±Forensic Focus Partners
New Today: 3
New Yesterday: 6
±Forensic Focus Partner Links
· DFRWS Europe 2015 Annual Conference – Recap
· DFRWS EU 2015 – Dublin 23rd – 26th March
· SQLite Database Forensics – ‘Sleep Cycle’ Case Study
· Data Recovery As A Medium For Email Forensics
· Carving out the Difference between Computer Forensics and E-Discovery
· Forensic Analysis of SQLite Databases: Free Lists, Write Ahead Log, Unallocated Space and Carving
· How Secure Is Your Password? A Friendly Advice from a Company That Breaks Passwords
· Using SQL as a date/time conversion tool
· Forensics and Bitcoin
Looking to study tools that PwC and similar big firms use
A) I'm guessing on your BSc you had some exposure to forensic tools such as EnCase. FTK, Xways maybe? As you know these are probably industry standards for forensics, but someone like PwC (whoever they are!!) will undoubtedly be using e-Discovery tools as well as others, so a bit of research about those might come in handy, e-Discovery isn't my area so I wouldn't know a top 5 tools for it.
You could think of it another way for an interview process, maybe your top 5 tools are things like your approach, your mindset, ability to think outside the box, flexibility etc etc etc, all personal traits that combined with knowledge of the software tools give you the edge over someone else.
B) Don't know - but if you're going to be going out into corporate environments you are likely to encounter all sorts. Knowledge of file systems may be better than knowledge of operating systems. There's plenty of information out there about file systems and artifacts, Google is your friend.
C) None, if you're looking short term. Google, people's blogs, the blogs they read, and the links from the blogs will give you a flavour of what's current. I've got loads of books that I never look at or refer to, and, no disrespect to any authors out there, things move so quickly that six months after the author wrote it, it might be out of date. That's not to say there aren't good books out there though, can't remember the names of anyone who wrote one, if only the author's mentioned them every so often.
D) Find out from the people you know in that company what they're all about, try and get a contact in the area you want to work in and approach them. Get on the internet and read current information about that company and the area you want to work in.
E) Yes, why not. There's plenty of people who are always encouraging others to contribute to the forensics community, I'm surprised they haven't jumped up to encourage you, perhaps they only got to the first bit of your post that annoyed them. Ok, so I don't blog, my preference, but if you like writing and want to post your thoughts, why not? People have a choice as to whether to read or not, you never know, you might find something that someone else didn't know. They also have a choice as to whether to comment or not, some just comment for the sake of it, not because it's useful. Don't be discouraged by those that pick fault at minutiae.
I hope you get back and find something
Oh, and I'm with Paul!!
- Senior Member
Institute for Digital Forensics (IDF) - LinkedIn
Mobile Telephone Examination Board (MTEB) - LinkedIn
Mobile Telephone Evidence & Forensics trewmte.blogspot.com
ForensicMobex now MTEB Linkedin Subgroup
- Senior Member
There was a big push in the last couple of years to rebrand the company from "price Waterhouse coopers" to pwc. It now says pwc on everything from their building (which formerly had price Waterhouse coopers blazaned on the top" to their letterheads and business cards.
I think that using the acronym in that instance was actually in the correct context, much like it would be saying kpmg.
Jaclaz was just trolling.
- Senior Member
One listing is for a CyberCrime Senior Associate and the job description says: malware forensics, network forensics, and memory analysis. The requirement section mentions the following tools: encase, FTK, helix, Paraben, and live memory collection. I won't repeat the entire listing but there are some other tidbits in there as well.
If it were me, I would look closely at those postings and then start learning the processes & methodologies they are looking for.
"Journey Into Incident Response"
Law book, paper, pen, calculator and excel
B) Are Linux and Mac forensics a big focus in there firm?
No clue, you have to ask them. As someone pointed out, check the job ads, its a great way of getting an inside view of an organisation.
C) What 3 books could you recommend reading to bring me up to speed with the industry?
None. Go to SANS and take the forensics courses there.
D) Can you recommend anything else I should do to aid my job chances and increase my knowledge?
Stop focusing on one corporation.
E) I enjoy writing, should I start a personal forensics blog? Post test scenarios I completed, how I completed them etc.
When you have something to contribute to the community, perhaps.
- Senior Member