In my mind, the degree shows that you have completed a comprehesive course of study, and the certs show that you are keeping up in the field.
I think that probably summarises it quite nicely. In such a field like IT where everything is changing so quickly it is important to be able to say that you move with the times and keeping up with current technology. I completed my degree in 2002 and although quite a lot of it is still relevant now, new technology is emerging all the time and of course there are many aspects of IT that I didn't cover in my degree or postgrad.
As for the Certified Computer Examiner, I found it quite a useful examination process which helped me learn a lot of stuff whilst working through it. In fact, I quite enjoyed doing it. Out of interest Bj, are you thinking of completing the specific exams in various file systems to upgrade to MCCE status?
samr
The CCE was a lot of work, but a lot of fun as well.
In order to become a MCCE you need to take 3 or more file system endorsement exams. But when I go to register at http//
bj
Yes, I also noticed this and emailed John about it. I received a reply from John Mellon the other day to state that the other specialist exams should be ready in the next few weeks so if you are interested in the MCCE you might find it useful keep checking the site in the near future.
The EnCE is similar to CCE in some levels, it requires a level of experience (18 months) and after the initial exam there is a practical requirement where they send you data to run a Forensic Exam. There is a good overview of Security Certifications here.
http//
An interesting list. Thanks for posting that )
do you hire A) Joe with no specialized CF certifications but has said he is experienced in Computer Forensics or B) Doug who has Overall Security Cert (Security +, CISSP or GSEC) a specific Forensic Cert (CCE or GCFA) and a Forensic Tool Specific Cert (ENcE Or ACE)
Which would be considered more of an Expert Witness?
Speaking of expert witnesses, how much are you going to squirm when the opposing counsel asks you why you aren't certified? In front of lawyers and jurers, it is a lot easier to say "I have these certifications and thus I'm an expert" than it is to sit through several days of cross examination trying to prove it.
The scary flip side to that is counting how many people have the EnCE and no other experience who are considered expert witnesses.
If you're in that line of work where you have to bid on contracts, you never know what a client/lawyer/whoever is going to want so it's better to have as many certifications as you can.
However, how much do certifications and other qualifications actually mean when they are weighed up against experience? I am new to the area and I view certifications as a way of trying to show that I have enough knowledge in the area to be able to complete my job successfully and eventually start venturing into computer cases. However, I often wonder how much they really mean against someone who has a lot more experience. Would an expert witness with 20 years in the field really need to argue their case by saying they have A, B and C certifications?
The problem, especially when hiring for one investigation or being cross-examined, is how does one verify just how much experience some people have. People "exaggerate" their experience all the time. Unless you are well-known throughout the industry, there is no real, scientific way to know what you are saying is true. Certifications, at some levels, show at least a baseline knowledge, a desire to keep up with the technology, and sometimes a experience requirement by a third-party.
I also agree with Taylormade, to rely on just a tool specifc cert is opening yourself up to a big problem. For instance, if you just had the EnCE, and if you would follow its Forensic Methodology, when you saw a Live machine you would just unplug it from the wall, losing all Volatile and possibly relevant data. Why? Because Encase (outside of Enterprise) has no feature that would grab Volatile data. There could be alot of potentially "smoking gun" evidence in a physical memory dump that some tools outside of Encase provides.
"Tool Tykes" or Tool Kiddies as I like to call them, are those that rely just on a specific toolset and can be a real detriment to our industry.
OK, back to the thread! )
M7
You have never been asked for a list of cases that you have testified in? That is pretty routine and is easily checked out by usually one phone call and a look at your paper that you would attach with your CD.
Would an expert witness with 20 years in the field really need to argue their case by saying they have A, B and C certifications?
Experience is very important, but can not alone suffice. John Thornton, an Emeritus Professor of Forensic Science at the University of California at Berkeley states, "everyone agrees that an expert's bare opinion, unsupported by factual evidence, should be inadmissible in a court of law." But yet it is often accepted by those who think anything said by someone with a scientific degree (or certification) is "scientific." Experience is hard to judge, and there is no real way to evaluate it.
I agree with Thorton. I run into this all the time. I often have the task of interviewing people for technical jobs, and it is sometimes difficult to determine the difference between fact and fiction on a resume. While certain facts can be verified (where someone was employed, and for how long), the quality of their work, like the quality of an expert's opinion is difficult to quantify. The same is true in court.
If the expert "knows" something because they have been doing it for such a long time, then they should also know where to find real evidence to support their opinion. As a teacher, I sometimes "know" when a student cheats, but I have to find the hard evidence to prove it - the college with not act on a hunch - and neither should a judge or jury.
While experience is valuable, opinions are not science, and as Thorton states, "If there is no science, there can be no forensic science."
bj
