Join Us!

Notifications
Clear all

Computer Certifications  

Page 1 / 2
  RSS
Bddy829
(@bddy829)
New Member

Seeing as though I am still in college working towards a degree in Computer forensics, I was wondering if anyone who is already in the field knows of any computer certifications that could help me in my career?

Quote
Posted : 24/04/2005 3:26 am
taylormade
(@taylormade)
New Member

CISSP - http://www.isc2.org - always a good bet. Broad background in everything security related. Management cert, so even the technical aspects aren't that technical. A little tough to get the required 4 years of experience while still in college, but I know plenty of people that have done it. A paper cert, but easily the most pain the @$$ test you'll ever take - so, where I normally say that paper certs are the ones you don't have to work for, this one is the exception.

GCFA - http://www.giac.org/certifications/security/gcfa.php - used to be awesome, but now that they did away with the practical there are mixed feelings about it. It is tied HEAVILY to the SANS forensics track, to the point that many questions are word-for-word quotes from their course books on topics that you won't find anywhere but in their course books. But, if you can get to a SANS conference (for a starving college student, I recommend the volunteer program), it is a respected acronym to have after your name.

CCE - http://www.certified-computer-examiner.com/ - probably the best bet out there. Excellent practicals (note the plural) that really prove you know how to follow a forensic methodology and write reports that a lawyer will take serious. Incestuously related to the CFCE, which is a law enforcement only cert (and thus not listed). I really like this one. It's written test is a not-even-funny joke, but the practicals more than make up for it.

CCFT - http://www.htcn.org/cert.htm - this one is interesting. You won’t be getting this coming out of college. There is no exam… no practical… you document 10 forensic cases you actually worked for actual lawyers (or whatever), they call the people involved to verify and get character references and award the cert based on that.

EnCE - http://www.guidancesoftware.com/training/ence/index.asp - a vendor specific cert, but that is about the only bad thing I can say about it. Decent test and a pretty practical that really makes you dig for data in places you never wanted to go. It’s also well recognized by law enforcement and lawyer types that use EnCase because they don’t know any better. Normally I don't recommend vendor certs for general topics, but same as with the CCNA - if the market share gap is big enough, you have to go with what's out there.

CIFI - http://www.iisfa.org/certification/certification.asp - to new to tell for sure. They use the word forensics in the name, but the test and the overall feel of the org is not traditional, get to the bit level of a hard drive type forensics but more general security and network incident response. They claim to be “recognized as the only certification that truly represents the abilities of field information forensics investigators and is the benchmark by which they are measured”, but they have only been around a few months whereas the other above have been around for years. It is a paper cert.

CFE - http://www.cfenet.com/cfe/default.asp - not a forensics cert, but a fraud related cert. Doesn’t help you image drives, but does help you figure out what’s wrong with that Quicken file that makes those transfers illegal. I see a lot of Armani and tasseled loafer wearing examiners in the private sector working for those big financial consulting firms (KPMG, Anderson, Deloitte&Touche, etc) with this cert. (not to imply there is money to be made in knowing how to examine fraud and thus knowing what other examiners might examine about your accounts)

I would really like feedback from the rest of the forum on these and any other certs that I might have missed.

ReplyQuote
Posted : 09/06/2005 7:27 am
taylormade
(@taylormade)
New Member

CHFI - http://www.eccouncil.org/CHFI.htm - I haven't taken this test yet, so I'm not really sure how it will stack up. The list of items that the test covers includes some tools/topics that are a little obscure (ie. it's a public test, but it covers Ilook which is only available to LE). It's a paper cert.

ReplyQuote
Posted : 10/06/2005 2:56 pm
Bddy829
(@bddy829)
New Member

Hey thank you very much I will look into all this information.

ReplyQuote
Posted : 21/06/2005 4:39 am
xvictim
(@xvictim)
New Member

Thanks a lot taylormade , this is Very Useful

ReplyQuote
Posted : 31/08/2008 8:58 am
BitHead
(@bithead)
Community Legend

If you are going to include EnCe, there are other vendor certs

ACE - AccessData Certified Examiner™ credential is obtained by completing the KBA (Knowledge Based Assessment) and the PBA (Practical Based Assessment). Prerequisites for ACE™ include the AccessData BootCamp and Windows Forensics - XP.

ProDiscover - Three day intensive ProDiscover training and certification classes are available through Technology Pathways or one of our training partners. Contact the Technology Pathways sales department for details.

Probably more.

ReplyQuote
Posted : 02/09/2008 8:47 am
mtgarden
(@mtgarden)
New Member

I like the GCFA. Yeah, its a paper only cert, though you can move ahead and get an upgrade to Gold status by doing a practical.

The nicest part about GCFA is that you use all open source tools. That's not to demean the paid for tools, it just means that you have a toolkit that you can always use at any time anywhere. I did that the other day used autopsy and foremost to help out a friend.

Further the GCFA spends a lot of time on the underlying file system and ensuring that you understand what each tool does.

I enjoyed the course; I took it @home from SANS. That saved me money and it was no different then an extended education course from college (the kind where the school mails you the book and materials and you send back your tests/reports etc.)

I haven't used the others, but I also recommend that you start pursuing a CISSP. It takes time. The CISSP is kind of a humanities cert. The value is that it gets your resume past HR….

ReplyQuote
Posted : 02/09/2008 8:27 pm
iamnowonmai
(@iamnowonmai)
New Member

I like the GCFA. Yeah, its a paper only cert, though you can move ahead and get an upgrade to Gold status by doing a practical.

The nicest part about GCFA is that you use all open source tools. That's not to demean the paid for tools, it just means that you have a toolkit that you can always use at any time anywhere. I did that the other day used autopsy and foremost to help out a friend.

Further the GCFA spends a lot of time on the underlying file system and ensuring that you understand what each tool does..

Another vote for the GCFA. It is not a tool-based course. It will really teach you the nuts and bolts of the forensic process. It is true that the certification does not /require/ a paper, but the tests are proctored. So it isn't a trivial test to take, and no cheating. If you pass the GCFA, then you probably know what you are doing, and why. Most of us know people with tool-based certifications who are lost without their preferred software application. The GCFA isn't like that at all.

Full-disclosure - iamnowonmai (GSEC,GCIH,GCFA)

ReplyQuote
Posted : 02/09/2008 9:14 pm
mlachniet
(@mlachniet)
New Member

I agree with the other posters about the GCFA - it is a good cert. It is good in that it is "vendor agnostic" and requires you to really understand the underlying concepts. A minimal amount of time is spent on the GUI and syntax of specific tools. For that reason, I believe that a LOT more time is spent on true education than in any vendor-specific cert. I have read, for example, the official EnCe study guide, and it was total fluff compared to the GCFA materials (though I should confess that I haven't taken EnCe training personally, nor sat for the test). There is a lot of good information on Windows forensics that is informed by Harlan Carvey's work (the best Windows forensics guy I've ever met). There is also a full day on legal issues, which is a critical component, in my opinion.

I also liked that the hands-on exercises in the class were helpful in supporting the material. Some of them were downright mean, like having to manually fix a FAT-16 file allocation table with a sector editor, including manually re-creating about 30 sector linkages. That sucker kept me up late in the hotel reading Brian Carrier's filesystem forensics book and getting it to work right, I can tell you.

That said, I would not outright trust a person with just a GCFA to be qualified, but I wouldn't for any other cert either. For example, the GCFA test is (was anyway) open book. I got high scores on the test because I had organized the course material and made it really easy to find the sections I was looking for. I could have theoretically been a genius at filing and a novice at forensics and passed.

I would, however, think pretty highly of someone who got the GCFA gold and completed a quality practical paper that I could read. In the past I have hired someone with a GIAC Gold practical paper, and being able to read their paper before the interview was invaluable, and ended up being a major factor in me hiring them. It would go a lot further if they also had a generalist cert such as a CISA or CISSP to round out their credentials.

NOTE A previous poster stated that the GCFA did away with the practicals. This not actually true. You can get a GCFA "silver" with just a test, but you have to do a peer reviewed paper to get the "gold". That said, your experience will probably vary a great deal depending on who your mentor / paper reviewer is.

Lastly, I would say that despite being expensive, the in-person training is very good. I took Rob Lee's section last fall (2007) in Vegas, and I can honestly say that it was the most interesting I.T. class I have taken in over 8 years. For people who already have a general or moderate background in forensics and think it will be easy, you will probably be challenged.

Best regards,

Mark Lachniet

ReplyQuote
Posted : 03/09/2008 1:20 am
davidlsharpe
(@davidlsharpe)
New Member

The original poster from 2005 indicated that he/she was working toward a college degree in forensics. That is probably the most valuable thing you can do. If you only have a bachelor's degree consider working toward a masters. A masters degree or higher in forensics or IT security probably has the highest long term payback of anything. For IT certs, one possible way to gauge the relative value of each of the certs mentioned above would be to do a keyword search for each on job search sites like indeed.com for your area (or for large whole IT employer states like Virginia, New York, Texas, or California). That should give you an idea which certs are most requested in actual job postings for each state. You won't find things like GCIH, GCFA, or EnCE ranking nearly as high as CISSP or CISA by doing that. I say all of this as a holder of CISSP, GCFA, GCIH etc. Everything listed by everyone above has its good and bad points, but in my opinion the advanced Information Assurance/Security college degrees are far and away better choices for your career. Sometimes I also feel that the various SANS/ISC2/ecCouncil certs unfortunately are more of an effort to get money from you than a genuine effort to provide a differentiating certification, and the courses and tests tend to cover out-of-date material a little too much.

ReplyQuote
Posted : 03/09/2008 2:42 am
waydaws
(@waydaws)
New Member

CISSP - http//www.isc2.org - always a good bet. Broad background in everything security related. Management cert, so even the technical aspects aren't that technical. A little tough to get the required 4 years of experience while still in college, but I know plenty of people that have done it. A paper cert, but easily the most pain the @$$ test you'll ever take - so, where I normally say that paper certs are the ones you don't have to work for, this one is the exception.

GCFA - http//www.giac.org/certifications/security/gcfa.php - used to be awesome, but now that they did away with the practical there are mixed feelings about it. It is tied HEAVILY to the SANS forensics track, to the point that many questions are word-for-word quotes from their course books on topics that you won't find anywhere but in their course books. But, if you can get to a SANS conference (for a starving college student, I recommend the volunteer program), it is a respected acronym to have after your name.

CCE - http//www.certified-computer-examiner.com/ - probably the best bet out there. Excellent practicals (note the plural) that really prove you know how to follow a forensic methodology and write reports that a lawyer will take serious. Incestuously related to the CFCE, which is a law enforcement only cert (and thus not listed). I really like this one. It's written test is a not-even-funny joke, but the practicals more than make up for it.

CCFT - http//www.htcn.org/cert.htm - this one is interesting. You won’t be getting this coming out of college. There is no exam… no practical… you document 10 forensic cases you actually worked for actual lawyers (or whatever), they call the people involved to verify and get character references and award the cert based on that.

EnCE - http//www.guidancesoftware.com/training/ence/index.asp - a vendor specific cert, but that is about the only bad thing I can say about it. Decent test and a pretty practical that really makes you dig for data in places you never wanted to go. It’s also well recognized by law enforcement and lawyer types that use EnCase because they don’t know any better. Normally I don't recommend vendor certs for general topics, but same as with the CCNA - if the market share gap is big enough, you have to go with what's out there.

CIFI - http//www.iisfa.org/certification/certification.asp - to new to tell for sure. They use the word forensics in the name, but the test and the overall feel of the org is not traditional, get to the bit level of a hard drive type forensics but more general security and network incident response. They claim to be “recognized as the only certification that truly represents the abilities of field information forensics investigators and is the benchmark by which they are measured”, but they have only been around a few months whereas the other above have been around for years. It is a paper cert.

CFE - http//www.cfenet.com/cfe/default.asp - not a forensics cert, but a fraud related cert. Doesn’t help you image drives, but does help you figure out what’s wrong with that Quicken file that makes those transfers illegal. I see a lot of Armani and tasseled loafer wearing examiners in the private sector working for those big financial consulting firms (KPMG, Anderson, Deloitte&Touche, etc) with this cert. (not to imply there is money to be made in knowing how to examine fraud and thus knowing what other examiners might examine about your accounts)

I would really like feedback from the rest of the forum on these and any other certs that I might have missed.

I can't aggree on the CCE being "the best bet". I remember looking at taking the online course when I became interested in the field. It was all widows (or DOS) based, at least where it came to the actual forensic activities, and still is like that. I just checked one "Authorized Training Partner".
It also heavily uses only one vendor's forensic suite, and it has a dependency on several commercial utilities (passware kit, norton utils, norton ghost, quickview …) all of which the student must purchase.

It's obvious the course content hasn't been update in awhile. They still list Hardware requirements like a 300MHz Win 95/98 computers, say Laptops aren't suitable, want you to have a a supply of 3.5 diskettes, and a "modem" for internet access.

I'm not kidding, see http//www.guardianconsulting.ca/courseoutline.pdf

That's just nonsense.

ReplyQuote
Posted : 05/09/2008 1:48 am
debaser_
(@debaser_)
Active Member

CISSP - http//www.isc2.org - always a good bet. Broad background in everything security related. Management cert, so even the technical aspects aren't that technical. A little tough to get the required 4 years of experience while still in college, but I know plenty of people that have done it. A paper cert, but easily the most pain the @$$ test you'll ever take - so, where I normally say that paper certs are the ones you don't have to work for, this one is the exception.

GCFA - http//www.giac.org/certifications/security/gcfa.php - used to be awesome, but now that they did away with the practical there are mixed feelings about it. It is tied HEAVILY to the SANS forensics track, to the point that many questions are word-for-word quotes from their course books on topics that you won't find anywhere but in their course books. But, if you can get to a SANS conference (for a starving college student, I recommend the volunteer program), it is a respected acronym to have after your name.

CCE - http//www.certified-computer-examiner.com/ - probably the best bet out there. Excellent practicals (note the plural) that really prove you know how to follow a forensic methodology and write reports that a lawyer will take serious. Incestuously related to the CFCE, which is a law enforcement only cert (and thus not listed). I really like this one. It's written test is a not-even-funny joke, but the practicals more than make up for it.

CCFT - http//www.htcn.org/cert.htm - this one is interesting. You won’t be getting this coming out of college. There is no exam… no practical… you document 10 forensic cases you actually worked for actual lawyers (or whatever), they call the people involved to verify and get character references and award the cert based on that.

EnCE - http//www.guidancesoftware.com/training/ence/index.asp - a vendor specific cert, but that is about the only bad thing I can say about it. Decent test and a pretty practical that really makes you dig for data in places you never wanted to go. It’s also well recognized by law enforcement and lawyer types that use EnCase because they don’t know any better. Normally I don't recommend vendor certs for general topics, but same as with the CCNA - if the market share gap is big enough, you have to go with what's out there.

CIFI - http//www.iisfa.org/certification/certification.asp - to new to tell for sure. They use the word forensics in the name, but the test and the overall feel of the org is not traditional, get to the bit level of a hard drive type forensics but more general security and network incident response. They claim to be “recognized as the only certification that truly represents the abilities of field information forensics investigators and is the benchmark by which they are measured”, but they have only been around a few months whereas the other above have been around for years. It is a paper cert.

CFE - http//www.cfenet.com/cfe/default.asp - not a forensics cert, but a fraud related cert. Doesn’t help you image drives, but does help you figure out what’s wrong with that Quicken file that makes those transfers illegal. I see a lot of Armani and tasseled loafer wearing examiners in the private sector working for those big financial consulting firms (KPMG, Anderson, Deloitte&Touche, etc) with this cert. (not to imply there is money to be made in knowing how to examine fraud and thus knowing what other examiners might examine about your accounts)

I would really like feedback from the rest of the forum on these and any other certs that I might have missed.

I can't aggree on the CCE being "the best bet". I remember looking at taking the online course when I became interested in the field. It was all widows (or DOS) based, at least where it came to the actual forensic activities, and still is like that. I just checked one "Authorized Training Partner".
It also heavily uses only one vendor's forensic suite, and it has a dependency on several commercial utilities (passware kit, norton utils, norton ghost, quickview …) all of which the student must purchase.

It's obvious the course content hasn't been update in awhile. They still list Hardware requirements like a 300MHz Win 95/98 computers, say Laptops aren't suitable, want you to have a a supply of 3.5 diskettes, and a "modem" for internet access.

I'm not kidding, see http//www.guardianconsulting.ca/courseoutline.pdf

That's just nonsense.

I agree that it could use a refresh, but there are no required tools as your post states. You are given different media types and told to perform an examination. As long as you follow basic procedures and find the pertinent information, the tools you use do not matter.

ReplyQuote
Posted : 05/09/2008 2:10 am
BitHead
(@bithead)
Community Legend

The exam does not require or utilize any one software.

Looking at the "What's Included" at several of the authorized training facilities I see that some software is included
Access to a range of FULLY LICENSED software
-SMART for Linux- http//www.asrdata.com/store/store.html
-Simple Carver–excellent carving utility you can use in actual forensic examinations.
-Passware Kit–password cracking tool

Perhaps Guardian has not updated their brochure?

ReplyQuote
Posted : 05/09/2008 3:51 am
bjgleas
(@bjgleas)
Active Member

I can't aggree on the CCE being "the best bet". I remember looking at taking the online course when I became interested in the field. It was all widows (or DOS) based, at least where it came to the actual forensic activities, and still is like that. I just checked one "Authorized Training Partner".
It also heavily uses only one vendor's forensic suite, and it has a dependency on several commercial utilities (passware kit, norton utils, norton ghost, quickview …) all of which the student must purchase.

It's obvious the course content hasn't been update in awhile. They still list Hardware requirements like a 300MHz Win 95/98 computers, say Laptops aren't suitable, want you to have a a supply of 3.5 diskettes, and a "modem" for internet access.

I'm not kidding, see http//www.guardianconsulting.ca/courseoutline.pdf

That's just nonsense.

But you have to be able to distingush between the teaching (guardian), and the testing (CCE). While the guardian details reflect badly, the CCE was the most interesting, challenging, and rewarding certs I ever earned.

The testing process is pretty simple - there is a trivial knowledge-based multiple-choice exam, followed by 3 simulated cases. And here is the best part - they seems to be more interested in the investigative process than the actual results. it's like the math teacher who doens't care that the answer is 42, but rather is more concerned about how you arrived at it. As they said on their website at one point - Don't just run Norton Tools, and give us a list of deleted files. You have to show them your mastery of the digital forensic investigative process - wiping media, checksums, chain-of-custody - and document all of it, and then link it all together. In one of the floppy disk examinations I did, the resulting documention was about 18 pages long - Overkill? Maybe… but I passed with flying colors.

And yeah, as others have said, they don't demand certain tools, because the focus here is on the process, not the tools. One of the reasons I liked this so much was becuase I wasn't locked into a single vendor's tool.

Don't judge a cert by the single vendor's implmentation.

ReplyQuote
Posted : 05/09/2008 6:26 am
Curio
(@curio)
Member

I agree, although perhaps some CCE components could be updated a bit (actually I think they have) people shouldn't be put off b/c of the DOS level stuff. Staying as close to the machine as practical (being able to write or modify a Perl script when necessary) while avoiding vendor specific tool focus is a good way to go. Being tied to pretty icon driven environments is OK for the general public, but not for someone that calls themselves a computer forensic investigator - like all good "investigators," one needs to be adaptable, out of the box driven, & resourceful. My two cents…

ReplyQuote
Posted : 06/11/2008 3:12 am
Page 1 / 2
Share: