I am currently enrolled in a CF program with the "real" intention of using it to augment a resume' that is primarily focused on publishing. However, I also know it would be foolish not to at least consider a CF career.
Is it feasible to work in one field and run a CF company on the side. Realistically, how quickly could I expect some of the more expensive programs and tools to pay for themselves? (Tool kits can run into the thousands, so cost is definitely an issue.)
I am not having doubts so much as I have questions.
Dom
-thanks.
Greetings,
It all depends on the jobs you get and what tools (you think) they require.
I can make enough money conducting a single collection to pay for the pair of TD1s used during that collection. Any other collection after that is mostly profit.
I can manage an entire ediscovery case with $200 in tools. ($200 for dtSearch, and if you were inclined, you could probably replace dtSearch with Lucene.)
You can do an entire forensics case with The Sleuth Kit.
About the only thing I think you need to spend money on is a good forensics system and a good writeblocker and even then, you can writeblock with a registry hack or WinFE (which does the same thing for you.)
So, you don't need those expensive tools to run a successful CF firm. I own a lot of expensive tools but over the years have found myself using EnCase a lot less and less expensive tools a lot more. Sure, if I had $50K to spend on tools each year I could happily do so, but it isn't a necessity.
-David
Thanks.
Cost is a huge issue. And, of course, getting the jobs requires advertising, which also requires money.
Dom
-admits that some of the big expensive kits look nice though.
Greetings,
Getting jobs doesn't require traditional advertising. The "advertising" I've done is
1) Standard business web site.
2) Blog
3) Attending classes, conferences, and meetings.
Before engaging in any advertising, I'd do some careful analysis to determine how effective it might be. I learned a lot about what might work, and what would not work, by talking with potential clients, or people who were like potential clients. One lunch with a bunch of lawyers was very enlightening.
-David
sorry to interrupt this good discussion,
i am however, curious as you all already mentioned about tools to do analysis, and the cost it might catch up… how about, the hardware part? the hard disk to do imaging…
also one question, is there any tools to manage the evidence? what i mean is, to manage/storing the evidence, as if to keep track/log all the evidence?
i didn't find yet tools that manage the evidence according to the Rules of Evidence. or am in not expert enough in googling yet..
Greetings,
I use CaseNotes, Excel, and Word for managing my cases. Yes, there are case management systems out there, and people roll their own as well, but when you're just starting out, those three should be quite sufficient for getting the job done.
Oh, and a label maker (label disks), digital camera (photographs of evidence), evidence bags, plastic totes (store evidence relating to a case), and a secure room or safe (evidence storage).
-David
about safe (evidence storage) is it convenient to use network storage to store? i believe, it would be much more effective for the investigator to work among them and access the evidence to analyze together..
Greetings,
Using a NAS is certainly viable, if used correctly, -articularly if you have multiple examiners. But, good practice suggests that your NAS and your examination systems are protected by a firewall, or airgap.
-David
thank you for your response…
i am totally agree with that.. firewall is a must to avoid people ruining the evidence.but… apart from the tools and practice, i had been told by someone that, to automate the forensic task is a no no.. and the manual analysis is still needed…would anyone agree on that? plus while laughing he said, what would the investigator would do, if everything was already automated. hehe. i believe in joking mode he said.
Greetings,
Well, there is automation, and then there is "push button forensics". RegRipper automates a lot of steps in registry analysis. Is your friend suggesting that you do all those steps by hand, or that you confirm RR's results by hand after using it? Manual confirmation of your tool's results is wise, absolutely.
We need automation to deal with large volumes of data, repetitious tasks, and tasks that are too complicated to perform manually such as decryption. I'd advocate learning how to do many things by hand first but once you're comfortable with the process, validate your tool and use it to perform the task.
-David