Looking into Computer Forensics
Im looking to enter the field in the near future. Right now im looking for advice on how to go about this - i have a few ideas I want to look into but if anyone has any advice for me,please let me know.
Im 22 and 1st year in Computer Networks at a Uni in London. I have just over a years commerical experience in a Junior Support role and Im a MCDST and hopefully by Friiday MCSA. I am looking into a Masters in Computer Forenics once i finish in 3 years time with Glasgow and Bradford looking good (Cranfield's part-time and price are the bad points - otherwise it would be my first choice). Im also looking at starting Security+ in the next few months and then move into either CEH or CHFI.
I have to admit i havent done much reading into CF and if someone could give me the name of a few titles that would be good to start off reading i would appreciate the help.
I would also like to look into the possiblity of contacting firms in London to gain experience on an unpaid basis. Would it be wise to at least get some knowledge under the belt first before asking around or do you reckon - hands on learning will be the best source of information and learn as we go along?
I think the CEH + CHFI are a good first step to help establish a reasonable foundation. SANS Institute also have an offering related to forensics. As you are doing your MCSA too - I would suggest you get a recent book by Harlan (aka keydet on this forum) as an excellent reference and guide called Windows Forensics and Incident Recovery (The Addison-Wesley Microsoft Technology Series)
A good source for good free CBT training on Various subjects includong Forensics can be found at vte.cert.org. bookmark it.
I have a somewhat different opinion. I think you would be better served by concentrating on your current degree work and complete any course electives with computer forensic classes. Many concepts in computer forensics are better understood when the foundation is well understood.
You sound like an over achiever – full college course load, plus MSCE and CEH or CHFI certifications. If you are cramming your brain with the basics – how can you apply conprehend advanced concepts? Just – thinking out loud, so to speak/type!
Two books Guide to computer forensics and investigations 2ed. Bill Nelson, Amelia Phillips, Frank Enfinger and Christopher Steuart. I think this is a good comprehensive text - Not really advanced level - but covers the concepts very well. Next File System Forensic Analysis by Brian Carrier.
Free material - devour the content in the SANS reading room - especially papers about analyzing intrusions and binary's and systems. They illustrate techniques and approaches for researching, obtaining and analyzing data concerning forensic investigations (based upon some actual [so to speak] and staged datasets).
I have completed my certifications - so that finished. Degree is my priority right now and i have no plans to do CEH or CHFI while i study.
I cant do any electives its a different system in the Uk to the American system - so my only exposure to forensics before i do a Masters will be self-taught which i have no problems as i completed my certification this way.
Thanks for the advice on the books and i have bookmarked the SANS site.
For people in the Uk market - what has more value - tertiary educational qualifications or certifications?