Clear all

Hungry for more knowledge!

New Member

Hi everyone,

Happy to have found this forum! I am 23 and am about 6 months into my first full time IT support job. I was offered a contract before I finished my qualification so right now I haven’t got any formal IT qualifications.

I have recently discovered digital forensics and it makes me so happy that I have found a path in IT that I really want to take. I have done some research about the kinds of jobs that are available in my country within digital forensics and I have found that there are some opportunities available as a civilian role in the police force as a digital forensic technician or analyst. This is a career path I would like to pursue.

I plan to stay at my current job for a few years to gain some industry experience. Can anybody offer me any advice on what types of things I should focus on learning to increase my chances at the job? My employer is willing to pay for my certifications in regards to my current job so I am working towards a networking cert and maybe a security cert after that. Other than that do I just read books and try to get some real world experience with a data recovery company on the side?

Thanks! Any advice is appreciated )

Topic starter Posted : 17/06/2015 6:21 am
Senior Member


I would recommend downloading a copy of DEFT ( as well a copy of the DEFT user manual.

Once you have created a live USB drive or live DVD, figure out how to use Guymager to create a forensic image file.

Before you image your own personal computer, you should create a folder on your personal computer's desktop named "steal me", copy specific files to that folder, copy the the "steal me" folder and contained files to an external USB drive, move the "steal me" folder and all of the contained files to your recycle bin, and then empty the recycle bin.

Create a forensic image now of your personal computer using DEFT and Guymager.

Join SANS and download the SANS Linux distribution and their excellent step by step analysis posters.

Using DEFT, SANS, FTK Imager Lite and free tools found at, identify and report on the evidence of the deleted "steal me" folder.

This is a relatively simple exercise to do and you will sharpen your skills quickly. Certifications are fine, but knowing how to use tools effectively is more important, in my opinion.

If you get stuck, PM me or just post again here where you are stuck at and someone will point you in the next right direction.



Posted : 17/06/2015 7:54 am
Community Legend

I plan to stay at my current job for a few years to gain some industry experience. Can anybody offer me any advice on what types of things I should focus on learning to increase my chances at the job?

Helpdesk work – but you have got that covered already. Preferably both as first line and second line support. incident management as well as in problem management. Platform fundamentals and sysadmin work in general. Top up with things like web server knowledge as well as web app knowledge, mail server knowledge, file server, etc. Learn how logs are kept, how they are interpreted, how they are managed. Networking and network-based services.

That is, understand the IT environment in depth. That's what going to help you the most.

Learn how to learn new things about IT. Like in, you're handed a system running some odd server (SuiteCRM, just to take something), running on a VMS server, and are told that you will manage this system from now on.

Learn to document your work, and make your documents readable also to other people. Learn a bit of project management.

Everything else (the 'forensicating') is 'add-on' in comparison. I don't regard 'where do find system logs', 'how do I see what files have been downloaded', and question about ACLs etc. as a forensic questions. They are IT questions, some basic, some more advanced. The questions are useful, as they tend to stay the same – the answers can change with every new software release.

Get your IT knowledge from the IT world, if you can.

Learn to double-check you information; learn to be critical ('can this be right?').

In my personal view, a computer forensic analyst is first and foremost an IT expert. On top of that knowledge base, forensic-related knowledge has been added. The real value, however, is in the IT expertise. Without it, you'll be a robot going through motions taught in forensic training.

I've always thought that help desk experience is one of the most valuable knowledge areas for someone working with computer forensics. Good place to start, in other words.

Posted : 17/06/2015 11:46 am
New Member

That's true, you need to be good in IT before be a forensic or any security analyst position.

It would be ok the instructions for http// , I myself I will be doing that lab, just to add more knowledge to my arsenal.

Posted : 17/01/2016 9:50 am
Community Legend

This might interest you from an IT perspective

Malicious Code - training simulator - http//

Posted : 18/01/2016 12:27 am
Share to...