not be ready for this industry since white collar crime dominates it while law enforcement will mainly have simple underage image analysis that can be learned in a two day boot camp.
-Those with Business background think all this do not matter since they know how to make money out of it.
Certifications only focus on the IT aspects and they are training oriented that takes education and science out of this field and turn it into a data recovery technician field. If we examine what is needed in a region and in what level then we'll prepare individuals better for the workforce. In some areas like closer to government agencies, Computer Science would be more prevalent while in other markets Project Management and Business.
We're looking for the common denominator that is feasible, current, and a subset of this very complex field.
I read your first post, and thought, okay, here's another attempt to bring order to the "community", which is noble...but when there are too many organizations all going in their own direction, it simply makes a chaotic field so much more disorganized.
I then read your second post, and noticed a big difference. In the second post, there wasn't as much detachment. Yes, every specialized group is going to have their own views on what it takes to be part of that group. This is true with any group...military, civilian LE, medical, etc. However, every group also has a basic skill set that they draw from, whether they like to admit it or not.
So the simple fact is that every specialization is going to have certain skill sets that they depend on, but the simple fact is that there is a core, basic set of competencies everyone in the DFIR field must (or 'should') have...this is regardless of laws of the locality, etc.
Addendum: One of the drawbacks with taking an academic approach to this sort of thing is that far too often, that's all it is...academic. Courses are set up not to provide an education, not to provide training...but instead to provide a means for the instructor to grade the students. I saw this in my graduate program...six courses in computer networking across three curricula, and anyone who took all six course would not be able to actually connect two computers together.
My point is that very often...as you seem to have experienced...a particular vertical will attempt to remain so, and isolate itself from others. I saw this at a conference several years ago...a member of LE looked at me and said, "*You* do intrusions, malware, and data theft cases...*we* do CP and fraud." Well, he never realized the convergence...the instant the defense claims the Trojan Defense, your CP becomes one of my malware cases. In a young, burgeoning profession, that isolationistic attitude is bad, but unfortunately, it seems to be par for the course, as well. I would suggest working with the CDFS folks to help identify a common skill set in order to meet the needs of your original post/request.
Last edited by keydet89 on Mon Dec 24, 2012 5:23 am; edited 1 time in total
- Senior Member