Question for studen...
 
Notifications
Clear all

Question for students and newbies

9 Posts
6 Users
0 Likes
759 Views
Scar
 Scar
(@272)
Posts: 99
Moderator
 

I've been asked to write a book for people who are thinking about going into digital forensics, or who have already started but are new to it. Working title is 'First Steps in Digital Forensics' and I already have a couple of ideas about what it will contain but wanted to open it up to suggestions.

So if you're new to the field, what would you most like to know? What would be useful for you? If you've been working in digital forensics for a while, what do you wish you'd known when you started out?

I'm veering away from technical stuff (how-to guides for specific tools etc.) as these are covered in other books.

Happy to take any suggestions on board! If you'd rather not post your response publicly feel free to PM me.

 
Posted : 09/11/2017 1:09 pm
ahern168
(@ahern168)
Posts: 10
Active Member
 

Hi Scar!

Well, I'm new to the field of DF. I'm still working on Masters in DF, so I have tons of questions that might be helpful to you.. or not..

One of the my persistent questions is, how much should I know to get in the field, like how much experience should I have on my own before I start applying for jobs? What would be the best way to show case skills, should I write research or challenge papers to show what I have done on my own? Should I take extra DF courses to list them on my resume? Should I try to obtain certifications without actual "work" experience? What would make me an ideal candidate even though I'm new to the field?

Also advise on how navigate the field, conferences to attend, and any information that would help me be competitive a newbbie.

Not sure if that helps… If you need anything else, feel free to PM me.

 
Posted : 09/11/2017 4:32 pm
Scar
 Scar
(@272)
Posts: 99
Moderator
 

Those are all great suggestions, thanks!

 
Posted : 10/11/2017 10:54 am
(@bloomstudent)
Posts: 2
New Member
 

I would have loved a book like this when I was going through school. I just got my bachelors in digital forensics in May and I am about a month in on my first job in the field. Some of the things I would have loved to know during school or in the job hunting phase were

- Security clearances I didn't know that a lot of DF jobs (especially around D.C.) required at least a secret level clearance. If you want to do government contract work you'll need a clearance which is very difficult for someone coming right out of school to have without prior military service.

- Experience vs yearly pay increases As I said before I'm only a month in at my first job but after talking to dozens of examiners a common thread is that its not uncommon for you to move to several different companies you first 5-6 years. As I understand it your "years of experience" increases your value as an employee much faster than what a company will generally give you as a yearly pay increase. If anyone has other thoughts on this I'd be very interested in what they've experienced.

- Career path One thing that I am still trying to feel out is the career path for a digital forensics examiner. What are the positions to move up to after your first position and how is the best way to get that promotion? And where is the "ceiling" for a person on this career path?

- Bachelors, Masters, Experience, Certs, and Training Something else I am trying to determine is, what is worth doing. Personally I am looking to start a masters degree in DF while I have others that say that experience and certs are the way forward. A good reference sheet as to what is worth doing or even an order a newbie should roughly following to maximize their growth as an examiner and a professional.

Yeah those are basically things I wish had known/still want to know about the field as a newbie.

 
Posted : 10/11/2017 4:04 pm
(@intervex_digital)
Posts: 3
New Member
 

I think including sections on chain of custody and data integrity would be helpful. I've worked with many junior examiners who almost torpedoed investigations by not understanding the importance of those two items.

 
Posted : 10/11/2017 7:23 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

- Career path One thing that I am still trying to feel out is the career path for a digital forensics examiner. What are the positions to move up to after your first position and how is the best way to get that promotion? And where is the "ceiling" for a person on this career path?

- Bachelors, Masters, Experience, Certs, and Training Something else I am trying to determine is, what is worth doing. Personally I am looking to start a masters degree in DF while I have others that say that experience and certs are the way forward. A good reference sheet as to what is worth doing or even an order a newbie should roughly following to maximize their growth as an examiner and a professional.

Try playing a role. 😯

Let's say that you are ALREADY the firm/office/structure general manager, with the powers to hire (and promote/demote wink ) forensic examiners.

Why would you promote a junior?
What would impress you about a junior?

Now, let's say that you want/need to hire a new non-junior examiner.

Would you hire someone with a Master and (say) two years experience?
Or you hire someone with a Bachelor, a couple common certifications and (still say) five or ten years experience?

jaclaz

 
Posted : 10/11/2017 7:51 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

I think including sections on chain of custody and data integrity would be helpful. I've worked with many junior examiners who almost torpedoed investigations by not understanding the importance of those two items.

I guess my question is, why didn't the organization that the junior examiners work for, or at least the senior examiners, do something about this before sending the junior folks out?

The reason I ask this is that I've seen this question before, and every organization I've seen has their own way of doing this. I've worked for teams with former LE in the management position, and had really good, thorough chain of custody documents…and worked for other teams where the manager specified other information on the form. There is no "one-size-fits-all" to something like this.

If an investigation was "almost torpedoed" by a junior examiner, it's not because of something that may or may not have been in a book…it's because they were sent out without the necessary skills and training.

 
Posted : 12/11/2017 1:15 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

I would have loved a book like this when I was going through school. I just got my bachelors in digital forensics in May and I am about a month in on my first job in the field. Some of the things I would have loved to know during school or in the job hunting phase were

- Security clearances I didn't know that a lot of DF jobs (especially around D.C.) required at least a secret level clearance. If you want to do government contract work you'll need a clearance which is very difficult for someone coming right out of school to have without prior military service.

First, let me say that I'm not at all sure why someone would want these topics in a book. Books are often written, particularly in this field, from the perspective of the author, and many times, do not have the kind of extensive research into other fields that you might be looking for. Then, there is the time lag between when the author starts writing to when the manuscript is finished, and then to when the book is published. In some cases, the information changes drastically…about a decade ago, I reached to the authors of a book and asked about something they'd said in one of the chapters, and was told, "…we originally wrote that chapter 3 yrs before it went to the printer, and never got around to updating it…".

Perspectives are going to be wildly different. For example, I spent time in the military and held a secret clearance. When I got out, I had a couple of different jobs where they wanted me to have a clearance, but I never did any work that required it. Later, I progressed to a TS/SCI, with a poly, and again, never did any actual work where such a clearance was required. I think that one of the big hidden truths of the industry is that for most work (with noted exceptions, of course) you simply don't need the clearance.

- Experience vs yearly pay increases As I said before I'm only a month in at my first job but after talking to dozens of examiners a common thread is that its not uncommon for you to move to several different companies you first 5-6 years. As I understand it your "years of experience" increases your value as an employee much faster than what a company will generally give you as a yearly pay increase. If anyone has other thoughts on this I'd be very interested in what they've experienced.

This depends greatly on the job, and the subset of the industry you work in.

- Career path One thing that I am still trying to feel out is the career path for a digital forensics examiner. What are the positions to move up to after your first position and how is the best way to get that promotion? And where is the "ceiling" for a person on this career path?

This another big myth…most managers simply have no idea what they need, and can't specify in writing (job/position descriptions) what they'd like in an employee. When someone does apply, they're "interviewed" by someone who only saw their resume a few minutes before sitting down with them. No one thinks past just hiring and filling a seat, and in most cases, they don't do a really good job of that.

I once worked for a company where I was moved to another team, and the director said the first day that one of his challenges was defining a career path. For the rest of the time I was there, I never heard another word about a "career path", except for the folks who left saying, "there is no career path".

- Bachelors, Masters, Experience, Certs, and Training Something else I am trying to determine is, what is worth doing. Personally I am looking to start a masters degree in DF while I have others that say that experience and certs are the way forward. A good reference sheet as to what is worth doing or even an order a newbie should roughly following to maximize their growth as an examiner and a professional.

Again, experience varies. I 'started' down my current career path in '97, back when digital forensics was a 'dark art' that only a former enlisted Air Force guy who'd been an examiner for AFOSI could do…the guy couldn't write a coherent sentence to save his life, but only he could do the work. There were no classes outside law enforcement at the time, so like many others, I started digging in, learning, teaching myself, engaging with others and "adjusting fire" when I wasn't going the right direction. I got my CISSP cert the first time in '99, and later got the GCFE, but that was all just to populate my resume.

Today, within the industry, there are a lot of folks who talk about how new folks coming out of BS and MS programs for digital forensics simply are not prepared to do the work. When I was in the hiring pipeline for the IBM ISS ERS team, I purposely avoided those folks with 20+ yrs of LE experience, and sought the newbies…we could train the newbies to do IR through a program involving classes and mentoring, and very little of the IR work we did matched up with the experiences of the 20 yr LE veterans.

The "cyber" industry is very much like the restaurant industry, in a lot of ways. There are a lot of companies and organizations that do things differently, and it's not like you can go from Burger King and immediately start working at PF Changs.

My recommendation for folks wanting to get started or move "up" in the industry is to network, and get to know folks in the industry by engaging with them. "Liking" and following on LinkedIn and Twitter doesn't cut it…just because you "like" someone's comment doesn't mean that they'd recommend you for a job. Engage. Figure out what you're interested in within the field, and start doing something. Blog about it. It doesn't have to be anything new or earth-shattering…if you can learn about something or figure something out, perform some tests, and write about it in a coherent, thoughtful manner, you're more likely to attract attention, and get people interested. Passive engagement won't work…you have to actively engage with others.

 
Posted : 12/11/2017 1:35 pm
Scar
 Scar
(@272)
Posts: 99
Moderator
 

Thanks everyone for your suggestions and advice, I will take it all on board. I'll keep you updated on release dates etc.

 
Posted : 13/11/2017 9:25 am
Share: