Join Us!

Notifications
Clear all

Certifications Poll  

Page 2 / 2
  RSS
taylormade
(@taylormade)
New Member

do you hire A) Joe with no specialized CF certifications but has said he is experienced in Computer Forensics or B) Doug who has Overall Security Cert (Security +, CISSP or GSEC) a specific Forensic Cert (CCE or GCFA) and a Forensic Tool Specific Cert (ENcE Or ACE)

Which would be considered more of an Expert Witness?

Speaking of expert witnesses, how much are you going to squirm when the opposing counsel asks you why you aren't certified? In front of lawyers and jurers, it is a lot easier to say "I have these certifications and thus I'm an expert" than it is to sit through several days of cross examination trying to prove it.

The scary flip side to that is counting how many people have the EnCE and no other experience who are considered expert witnesses.

If you're in that line of work where you have to bid on contracts, you never know what a client/lawyer/whoever is going to want so it's better to have as many certifications as you can.

ReplyQuote
Posted : 25/10/2005 9:24 pm
samr
 samr
(@samr)
Active Member

However, how much do certifications and other qualifications actually mean when they are weighed up against experience? I am new to the area and I view certifications as a way of trying to show that I have enough knowledge in the area to be able to complete my job successfully and eventually start venturing into computer cases. However, I often wonder how much they really mean against someone who has a lot more experience. Would an expert witness with 20 years in the field really need to argue their case by saying they have A, B and C certifications?

ReplyQuote
Posted : 25/10/2005 10:13 pm
m7esec
(@m7esec)
Junior Member

The problem, especially when hiring for one investigation or being cross-examined, is how does one verify just how much experience some people have. People "exaggerate" their experience all the time. Unless you are well-known throughout the industry, there is no real, scientific way to know what you are saying is true. Certifications, at some levels, show at least a baseline knowledge, a desire to keep up with the technology, and sometimes a experience requirement by a third-party.

I also agree with Taylormade, to rely on just a tool specifc cert is opening yourself up to a big problem. For instance, if you just had the EnCE, and if you would follow its Forensic Methodology, when you saw a Live machine you would just unplug it from the wall, losing all Volatile and possibly relevant data. Why? Because Encase (outside of Enterprise) has no feature that would grab Volatile data. There could be alot of potentially "smoking gun" evidence in a physical memory dump that some tools outside of Encase provides.

"Tool Tykes" or Tool Kiddies as I like to call them, are those that rely just on a specific toolset and can be a real detriment to our industry.

OK, back to the thread! )

ReplyQuote
Posted : 26/10/2005 2:01 am
armresl
(@armresl)
Community Legend

M7

You have never been asked for a list of cases that you have testified in? That is pretty routine and is easily checked out by usually one phone call and a look at your paper that you would attach with your CD.

ReplyQuote
Posted : 26/10/2005 7:41 am
bjgleas
(@bjgleas)
Active Member

Would an expert witness with 20 years in the field really need to argue their case by saying they have A, B and C certifications?

Experience is very important, but can not alone suffice. John Thornton, an Emeritus Professor of Forensic Science at the University of California at Berkeley states, "everyone agrees that an expert's bare opinion, unsupported by factual evidence, should be inadmissible in a court of law." But yet it is often accepted by those who think anything said by someone with a scientific degree (or certification) is "scientific." Experience is hard to judge, and there is no real way to evaluate it.

I agree with Thorton. I run into this all the time. I often have the task of interviewing people for technical jobs, and it is sometimes difficult to determine the difference between fact and fiction on a resume. While certain facts can be verified (where someone was employed, and for how long), the quality of their work, like the quality of an expert's opinion is difficult to quantify. The same is true in court.

If the expert "knows" something because they have been doing it for such a long time, then they should also know where to find real evidence to support their opinion. As a teacher, I sometimes "know" when a student cheats, but I have to find the hard evidence to prove it - the college with not act on a hunch - and neither should a judge or jury.

While experience is valuable, opinions are not science, and as Thorton states, "If there is no science, there can be no forensic science."

bj

ReplyQuote
Posted : 26/10/2005 10:09 am
armresl
(@armresl)
Community Legend

What is it that is hard to verify on a resume? You can check references, you can check court cases that they testified in and cross reference the CV they gave to the court then with what you have now, you can call colleges and check degrees, unless a case is under seal there are very few things that you can't check out.

ReplyQuote
Posted : 26/10/2005 8:37 pm
m7esec
(@m7esec)
Junior Member

M7

You have never been asked for a list of cases that you have testified in? That is pretty routine and is easily checked out by usually one phone call and a look at your paper that you would attach with your CD.

Most of my experience involves Internal Corporate computer investigations that does not always require court testimony. So using this method of experience verification does not adequetely reveal my experience. I believe that I am not in the minority here.

It all boils down to marketability and that is something I believe Certs provide as well as what I had wrote previously.

ReplyQuote
Posted : 26/10/2005 10:07 pm
infosecwriter
(@infosecwriter)
New Member

Just a poll to see what industry certifications people of the board have, and what job position they have with these certifications.

I appreciate any responses -)

CISSP-ISSAP/ISSMP, NSA-IAM/IEM, CEI-CEH/CHFI/ECSA/LPT, CHS-III, CCNA, A+/Network+
Plus some random/proprietary ones.

Current Positions Gov. contractor, Instructor, Pen Tester, Forensics.

ReplyQuote
Posted : 10/05/2006 7:58 am
Page 2 / 2
Share: