What's peoples thoughts on the current market of Penn testing, do people think forensics will standardise/flatten out, and penn testing will be the new forensics? Or too soon to tell?
Any thoughts on markets and patterns will be appreciated.
Greetings,
It is usually called "pen testing", short for "penetration testing".
I don't think that pen testing and computer forensics overlap significantly. Penetration testing is about testing the security or correctness of computing environments with the approval of the "target", to generalize terribly. Computer forensics, if it overlaps at all, will conduct the analysis of a cyber attack, an unapproved pen test if you will.
They're both related to, and fall under, the huge, amorphous umbrella known as cyber security, a rapidly growing market.
-David
I agree with Kovar,
The skill set required to conduct a prudent analysis of a computer system or even custodian based user directories and email is quite different. Computer Forensics is more about determining what happened and how it happened through tracing artifacts. Pen Testing is as Kovar generalized, a preapproved security test to provide some level of assurance that a network or computer is not exposed to security attacks.
BTW - I've conducted a type of penetration testing and it definitely required some research before I was comfortable doing the project.
I'm curious, bdust, what's the motive behind the question? What are your views on the similarities?
My 2cents…