Hello everybody
I am new to forensics…i would like to know which is the best training program for acquiring a career in forensics side?
And if i go for Encase too shall i go for certification of training?Kindly guide me
Thanking you
Well as you are looking into this field you should understand that a large degree of what is needed as a skill set is the ability to research and discover information on your own. Please do not take this as me slamming you but the question you asked is very basic and much of what you would want to know could be ascertained from searching this forum - reading the posts, the resources and columns - and simply Googaling the terms you are interested in. You might want to look a little deeper and develop a stronger question as to the merits of certification to match your overall education and professional goals.
Ditto what Doug said…
Also, consider that EnCase certification training is vendor-specific, while SANS is not.
Regardless, it really comes down to what you do with it. There are a LOT of certified folks out there who still retain the most basic of skill sets.
I concur with Doug. You've asked a very broad question and left most of the potential variables for your responders to consider. Lets try this for a start…why not both? Why not one or the other?
Well, at the risk of offending some, here, my two cents worth. The common distinction between SANS certification and EnCE is the notion that EnCE is vendor-specific and SANS, supposedly, is not. But SANS, which is actually the Escal Institute of Advanced Technology is, like Guidance Software Incorporated (GSI), a for-profit entity. And, as such, it (like any other vendor) has a vested interest in creating new products for consumption which, in essence, means new certifications and new degree programs.
Now I am not, for an instant, disparaging the programs offered by SANS or GSI. But as someone who has been involved in digital investigations for a number of years, I find the increasing "specialization" of certification programs to be a literal distinction without a difference.
The first requirement of any investigator is that you have to be curious and by "curious" I mean that, when attempting to solve a problem, you don't look at the clock to tell you when it is time to go home. To the serious investigator, the job is the task at hand and what resources need to be applied to it are determined by the severity and the urgency of the problem.
The second requirement is that you need to be methodical and have a penchant for detail. What you do may, in all likelihood, end up being evidence and when it becomes that, you had better be able to document everything that you did with that evidence.
The third thing that characterizes the digital forensics professional is the acceptance of the fact that any investigation could take you anywhere. Right now, a number of "classical" digital forensic investigators are looking at the effects of malware and exploits. Do they have "certifications" to do this? I'd venture to say that some of them don't. That isn't the point. The point is that you may be confronted by a hypothesis that contradicts your conclusions and you must be prepared to defend them which means that you have to be willing to learn new things.
The most important credential is a proven track record. Certification might help you get an interview or a job and it may make things easier in a Daubert challenge but it is also about increasing someone else's bottom line. There may be a quid pro quo in that or, maybe, not.
But don't expect the average $5000 USD that you'll spend to get each certification to contribute as much, or more, to your annual income until you have the casework to demonstrate your ability.
Interesting take on things Sean. I feel much the same way about the current rash of CF degrees that are popping up and wonder how many are seriously developed and how many are just responding to a perceived market segment and the possible revenue by slapping a couple of CF subjects on to an IT sec degree.
The general distinction between vendor and vendor-neutral degrees is more about whether they focus on performing forensics with a specific tool, or on developing the underlying knowledge and skills to reach the same result with any tool. At least that's always been my read on things.
Are there even any certs in CF that are issued by a non-profit other than IACIS? Other than the QuaNGOs (like NWC3).
Oh….i know the question was just superficial..kindly forgive me as iam a newbie in this forensic filed..curious to leanr a lot and more than that..i have to try for a job too..well thanks a lot for al l those responded…and it was really helpfull….i have to search and gain a lot of knowledge before thinking about gaining a certification…thanks a lot…
Hi Love2learn,
Lots of people do ask about certificates and it is always very interesting to hear the replies of the more experienced members of the forum.
As a student and a newcomer to forensics I always look very carefully for any signs of good training paths.
I think from my own research there seems to be no one single training course that will meet every need.
I think this is because forensics requires a lot of knowledge and this is something that has to be gained in a variety of ways and also in time.
I am doing a masters and I would say this is excellent for acquiring the skills to research and find out about any subject and then evaluate the information. I feel this is good for investigations and prepares a student to deal with the unknown.
I am also doing the Open University course which acts as an introduction to computer forensics. This is excellent because it concentrates on how to approach investigations and encourages the student to think carefully about what methods and what laws are appropriate in investigations.
Something I have found helpful in gaining further practical knowledge is the evidence files that are available on the Internet. These are good to work through and are also free !
Here is a list of web sites that I have found useful for exercises.
http//
http//forensicscontest.com/
http//
http//
http//
http//
This a good site for small training videos
https://
Good Luck and let us know your experiences of courses.
all the best )
Love2learn, you can always read the great (if slightly outdated) EnCase Certified Examiner Study Guide written by Steve Bunting. It gives you a picture of what to learn for EnCE and basic knowledge of "traditional" CF (offline investigation of "dead" systems). It comes with a demoversion of Encase, so you can see if you want to go down the Encase road. There are tons of other good books out there too, and even more bad ones. Look for eg. Brian Carrier or Harlan Carvey. I did attend Guidance trainings and they are usually very good, maybe a little bit expensive for someone who isn`t shure, if he want`s to start a career in CF. Never been on a SANS training.
Love2Learn,
I'm going to go out on a limb here and be the first (I think) to answer the question as you've stated it. The subject of your message was "Encase or Sans." Go with SANS.
First, let me get the disclosure out of the way I have taken the SANS SEC 508 class and am GCFA certified. I am also a contributor to the SANS Computer Forensics blog. I have not taken any training from Guidance Software (maker of EnCase), so can't speak to their strengths or weaknesses.
Having said that, my vote for the SANS training goes back to the question of vendor specificity. It's probably more accurate to say that the EnCase training is TOOL specific. I'm sure you will learn some important forensic concepts above and beyond the EnCase tool. But I would also guess that most of the training will be about how to perform forensic analysis USING EnCase.
I think the strength of the SANS training is that it's TOOL AGNOSTIC. In other words, you will get value out of the SANS classes regardless of what forensic analysis tools you end up using. It's true that SANS focuses on the use of free and open-source tools, so you could argue that the training is biased in that way. You can't avoid using tools, unless you perform all of your analysis manually using a Hex Editor. But what the SANS training teaches you is a forensic methodology you can follow (and modify as needed), regardless of the tools you end up using afterward.
I hope this helps, and I hope you'll start keeping an eye on the SANS Forensics blog, as you've inspired me to start a new series on that blog geared toward beginners. Look for the first post in that series in the next week or two.
Gregory Pendergast
http//