Hello everyone,
My name is Chris and I am both new to these forums as well as to the computer forensics field. I am currently taking a computer forensics class and am so far enjoying it.
If there are any basics or information you could provide to either help me around the forums or knowledge I should know going into the computer forensics field it would be greatly appreciated. This information will not only benefit me, but my classmates as well.
In our lab we have access to EnCase, FTK, and many other programs so any hints or tips would help greatly.
Thanks a bunch!
As the great investigators have always said, the foundation to any good investigation is to know what questions you need to answer. If you don't know what it is that you're trying to find or what questions you're trying to answer, it's difficult to formulate a plan and impossible to know when the objectives of your investigation have been met. So, at a minimum when you are approaching a case, know what it is that you're trying to determine.
Once you have that information, develop a plan to help you discover that information, answer your questions or achieve the objective of your investigation. Next, work the plan. Plan your work and work the plan. Obviously, as you conduct your investigation, new questions may arise that may take you down numerous rabbit holes, that's to be expected, but ultimately having a plan up front will be beneficial.
These are the fundamentals and they are all too often, overlooked. Just as too many software developers want to dive into code without a good development plan, many investigators want to dive right into the investigation without a plan or worse, without even knowing what it is they are trying to figure out.
The rest is tools, techniques and experience. I recommend spending some time at a fairly low level. Ditch the GUI tools for a while in favor of command line tools and a hex editor, you'll get a better feel for what's going on under the hood of your GUI tools and you'll develop alternative methods that can help you confirm the findings produced by GUI tools.
Learn a scripting language, Perl (I hate to say it, is a popular choice) or Python.
Never stop learning. Good luck.