Government Forensics

1. EnCE is the main one, why because Encase are the leaders in the field, People do say it is vendor specific, but I disagree, yes it tests you on your ability to use EnCase, but you also have to understand the principals of CF. If you don’t you will fail. Written exam and a practical.

2. CCE Now I enjoyed this tremendously, the practical’s are excellent, also 3 different media you have to examine, and you a marked on your reporting skills too. Well Worth Doing. And the Support form the members after is second to none a real family !!

3. CHFI I purchased the material it cost me personally a lot of money and I was appalled by the quality of the material, and the companies attitude.

4. ACE. Now I have mixed feelings about this really since the recent marketing strategy. I feel giving it away reduces the value of the cert, I have not taken the qualification so I am unable to comment on the actual content. But to be able to do the cert first for free and then you have to do a course within a year to maintain this, is well…… wrong.

5. CFCE I think it is worth a huge mention, Steve Guest who is an excellent examiner, is the chairman, it looks very organised and is not a giveaway cert by any means, you have to work hard by the sounds of it. The only downside of it is you have to be Law Enforcement (why? god only knows) thus I have not taken it so I cannot comment on the content.

6. CFIP 7Safe have also contributed to the certification field, and I have not taken any (wish I could). They are excellent.

7. CCFE I actually requested to do this cert but I never received a response.

Expense is a problem, especially when funding it yourself.

Prerequisites could also be an issue.

First exam I would take if monies are a problem personally is the CCE. Or the CFCE if you could. Followed by ACE.

If money was not an issue it has to be the EnCE followed closely by the 7Safe Cert.

Mitch

But is there a cert that the government likes? (I think the 8570 is a continuing work in progress)….

Also, Helix and EnCase….either one for government work?

And thanks for that comprehensive response! Good stuff!

Ray

EnCase and FTK are widely used. If you're working for the government or a contract they will train you in whatever they want you to use.

You can pick up the EnCE and CCE though, they are good to have. The ACE is free and way easy. If you have a government job that pays for training and uses FTK, you might as well get the cert and take a class once a year. I second Mitch's statement about the CCE community. I feel I can ask any question and get a helpful response very quickly.

Ray,
I see you have the CISSP and the CEH. I have the CHFI and working on the CISSP and would like to get the GIAC Certified Forensics Analyst (GCFA) this is a Cert from SANS I am not going to say you dont need the 408 because I was fortunate enough to attend a condensed 2 day 408 and it was excellent but to recieve the cert, I would shoot for the 508.

Hi Ray,

I think proficiency in file systems, operating systems, applications, and understanding in analyzing and correlating data would be more advantageous that certifications. As well as the ability to articulate yourself in-person and on your CV. If you've got resources (cash+time+energy) to burn go for it! But don't bank on acronyms translating into a job/career. Be proficient and build your network with government contacts if that is the route you seek.

Cheers!

farmerdude

www.onlineforensictraining.com

www.forensicbootcd.com