Home page logo
/

basics logo Security Basics mailing list archives

RE: Forensic/Cyber Crime Investigator
From: "Craig Wright" <cwright () bdosyd com au>
Date: Fri, 3 Feb 2006 09:22:00 +1100


First, Computer Forensics is a separate discipline to Computer Security.
Next, incident response in business is not generally about forensics nor
does it have a lot to do with it.

Other than a low level knowledge of systems (and forget the tools based
- Encase training only - approach). A strong knowledge of law is
required.

Your job/role as a forensic services provider (of any type) is to
provide court support. This is it - full stop.

Your job is;
        1       Investigate. Document Preserve the "chain of evidence",
        2       Document everything. This is for and against. You have
to be impartial.
        3       Be prepared to sit in court and have your life,
experience and training picked apart.
        4       Answer the facts simply and succinctly, no more, no
less. What you are asked you answer. Your opinion only comes into this
when and IF your have been directly asked.

The role is slow and methodological. If you think accounting and being
an auditor is fun, than you may fit into the role.

Complete some courses in English grammar and report writing. This is an
essential skill. Spelling and punctuation can make or break your career
in this field.

Forensics has NOTHING to do with detection of an attack. It comes after
the attack. It comes after the initial incident response process.
Knowledge of incident response is needed to ensure the "chain of
evidence", but it is not generally part of your role as a forensic
analyst.

SANs GCFA is a good preliminary as is CCE. Neither will make you more
than an intern level by itself. You will be judged (at more than an
intern level) on how you handle cases. How you respond in court. Many
prospective employers will expect to view transcripts of cases you have
been involved with to see how you handle under cross.

You want to be top of the field. Many years. Much training. Calm
demeanour. Honesty. Integrity. This is the simple answer. There is a
great deal more as well. You need at least knowledge of the law (a
degree is not necessary, but does help. This is how experience as an
officer of the law aides). Absolutely NO knowledge of information
security is required (in contradiction to popular belief). It does help.

Familiarity of file-systems is crucial. Learn both Linux and Windows at
the least. Understand how to create a timeline. Know how to extract and
analyse slack space while maintaining evidential integrity. These are
some of the required skills (tip of the iceberg).

There are many people who profess to have computer forensic skills.
There are very few who really have these skills. There are even fewer
who can use their skills in court.

Regards
Craig

        Dr Craig S Wright DTh MNSA MMIT CISA CISM CISSP ISSMP ISSAP
G7799 GCFA AFAIM Manager - Computer Assurance Services BDO Chartered
Accountants & Advisers Level 19, 2 Market Street, Sydney, NSW 2001
Telephone: +61 2 9286 5555
Fax: +61 2 9993 9705
Direct: +61 2 9286 5497
<Mailto:CWright () bdosyd com au>


-----Original Message-----
From: mhayden [mailto:mike_hayden () quintum com]
Sent: 2 February 2006 7:46
To: security-basics () securityfocus com
Subject: RE: Forensic/Cyber Crime Investigator

Koolk3,

I am also looking into this, I don't have much information but this is
what I've gathered:

- There seem to genarally be 2 facets of Forensics:
* Computer Forensics - pouring over someone's harddrive to gather and
document evidence.
* Network Forensics - Alot of what the folks on this list do on a day to
day basis, intrusion protection, detection and analysis.

You can persue one or the other but it sounds like you want a
combination of both.

- It has been suggested to me that if I was interested I should persue a
Law Enforcement career and go at it from that angle.  I have been a
Software developer for almost 20 years, in the US I'm too old for Law
Enforcement (35 yrs is the cutoff in my state) so that option is out for
me.

- Another suggestion was the FBI or CIA as a civilian professional or if
you meet the age/citizenship criteria an Agent.

- There are also private companies that do Computer Forensics and are
hired out by Lawyers or Law Enforcement that need the help when
computers are acquired in crimes.

I have taken a Computer Forensics class at the college level to get a
feel for that but unfortunately that isn't enough to get you in the door
(unless you get lucky).  I also get the feeling that without an IT
background you are out in the cold.

Another suggestion was to join one of the local chapters of the IACIS
(International Association of Computer Investigative Specialists).  I
think you would need to be invited in my an existing member and I'm not
sure if its only open to Law Enforcement folks checkout there website
(http://www.iacis.info/iacisv2/pages/home.php).  There are many
different groups, some are open to civilians and some are not.

Hope this helps a bit.  I look forward to comments from others to help
me in my quest also.

MH




-----Original Message-----
From:
security-basics-return-38141-mike_hayden=quintum.com () securityfocus com
[mailto:security-basics-return-38141-mike_hayden=quintum.com () securityfoc
us.com]On Behalf Of Koolk3
Sent: Wednesday, February 01, 2006 12:21 PM
To: security-basics () securityfocus com
Subject: Forensic/Cyber Crime Investigator


Hi List,

I tried posting this before, didn't go through. So I am trying again.

I am interested in becoming a Forensics/Cyber Crime Investigator
preferably with any law enforcement agency in Canada. I will graduate
this April with a Bachelor in Computer Engineering. I have some
experince in Forensics and IT security from coop placements and wanted
to take this option as a career.

My questions are:

1) What kind of certification is the most demanding/respected among law
enforcement aganices in Canada/US?

2) If anyone on the list is with RCMP, OPP or any other law enforcement
agency here could you please give me any information on a possible
career path. Where do I start? Are these kind of jobs considered as a
civilian job?

3) Those in the USA: could you please tell me if I can have any prospect
there as a Canadian citizen. I would imagine you would need an US
citizen to work in the law enforcement agencies, but what about private
organizations?

4) Any information in building a career path in this field would be
helpful.

Thanks everyone.

--
KoolK3

------------------------------------------------------------------------
---
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich
University program offers unparalleled Infosec management education and
the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity
Planning, Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---




------------------------------------------------------------------------
---
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich
University program offers unparalleled Infosec management education and
the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity
Planning, Computer Emergency Response Teams, and Digital Investigations.


http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---








Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you 
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply 
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. 

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice 
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by 
a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, 
interception, corruption or unauthorised access.

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]