I have to say case studies as well, I'm new to computer forensics as well and I really believe that hearing about other individual's experiences would give me a better idea of what happens in the workforce. I also think that it would be great to have more information of the types of jobs an individual majoring in computer forensics can get, I have spent the last two years at my college taking forensics courses with an advisor who thinks she is the smartest person in the world but who in reality is the least helpful and experienced person in the area of COMPUTER forensic science !
You should drop the science part, You either do CF, or Computer Science, but you wont hear it called computer forensic science. You may even do e-discovery, but all are very different from each other.
As far as jobs go the market is still flooded with new entry people promised jobs by advisers. Just think of the number of brick and mortar colleges as well as online colleges offering these type of things, and you'll start to get an idea how flooded the market actually is.
There are lots of threads on this site about job potential, but most of the people coming out of college have to start by just imaging and traveling around to each hot spot to do that. After a few years you may move to the index phase and then to investigations, but unless you're a savant, you'll rack up the driving time.
I have to say case studies as well, I'm new to computer forensics as well and I really believe that hearing about other individual's experiences would give me a better idea of what happens in the workforce. I also think that it would be great to have more information of the types of jobs an individual majoring in computer forensics can get, I have spent the last two years at my college taking forensics courses with an advisor who thinks she is the smartest person in the world but who in reality is the least helpful and experienced person in the area of COMPUTER forensic science !
I have to say case studies as well, I'm new to computer forensics as well and I really believe that hearing about other individual's experiences would give me a better idea of what happens in the workforce. I also think that it would be great to have more information of the types of jobs an individual majoring in computer forensics can get, I have spent the last two years at my college taking forensics courses with an advisor who thinks she is the smartest person in the world but who in reality is the least helpful and experienced person in the area of COMPUTER forensic science !
A couple of thoughts…
Again…case studies are great, but in my experience, few of the people who ask for them are themselves willing to share their own.
Getting an individual's experiences in the workforce is a great way to see how thing go IRL, outside of college. When I was on the ISS (and later IBM) ERS team, I had to be ready to leave at a moment's notice. I not only had times when I would book a flight at 11pm or later and be up at 4am to get to the airport, but more than once, I was booking a reservation on the way to the airport (a couple of times I had to wait at the terminal for my ticket to make it through the system).
The comment about new folks imaging "for a few years" just doesn't make any business sense. It is far less expensive to work ahead of time with customers to teach them to acquire, preserve and document data than it is to go on-site each time they need something done. That way, you can hire new folks, and spend your time training them.
I've been in your shoes before when it comes to advisers. I can offer this up…from my perspective (I'm looking a hiring requirements now, and have done it several times in the past for other employers), I would prefer to hire a young person who is new to the field and work with them to develop them professionally. I do understand that there is a need to hire some experienced folks, but often, they are harder to bring up to speed in the areas where they need work. More than anything else, what I look for desire and ability to learn, engage, and to process information and take it to the next level.
If I were interviewing a young person fresh out of school, I would be interested in work that they've done, particularly on a project basis. I know that some courses have labs or sample images…I'd like to know what they were asked to do, and what they did…what they discovered, what conclusions they came to. I'd like to know about any problems they ran into and how they overcame them.
Here's an example…and you can file this one under "case studies", as well…I tend to not use the large commercial forensic applications for the work that I do, and I was looking for indicators of off-system communications. Our malware analyst had determined that the badness I found used the WinInet API, so I understood I was likely looking for HTTP-type communications. There were no indications of unusual "browser" artifacts (on Windows systems, IE doesn't create entries in the index.dat or browser cache, WinInet.dll does…), so I had one more place to look…the pagefile. I parsed through the pagefile looking for strings (I used a domain name that the malware guy had dug out of the badness…), and wrote a Perl script that would grab 100 or so bytes on either side of the "hit"…I basically wrote my own version of EnCase's Preview capability for search hits. As a result, I found the memory debris from the malware's activity, including not just the request that went out to the web server, but the web server's response…which included a time stamp, and the "No Cache" directive.
So…while I don't expect a new analyst to know all of this stuff, this is the kind of thing I look for when engaging them during an interview. How do you go about solving problems? Are you more likely to sit and stare at the screen for a couple of hours, or will you go engage a senior analyst and ask for assistance?
HTH
Indeed - conducting the research builds knowledge, but often people look for the quick-fix to their issue. I research first, try various avenues to find what I'm looking for, and if that fails, I'll inquire with someone else to see if they can point me in the right direction. Often a "have you tried <this> ?" comes in very handy.
As per the previous post - thinking outside proverbial box almost always pays dividends -)
Indeed - conducting the research builds knowledge, but often people look for the quick-fix to their issue. I research first, try various avenues to find what I'm looking for, and if that fails, I'll inquire with someone else to see if they can point me in the right direction. Often a "have you tried <this> ?" comes in very handy.
As per the previous post - thinking outside proverbial box almost always pays dividends -)
I did this on this website and got lit up for it pretty good and all it was, was a simple question.