Q: Special Agent with NO Computer Crime background
Great Forum on here, I wanted to ask the audience some questions please.
I am a GS-1811 Special Agent with a US Federal Law Enforcement Agency, however my focus has been on everything but computer crime. Yes, money laundering, criminal conspiracies, gangs, violent crimes, drugs, etc. NO computer crime or digital forensics. Hold up, YES on use of Cellebrite, Penlink phone analysis. But no deep, heavy forensics beyond the use of the tools and writing a report as to what information was recovered.
I have extensive experience in federal/state court and in front of Grand Juries, testifying. I am familiar and comfortable in that environment.
I have built my son's PC and tinker with computers at home.
I will retire in 4 years (year 2020), I do indeed have a Bachelors degree, and have a Top Secret security clearance. I also speak fluent Spanish. I am also starting to learn (self-study) about computer security and will ideally have both my Networking+ and Security+ (yes, basic, but….) in-hand within 12 months. I was told to work on my CISSP also, once those are done.
Question With my background, and an admitted beginner-level knowledge of the forensics game/computer security game today, what can I do so that in the year 2020, I can be marketable and find employment. Which brings up another question, are you guys employed on salary at a company or a firm, or mostly self-employed consultant type arrangements ? I would prefer self-employed. However, the question remains is how can I best prepare myself over the next 4 years for this sector ? I could "ask the folks I work with" but to be honest they can tell you all day long about Glocks and motorcycle gangs but we just are not doing computer crime.
Note I am considering getting the Certified Fraud Examiner CFE certification between now and 2020…
Any advice is appreciated !
CFE won't get you far with forensics unless all you're going to do is fraud. Get some certifications first, starting with the basics. CompTIA, Cisco, Microsoft, and many other have certifications available. It's one thing to be able to go through a piece of evidence and say what's there, it's another to be able to explain what exactly that evidence is and what it does/means. Even starting with community college classes on computing will be a good start.
The reason why I say this is I worked with a "computer forensics expert" once, who the only certification he had was for an outdated forensics product. He had zero computing experience, and in fact had spent the last 20 years in accounting. Needless to say after working a disastrous case with him (in which he pretty much made a fool of himself on camera along with perjury) I made sure that he wasn't hired again and last I checked he went back to accounting.
With no background you really should start with the basics. What is a registry hive? What does it do? What does this key mean? Etc. Being in law enforcement you should know that attorneys will not hold back when it comes to your qualifications, don't give them that inch.
Hello bill1811, welcome !
Question With my background, and an admitted beginner-level knowledge
How much do you know at your "beginner-level"?
sgreene2991 offered good advice
With no background you really should start with the basics. What is a registry hive? What does it do? What does this key mean? Etc.
Are you up to or beyond the basic knowledge (see .pdf)?
At FF there is a considerable amount of quality knowledge given by the experts in their field that a beginner can search and find in other discussion threads here. The information I have found to be very helpful.
Please contact the folks at BlackBag (https://www.blackbagtech.com/) to see if they have training scheduled in your area. BlackBag's BlackLight forensic tool is an excellent all-in-one forensic tool and they recently have provided training and certification at no charge. Normally training runs $3,000.00 in general for forensic certification.
When I took the BlackLight training it was at the Lake Zurich Illinois police department and there were complete beginner students to current forensic practitioners.
I also recommend purchasing a DEFT Linux USB thumb drive and DVD (https://www.osdisc.com/products/linux/deft), which will cost you $21.00 plus shipping.
DEFT Linux is a forensic "distribution" of Linux with 80+ free forensic tools built in. I use it and other Linux forensic tools regularly on my live cases.
You can download the DEFT manual here http//www.deftlinux.net/deft-manual/
The DEFT manual will instruct you on how to use the software for various forensic processes.
I recommend that once you have a copy of DEFT, use the forensic imaging tool Guymager, which is built in to DEFT, to make a forensic image of one of your personal computers.
Then, use another fantastic and very affordable tool OSForensics (http//www.osforensics.com/) to create a forensic database of your imaged computer. You can download a fully functioning demo version of OSForensics for free.
OSForensics has many tutorial videos to help understand the tool.
Basically, you will want to learn how to make forensically sound images of computers (meaning no changes made to the underlying evidence) and then use another forensic tool such as OSForensics that will allow you to identify and report on human activity that took place on a given computer such as internet browsing history, plugging in of USB drives, etc.
Another great resource for free forensic tools is https://forensiccontrol.com/resources/free-software/
Within the DEFT (and CAINE) forensic USB/DVDs are a great set of free Windows based forensic tools from UFO (http//win-ufo.org/). UFO will allow you to reveal passwords, internet browsing history, create forensic images, etc.
I personally believe there is no substitute for just sitting down and experimenting with forensic tools to learn how they work. It might take a few tries to get the tool to function in the way it is supposed to, but this learning process is the road to becoming a proficient practitioner.
If you PM me I will send you my CLE course on smartphone forensic best practices, which is accredited in 17 U.S. states now. It is written in plain English, but informative. I will also send you template Chain of Custody and evidence mapping forms you can use if you get to the point of working on a live case.
Thank you everyone for the great info !