Question #1 What are the basic system requirements in order to get started on the certification?
Which certification?
Question #2 What is the normal income for CF? Does it depend on how you aproach the business? Do some work for themselves as a contractor or something similar?
I'm sure some examiners do work on the side, but that usually comes with experience. If you're just getting started, its probably a good idea to locate a mentor. Taking courses at a local college or university is a good idea, or evening joining the military (AF, as opposed to others).
Of course, there is quite a bit you can do for free or very little cost.
HTH,
H
Hi Everybody,
Good thing that kristen opened this topic, it has already answered a few of my questions. -)
What i would like to know is what the use of a writeblocker is, atleast how is it commonly applied in this industry ?
Thanks in advance.
A write blocker is used when imaging or accessing a disk to ensure that the original suspect disk is not altered in any way.
Ideally you would then perfom analysis on an image that has been acquired.
They are (or should be!) used all the time when performing offline imagaing.
There are a few occasions, like when you are performing live forensics, where the use of one is impossible, but generally they are used constantly.
They aren't excessively expensive. Look at the Recommended Hardware topic that was started by Jamie - there is more information in there.
-)
Okay,
So one would then place one of these babies on a "suspects" disk so you can only read and not accidentally mess up the evidence.
Was more less what i thought so thanks for confirming that -)
Are all these writeblockers 100% hardware or software or maybe even Semi's ?
Seems to depend on which you get -)
There are some which are capable of "caching" the writes that should be made, so infact you can boot a computer from a suspect disk through the write blocker - the OS thinks that it is changing the disk, but in fact it is modifying memory on the device, which, when subsequent reads are made, returns the new value … ( I hope that made sense ! )
If there is a software component in writeblockers it is embedded in the device, not as an installed driver on the machine ( again, I believe - please correct me if I am wrong someone ! ).
You can do software only writeblocking under UNIX/Linux derivatives ( mount a disk as read only ) - and this is theoretically sound ( I believe ! ), but professionaly, people will use hardware based write blockers to be sure .
For the record - you should test your writeblockers to ensure that they actually do block writes (a) before first use and (b) regularly to be safe.
Hi,
The tricky thing about this business is getting into it. There are masses of studants doing degree courses in the UK and US and I don't think there are enough positions available to employ them all.
Starting up on your own is even harder as police forces will send outsource work to tender once every few years and will choose companies they know can do the job, although low price will be a factor of course. Solicitors might have people on their books to do defence examinations but there are issues in the US on how the defence examiners are allowed to work.
The situation is similar in the corporate field. There are insufficient vacancies for permanent jobs to employ all the students finishing their CF degrees.
I don't know if you have decided after much consideration to go into this field and whether you have a good knowledge of the core subjects such as disk geometry, file systems, reverse engineering system files etc. CF isn't necessarily better paid than any other area of IT, in fact for some they took a paycut to work in CF.
My advice so far might sound a little harsh, it isn't meant to be. I would just be concerned that someone might commit time, spend money etc on a career that might not be what they expected. If you've thought about this in detail and you've done or you do your research then by all means go for it and be persistant in trying to find work in this field.
In the current economic climate it's important to spend your money wisely, use your time on endaevours that will be worthwhile and ensure that at the end of it you will be employable, preferably in a growth industry.
Steve
Seems to depend on which you get -)
There are some which are capable of "caching" the writes that should be made, so infact you can boot a computer from a suspect disk through the write blocker - the OS thinks that it is changing the disk, but in fact it is modifying memory on the device, which, when subsequent reads are made, returns the new value … ( I hope that made sense ! )
If there is a software component in writeblockers it is embedded in the device, not as an installed driver on the machine ( again, I believe - please correct me if I am wrong someone ! ).
You can do software only writeblocking under UNIX/Linux derivatives ( mount a disk as read only ) - and this is theoretically sound ( I believe ! ), but professionaly, people will use hardware based write blockers to be sure .
For the record - you should test your writeblockers to ensure that they actually do block writes (a) before first use and (b) regularly to be safe.
I understand a 100% what u mean, so i guess im not entirely computer illiterate ) I can definately understand why one would rather have a device that can do this, than have a self managed software solution.
With the software semi config i think that IF there would be any software or UI that it would be like ROM/FLASH based like a router for instance. Ive never needed or seen one of these so correct me if im wrong.
With the software semi config i think that IF there would be any software or UI that it would be like ROM/FLASH based like a router for instance. Ive never needed or seen one of these so correct me if im wrong.
Seems a reasonable sort of assumption to make -)
@steve862 very sound advice, it's inconceivable to me that supply (of graduates) won't outstrip demand very shortly based on the increasing number of further education courses cropping up all over the place.
@anyone not to hijack this thread, but as we're talking about write blockers might I invite comments on the latest blog post? I'd be interested to hear how and how often people are testing their write blockers.
Of course, I'm assuming people *are* testing their write blockers 😉
Greetings,
You actually reminded us that we should be testing our write blockers. We'll be doing it monthly. As one poster pointed out, we're not sure what we'll do if it fails one month - do we toss out all the cases processed since the last time it passed? We'll aim for testing each time, but for the moment, once a month and then work up from there.
-David