I would appreciate some career advice.
I am a recently retired IT person, including IT security, who just got his PI license to do subcontract work for two PI friends. One friend is convinced there is a local market for eDiscovery from cell phones, and this market provides an opportunity to make far more per hour than what my current subcontract work pays. If I pursue this, my goal would be to gain enough qualifications to work 10-20 hours per week in eDiscovery work. With my pension and working wife, income is not critical; I am not looking for full time work. I would want to pass off to better qualified people cases where I would get in over my head.
Assuming such a market exists, my two specific questions are
1. What tool(s) would you recommend I master? For example the more I study XRY the more it seems useful for cell phone forensics, which is more than I want to do. Also while reviewing a real life eDiscovery the person needed a different tool from Cellebrite to get the password for an iPhone.
2. How much additional expertise do I need? For example, I assume becoming certified in Cellebrite would not teach me how to make sure Cellebrite did not alter the contents of a cell phone, especially files last modified time/date. In short, I need to know what I do not know.
I came out of retirement last year to do IT work on forest fires. I learned intermittent high paying IT work is great; it’s not the grind full time work is. This year I am hesitant to do IT work on forest fires again since my routine IT skills are eroding.
Thanks for any help you can give me.
Hi gnorthern,
newbie like you, I've been lurking this forum (thanks to all) for a while and am currently going through DF courses. Here my experience so far
- EnCase (am following GSI courses) v.7 offers extraction from mobile devices. I didn't went deep into the subject but had the impression is a sort of "start-up", there are few devices supported and if I remember correctly he's not able to retrieve Iphone passcode.
- Cellebrite I do have the UFED ultimate + Physical Analyzer. It worked great for an Iphone4, he has been able to retrieve the passcode (simple one with 4 digits) and physically dump the data. Bear in mind the Iphone was not working. For another Iphone4 I didn't manage to physical dump, PA didn't manage to load into the phone correctly. Cellebrite support seems to be looking at this issue.
No exposure at all into XRY and MPE+ from AccessData, but reading all the posts in the forum I had the impression UFED is a tool you can't miss.
Cheers,
Bonaventura