Certification? If ...
 
Notifications
Clear all

Certification? If so, which one?

4 Posts
4 Users
0 Likes
1,024 Views
(@jfoobar)
Posts: 1
New Member
Topic starter
 

Hello, all. Long time lurker here.

So I am gainfully employed within LE and have been in a job for the past many years where I do my own forensic exams on my own cases, but only occasionally have cases that have necessitated them so my forex skills are not what I would call strong. The exams I have performed in the past couple of years have not been of a particularly challenging nature, mostly just involving Internet histories, the results of keyword searches or easily-identifiable user-created files to prove the allegations. I am migrating over to a support role where I will be doing a lot more in the way of forensics work (although still not full time) and want/need to become stronger at it in general. I mostly use FTK, FWIW. I have access to EnCase also but haven't used it much in quite a while.

There are some training dollars for me to burn this year and I have toyed with the idea of using them on forensics refresher training. However, I see an option of getting this training while at the same time working towards a subsequent goal of picking up a certification as well. I don't need the certification for advancement or anything but it seems like a nice to have eventually, especially since the act of working towards it will necessitate re-schooling myself in fundamentals, getting more practice, etc. Basically, it would be a small carrot for my race towards professional self-improvement.

Given my circumstances, am I better off going the ACE/EnCE route or one of the non-vendor specific route like CCE or CFCE…or neither/none?

I have found surprisingly little recent discussion on this sort of topic here or elsewhere so I felt compelled to start a new thread.

Thank you very much in advance for any advice/wisdom.

 
Posted : 14/04/2016 5:28 am
pcstopper18
(@pcstopper18)
Posts: 60
Trusted Member
 

Simply put, I would always recommend you get a vendor neutral certification. In this case, based on the information you have provided, that would also be the better option in my opinion.

First, tool certifications are just that. Of those, the EnCE is the best all round because they at least teach/train concepts because you need to understand them to use the tool effectively. The ACE is the easiest to get and is more of a joke in what it takes to get it.

Since self-improvement is your goal, with consideration for as many as future opportunities as possible, get a vendor neutral cert like CCE, CFCE, DCFP, GCFE, GCFA. I personally recommend going to SANS training and then getting the GCFE or GCFA as you can get the cert discounted if you take their 408 or 508 course. Downside is, and it is my biggest peeve with SANS, is the cost…about $5K US (give or take). They do give limited LE discounts and they have a very competitive work study program. Since you are LE, your best bet would be IACIS and the CFCE because the cost of going to their trainings are far cheaper and you can apply for the cert after training, or if you don't go to one, you can get the CFCE though their external program. The IACIS trainings are pretty popular as well.

Any of the ones I listed should help you meet the goals you described. If you are patient person, a good degree program can also help you reach said goals.

Best of luck!

 
Posted : 14/04/2016 7:32 am
steve862
(@steve862)
Posts: 194
Estimable Member
 

Hi,

I've been in the business for quite a long time and have done some of the UK university courses like Shrivenham and more recently did the IACIS CFCE, having moved to a new department where they send people on that one. I've done the EnCase/FTK/X-Ways product based stuff as well.

I have to say IACIS was excellent. It wasn't so much about the 2 weeks training but the certification process that happens after you get back. If you do the Florida one then that certification process runs from June to end of November and during that time you will have deadlines to submit your work. This can put some pressure on you if your lab is very busy.

There's an IACIS in Croatia too and I think this runs in October. The certification process is then November to about end of April. The exercises you work through, whether from the Florida or Croatia courses are supported by a volunteer mentor.

For me I went back over old things I was rusty in and learnt new things that weren't around last time I was training in raw file-systems. The process of having to work through the problems was good practice for getting my head back into a learning mindset.

Lastly I think it represents good value when compared with other training.

I haven't been on any SANS courses but I hear good things about them. On the vendor specific side I did X-Ways with Jens Kirchner and thought he was an outstanding trainer. Doesn't suffer fools lightly, but he really knows his stuff.

Steve

 
Posted : 14/04/2016 12:29 pm
aeiforensics
(@aeiforensics)
Posts: 27
Eminent Member
 

If it helps, and to add what others have said, here's a list of certifications and training opportunities for Digital Forensics https://goo.gl/0NmiaV. I also have books and degree-related information in there.

The IACIS CFCE (IMHO) is a great, vendor neutral cert that focuses on raw forensics, file system level structure, and processes from A to B. Pricing aside, the SANS 408 and 508 are great for breadth of knowledge and artifact-specific training as well as tool recommendations in parsing/processing those artifacts and data structures.

SANS 585 for cell phone forensics is another good recommendation for Android, Apple, Blackberry, and feature phone considerations. In today's forensic realm, our abilities for these devices are not as clear cut for a single solution across the board which requires constantly researching/learning. In addition, mobile forensics (arguably embedded device forensics/engineering) is evolving so fast that tools and processes should be learned as a "snapshot in time" for handling with additional education expectations over time.

For Apple-related forensics, database and plist parsing sums it up well at the software/data level )

For UNIX/Linux and their derivatives, Udemy and edx actually have some great offerings for consideration.

 
Posted : 14/04/2016 9:18 pm
Share: