Best fundamentals t...
 
Notifications
Clear all

Best fundamentals training

4 Posts
4 Users
0 Likes
622 Views
(@thepm)
Posts: 253
Reputable Member
Topic starter
 

We have some new investigators that have pretty much no experience in computer forensics. They come from an IT admin background.

I was tasked with updating our "training roadmap" to see what training classes are out there and what classes new investigators should follow to have a solid base to get them up and running as soon as possible.

I would appreciate your input on what you guys thing is the best "computer forensics fundamentals" classes on the market ?

By fundamentals, I mean the following
- Understanding the importance of data integrity (hash values, write blockers, etc.)
- Computer forensics workflow (collection, processing, analysis, reporting, etc.)
- Handling and preserving digital evidence
- File system basics (FAT, NTFS, ExFAT), file slack, unallocated space, etc.
- Windows artefacts
- Proper documentation and reporting

When I started in this field several years ago, the first training pretty much everyone got was the "Guidance Software EnCase 1" class. This class did an overview of many concepts (data integrity, hash values, write blockers, documentation, reporting, etc.) Then, you would take the other EnCase classes (Windows Forensics, Mac, etc.)

Now, many "basics" classes are available from multiple vendors, such as
- SANS FOR500 - Windows Forensics
- DF120 - Foundations in Digital Forensics with EnCase
- InfoSEC Institute - Computer and Mobile Forensics Boot Camp

If you have taken those classes, I would greatly appreciate your feedback.

 
Posted : 22/08/2017 6:51 pm
tracedf
(@tracedf)
Posts: 169
Estimable Member
 

I took Guidance Software's Forensics I and II a couple of years ago and I thought it was very good. I've seen a lot of complaints about Infosec Institute plagiarizing content, e.g. http//attrition.org/errata/charlatan/infosec_institute/ . I would avoid Infosec Institute for that reason. I have not taken the SANS forensics training.

What tools do you primarily use in your lab? I would lean toward vendor training if something appropriate is available. In addition to Guidance, I think Magnet, AccessData, and BlackBag all offer fundamentals training.

Whatever you decide, I would recommend doing a little pre-training before you send them off. These courses can be a lot to take in at once and it's easier if it's not your first exposure to every topic in the syllabus. John Sammons's the Basics of Digital Forensics looks like it covers enough for a basic intro and should give your people the lay of the land before they walk into class. I would also recommend that they spend some time playing around with your primary toolkit before they leave for class. E.g. if you still use EnCase, show them how to image a drive and process it then let them spend time (with any books/manuals you might have for reference) just poking around and looking for things.

 
Posted : 22/08/2017 8:22 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

I'm going to throw this out there…from what I've seen in 20 yrs in the industry, the "best" course doesn't matter if the person comes back and there's nothing that requires them to use what they learned.

 
Posted : 22/08/2017 8:31 pm
(@bntrotter)
Posts: 63
Trusted Member
 

This about the cheapest computer forensic training that I took.

https://www.cpcc.edu/aaaf

If you are part of a law enforcement agency then you can take CF classes from NW3C for free.

 
Posted : 22/08/2017 9:17 pm
Share: