By: Kyle Cavalieri, Manger of Computer Forensics and Investigations, DIGITS LLC
Recently we had an inquiry from a follower who recently obtained a computer forensics certification from an online resource. Our follower asked if we recommend that they take a course involving more hands on experience?
Mr. Cavalieri’s response:
Hands on experience is a MUST. I would recommend any of the SANS DFIR courses for instructor led training courses. If cost is an issue, I would highly recommend attending conferences and webinars to fill in the void of what was taught in the classroom to what is practice in the field. I believe the SIFT Workstation (running on Ubuntu) created by Rob Lee (SANS Faculty Fellow) is free to SANS members (membership is free). He has a wealth of great tools installed on the SIFT Workstation and there is plenty of documentation available to guide the user through the use of the tool(s).
I would highly recommend purchasing textbooks in the specialty areas he or she wants to dive into. I think its a necessity to have File System Forensic Analysis by Brian Carrier and Windows Network Forensics and Investigation by Steve Anson and Steve Bunting in any Forensic Examiner’s library.
At the end of the day, any good examiner needs to be proactive and test new systems and determine how to find those valuable forensic artifacts that may make or break your investigation.
If you have any other questions, please feel free to contact us at firstname.lastname@example.org. Stay connected!