Hi, this is my first post on this board. I'm currently a student at my local college taking a computer forensics class. I'm am very interested in this field. We are working with FTK in class right now but what are some good free tools that I can download that I can use so I can learn more. Also do you have any good advise that can help me progress in this field. I'm 24 and I feel I have some catching up to do since I should be out of college already. Also what is a good entry level tech job that I might be able to get so at least i would be in the computer field.
Q. what are some good free tools that I can download that I can use so I can learn more.
A. One of the more popular freeware forensics tools is Helix. Very very handy tool.
Q. Also do you have any good advise that can help me progress in this field
A. I would suggest getting some real actual forensics training. Either the CCE bootcamp or the AccessData / Encase classes
Drew,
FTK Imager is of course free and allows some degree of forensic examination. If you are familiar with Linux command line then you can actually carry out a full and complete examination using just Linux. Including imaging, examining files and folders in hex as well as partition tables and other parts of the partition such as unallocated space, plus any unused disk space.
As for getting more knowledge if you were to go through every post in this forum on what does something mean, how do I do and so on, you would see that almost all of these questions relate not to using forensic tools but how Windows or Mac OS or whatever else works.
You see questions about times and dates, how does Windows populate this log file and so on. My advice therefore would be to focus on understanding the operating systems more fully, so you know how the registry works, you understand what log files do what and you recognise what is normal and what isn't when examining your data.
Doing something like an MCSE might be a very good bet. If you are in the habit of studying then maybe getting exam cram type books will be enough to get you through each exam.
Being able to use forensics tools is just the beginning. Being able to explain how your tool operates, what it has found and exactly what that means or could mean is the next step.
As for advice on where to start looking for work, you don't say where you are based.
Steve
Drew,
FTK Imager is of course free and allows some degree of forensic examination. If you are familiar with Linux command line then you can actually carry out a full and complete examination using just Linux. Including imaging, examining files and folders in hex as well as partition tables and other parts of the partition such as unallocated space or unused disk space.
As for getting more knowledge if you were to go through every post in this forum on what does something mean, how do I do and so on, you would see that almost all of these questions relate not to using forensic tools but how Windows or Mac OS or whatever else works.
You see questions about times and dates, how does Windows populate this log file and so on. My advice therefore would be to focus on understanding the operating systems more fully, so you know how the registry works, you understand what log files do what and yopu recognise what is normal and what isn't when examining your data.
Doing something like an MCSE might be a very good bet. If you are in the habit of studying then maybe getting exam cram type books will be enough to get you through each exam.
Being able to use forensics tools is just the beginning. Being able to explain how your tool operates, what it has found and exactly what that means or could mean is the next step.
As for advice on where to start looking for work, you don't say where you are based.
Steve
Drew,
FTK Imager is of course free and allows some degree of forensic examination. If you are familiar with Linux command line then you can actually carry out a full and complete examination using just Linux. Including imaging, examining files and folders in hex as well as partition tables and other parts of the partition such as unallocated space or unused disk space.
As for getting more knowledge if you were to go through every post in this forum on what does something mean, how do I do and so on, you would see that almost all of these questions relate not to using forensic tools but how Windows or Mac OS or whatever else works.
You see questions about times and dates, how does Windows populate this log file and so on. My advice therefore would be to focus on understanding the operating systems more fully, so you know how the registry works, you understand what log files do what and yopu recognise what is normal and what isn't when examining your data.
Doing something like an MCSE might be a very good bet. If you are in the habit of studying then maybe getting exam cram type books will be enough to get you through each exam.
Being able to use forensics tools is just the beginning. Being able to explain how your tool operates, what it has found and exactly what that means or could mean is the next step.
As for advice on where to start looking for work, you don't say where you are based.
Steve
Drew,
FTK Imager is of course free and allows some degree of forensic examination. If you are familiar with Linux command line then you can actually carry out a full and complete examination using just Linux. Including imaging, examining files and folders in hex as well as partition tables and other parts of the partition such as unallocated space or unused disk space.
As for getting more knowledge if you were to go through every post in this forum on what does something mean, how do I do and so on, you would see that almost all of these questions relate not to using forensic tools but how Windows or Mac OS or whatever else works.
You see questions about times and dates, how does Windows populate this log file and so on. My advice therefore would be to focus on understanding the operating systems more fully, so you know how the registry works, you understand what log files do what and yopu recognise what is normal and what isn't when examining your data.
Doing something like an MCSE might be a very good bet. If you are in the habit of studying then maybe getting exam cram type books will be enough to get you through each exam.
Being able to use forensics tools is just the beginning. Being able to explain how your tool operates, what it has found and exactly what that means or could mean is the next step.
As for advice on where to start looking for work, you don't say where you are based.
Steve
Drew,
FTK Imager is of course free and allows some degree of forensic examination. If you are familiar with Linux command line then you can actually carry out a full and complete examination using just Linux. Including imaging, examining files and folders in hex as well as partition tables and other parts of the partition such as unallocated space or unused disk space.
As for getting more knowledge if you were to go through every post in this forum on what does something mean, how do I do and so on, you would see that almost all of these questions relate not to using forensic tools but how Windows or Mac OS or whatever else works.
You see questions about times and dates, how does Windows populate this log file and so on. My advice therefore would be to focus on understanding the operating systems more fully, so you know how the registry works, you understand what log files do what and you recognise what is normal and what isn't when examining your data.
Doing something like an MCSE might be a very good bet. If you are in the habit of studying then maybe getting exam cram type books will be enough to get you through each exam.
Being able to use forensics tools is just the beginning. Being able to explain how your tool operates, what it has found and exactly what that means or could mean is the next step.
As for advice on where to start looking for work, you don't say where you are based.
Steve
I think he probably gets the idea now Steve wink
Drew,
FTK Imager is of course free and allows some degree of forensic examination. If you are familiar with Linux command line then you can actually carry out a full and complete examination using just Linux. Including imaging, examining files and folders in hex as well as partition tables and other parts of the partition such as unallocated space or unused disk space.
As for getting more knowledge if you were to go through every post in this forum on what does something mean, how do I do and so on, you would see that almost all of these questions relate not to using forensic tools but how Windows or Mac OS or whatever else works.
You see questions about times and dates, how does Windows populate this log file and so on. My advice therefore would be to focus on understanding the operating systems more fully, so you know how the registry works, you understand what log files do what and yopu recognise what is normal and what isn't when examining your data.
Doing something like an MCSE might be a very good bet. If you are in the habit of studying then maybe getting exam cram type books will be enough to get you through each exam.
Being able to use forensics tools is just the beginning. Being able to explain how your tool operates, what it has found and exactly what that means or could mean is the next step.
As for advice on where to start looking for work, you don't say where you are based.
Steve
That's wierd. It failed to upload the first time and I couldn't get back on the site after that. Now I see there are about 6 of them.
Can a moderator remove the excess ones please?
Thanks,
Steve