Notifications

Clear all

An interested student after some advice!

ChrissyAA3 · 2012-04-26T00:14:54Z

Hello all,Its my first post here and I can guarantee, won't be my last. Basically I'm just after some advice, no matter how small or large, all is appreciated. Okay so basically I'm on a 3 year sandwich course studying digital forensics at Sheffield. Currently I am on a placement year with a very reputable company. I am really, really enjoying this year and have found that it has completely refocused me about my future career. The only unfortunate end is that I am doing general IT support, as I'm sure many of you are aware, getting a placement in the forensic industry when you aren't qualified is 99% impossible. I find myself often quite bored on a night time finding little projects to do. Im living in Bedfordshire and find that there often isn't too much happening. Ive started to read research papers and play around but nothing too strenuous. I guess here is where you guys could help me. Obviously because I'm not at Uni at the moment I don't have access to my Encase software. Im just wondering what you guys recommend in possibly free software or even projects I could use. I have the usual Virtual Machines, SANS, SIFT, BackTrack and CAINE but dont really feel that these offer anything in the way of real forensics (Please feel free to tell me if I'm mistaken here). So yea, any advice on projects i can take up or get involved in would be muchos appreciated!ThanksChris

Page 2 / 2 Prev

General (Technical, Procedural, Software, Hardware etc.)

Last Post by anthonyrfrancis 13 years ago

15 Posts

10 Users

0 Reactions

1,608 Views

RSS

ChrissyAA3

(@chrissyaa3)

Active Member

Joined: 13 years ago

Posts: 7

Topic starter 22/05/2012 12:10 am

Hi Chris,

I originally wrote this for another post (didn't get any feedback) so figured I'd see if it helps here. Not sure if I should have linked it rather than replicated it? Anyhoo here is a re-edited version just for you 😉

I am not currently in the DFIR industry but I am currently trying to get in. So take all of this with a grain of salt.
In general, I think it's easier to land a Digital Forensics job if you already know somebody in the industry.

I have found that blogging about my research/self-learning has resulted in a quite a few helpful contacts coming forward / responding to my enquiries. There's quite a few people in the DFIR community who are willing to help out but I think you first have to show that you're already making an effort/have a basic understanding.

Some suggested reading (in case you haven't heard of these)
Harlan Carvey's "Windows Forensic Analysis" series of books
Cory Altheide/Harlan Carvey's "Digital Forensics with Open Source Tools" (this can be used really well with SIFT)
Brian Carrier's "File System Forensic Analysis"
Andrew Hoog's "iPhone and IOS Forensics" and "Android Forensics"

Also, play around with SANS SIFT Workstation. It has heaps of open source tools already installed and it's free (unlike Encase/FTK). I write about SIFT quite a lot in my blog and I think it has quite a large user base.

You can start with the M57.biz case from http//digitalcorpora.org/corpora/scenarios/m57-jean
Its in EnCase format but you can still mount it with SIFT. I documented my experience with this on my blog but had to take down the results section as it's still in use by students. I still have a "how to set it up" post though which might help you.

With your free time, I'd recommend just learning about topics that interest you and blogging away. It doesn't matter if no one reads at first, the point is to build up your skills (in both forensics and written communication). As you develop your skills, you are bound to solve a problem that others will find helpful.
Eventually you can get a following of sorts and that makes it easier to reach out for advice/employment.

I think knowing how to program is another skill well worth developing - you can't rely on someone else to solve every possible forensic problem out there. And you can also save yourself time by writing some simple batch scripts (eg in Perl or Python).

It probably depends on the employer but I think having existing skills/experience (especially in commonly used tools eg RegRipper) will outweigh a Postgrad qualification (for entry level anyway). Being able to think/solve problems independently is what all those Uni degrees are supposed to be for anyway.
The cool thing is, you can use your blog as evidence as to how you think/solve problems.

Hope this helps,

Cheeky

Wow thank you for that! Sorry, I thought I had replied, turns out it hadn't, I blame our wireless, perhaps that should be on top of my list to sort!
As for knowing someone in the business I'm actually quite fortunate about that, and have been very blessed to have a lot of good offers from people through my placement. Invaluable advice that has been provided there, thanks! As for the Andrew Hoggs book on iOS forensics I've actually read that and found it quite interesting. As an iPhone user for the past 4 years I was pretty shocked and intrigued as to how much information my phone stores about me! Crazy

A lot of books and resources have been recommended to you…at some point, that can be overwhelming. I'd suggest starting with one thing…the Windows Registry, Linux file systems, something…and start there. A journey of 1000 miles starts with a single step…but you can't finish it unless you start.

Cheers keydet89. Ive been chatting to a few people and they also said learning about Linux, so I'm downloading a copy now and going to load it into a VM. Ill give that a go.
Again thanks guys. Muchos appreciated!

Chris

ReplyQuote

lynoharvey

(@lynoharvey)

Active Member

Joined: 16 years ago

Posts: 15

22/05/2012 3:23 pm

Hi,

If you have some time on your hands–it might be worth entering the Digital Forensics Challenge.
This is the web site
https://cybersecuritychallenge.org.uk/digital-forensics-challenge.php

It involves lots of different exercises –starting from fairly basic to very advanced. It includes a wide range of exercises on different platforms and different aspects of forensics.

I find they are a good way to test my knowledge and learn some new things.
The files are presented to you and the challenge is to find out the best methods and software to solve the problems. I like this because it makes me research the techniques independently.

They are fun too !

Good Luck. D

ReplyQuote

ChrissyAA3

(@chrissyaa3)

Active Member

Joined: 13 years ago

Posts: 7

Topic starter 23/05/2012 12:22 am

Hey, that is pretty cool! Ive signed up already. How long have you been going at it?

Cheers
Chris

ReplyQuote

hungry_guy3

(@hungry_guy3)

Eminent Member

Joined: 16 years ago

Posts: 21

31/07/2012 4:18 am

So Chris, do you mind me asking, when do you have to return back to your uni? Are looking for some Digital forensic work exp before that? What sort of IT helpdesk job are you currently doing?

ReplyQuote

anthonyrfrancis

(@anthonyrfrancis)

Active Member

Joined: 13 years ago

Posts: 12

03/08/2012 5:11 pm

Thought I would just say thanks for the replies here, not only have the probably helped Chris but I've found them useful too!

Chris, I'm returning to university in September too! How exciting this is our final year, did you ever manage to get some real experience? As this probably isn't a conversation for here send me a message if you want to chat to another student in your position, we can share our stories!

Anthony

ReplyQuote

Page 2 / 2 Prev

8 Forums
15.7 K Topics
92.3 K Posts
357 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed