Hi, this is my first post on this board. I'm currently a student at my local college taking a computer forensics class. I'm am very interested in this field. We are working with FTK in class right now but what are some good free tools that I can download that I can use so I can learn more. Also do you have any good advise that can help me progress in this field. I'm 24 and I feel I have some catching up to do since I should be out of college already. Also what is a good entry level tech job that I might be able to get so at least i would be in the computer field.
Here's something I put together about alternative methods of analysis…it's info similar to what's in my book…
H
Well thanks for the replies guys, I appreciate it. As far as a entry level job, I live in Fairfield, California. The problem I have is I don't have any degrees or anything like that and most IT jobs i see require a degree.
The CCE course seems a little expensive, is that cert worth it?
Keydet89 I'm not sure what book your talking about.
I wrote a book called "Windows Forensic Analysis" recently. You can find it linked off of my blog at http//windowsir.blogspot.com, as well as on Amazon, and in most major bookstores.
H
"Windows Forensic Analysis including DVD Toolkit" can be found at the following link
http//
…for only 40% ($23.98) of the Amazon price ($59.99).
I'm awaiting delivery, myself. D
Sean
Yes, a lot of companies will want an IT related degree, but if you look around you might find people willing to be flexible.
I run a small IT consulting firm in California. Most of our people have some sort of degree relating to technology, but one guy's degrees are in music. His education, combined with his professional music career, taught him very good analytic and presentation skills and he is a very valuable member of the staff.
-David
what are some good free tools that I can download that I can use so I can learn more.
WinHex, HexWorkshop, WinHash all have trial versions. Learning hashing is good, hex and observation of files in raw form.
Also what is a good entry level tech job that I might be able to get so at least i would be in the computer field.
This will sound flippant, but it's not intended to be. The best entry level job is the job you can get. As you know, you need experience to get a good job. You might have to settle for a bad job. Tech Support (on phone or on-site) is a common entry position these days. For "extra" experience before you get that job, volunteer somewhere. Since you're in school, check out work study in a computer lab or your schools IT. Forget the money, you want the experience. There are lots of organizations that will accept volunteer help. If there's an ISSA, ASIS, ACM, or other such chapter where you live, check out student membership rates and start going to the meetings. You'll start networking with folks who can help. Just ask them where you can volunteer. Don't ask for a job, they'll steer you that direction soon enough.
The CCE course seems a little expensive, is that cert worth it?
Don't know about any of the courses, but having the cert is valuable, if for no other reason than the community of folks you associate with. I gain as much, or more just from the mailing list as I do these forums. I like the organization and what it's doing. I hope someone can address the course question for you.
Steve,
Further to the other comments. Yes a degree is often required in the job description but how many times do you see a job description listing various criteria that they can't possibly hope to get in a candidate at the salary they are offering?
The times I've interviewed people for technical jobs, which isn't particularly often, I've taken on someone who not only looks good on paper but can answer all my technical questions in interview. Some the most technically brilliant people I have worked with haven't had a degree in anything.
In the UK getting a new job is a numbers game for pretty much everyone and it's easy to become deflated if you don't appear to be getting any response.
Having no technical degree will disadvantage you at the CV/Resume stage but if you can get passed that to an interview you can hopefully prove your technical skills are at least as good as the candidates with degrees.
Steve
Thanks for the replies. I will look into getting that book, I head it is a good one.
Another question I have is in my class we are using FTK and EnCase. I wanted to practice things at home but those programs are too much so I downloaded Helix. But is it nessicarry to learn linux? I guess what I'm asking is since I'm learning computer forensics should I start to learn how linux OS works or should I just focus my attention on learning how the windows file system works and becomming really familiar with that?
Most likely your next couple of years will be examining Windows systems using Windows systems, I'd stick with that. As time allows, pick up a learning Linix book and start practicing, but you have some time.
A suggestion would be to get a hex editor (WinHex or HexWorshop) which have nice evaluation options and the demo version of FTK (FTK without the dongle) and practice on small "cases" at home. Diskettes are nice for this but a thumb drive will work if you can dedicate it to your forensic work.
Use it to learn how the OS handles the file system. What do the various file headers "look" like? What happens to time stamps when . . .