Last post I gave you some books to read, let's move on to web resources.
The forensics community is not very large but many of the people in it are more than happy to share the latest developments in hardware, software and techniques. If you search Google for "computer forensics blogs" you come up with a fairly long list of related blogs. Some of them are geared towards hardware reviews and others towards tool usage. Many are by the same people that wrote the books I mentioned last post. My best advice is to follow a couple that suit you and follow the cross-links from each blog.
For example: My blog has a link to "The Digital Standard" written by Chris Pogue, his blog is linked to "Windows Incident Response" written by Harlan Carvey, his blog is linked to the official SANS blog and so on, and so forth. These guys write regular posts about installations, incidents, tool suites and plain old opinion. There are more than a few tasty informational nuggets on their sites. After you take a practice test or two, you'll start to find discussions related directly to best practices and tool usage that you will likely see on the test.
More related blogs:
IT Audit Security
By the way, those of us writing the blogs like to know that you're out there. Do us a favor and click on the "follow" link or leave the occasional comment.
Go out and play.
Many of the tools and suites have trial periods or outright free software that you can download, install and test out. Go get as many of the tools as you can store, install them and take them for a test spin. For instance, one of my practice images had Skype installed. After searching for ASCII strings and looking at them with a hex editor, I wondered if there was anything out there to help me crack the default .dbb storage files. A quick google search landed me on Belkasoft's Skype analyzer. Free trial, $50 dollars for the fully licensed version. Perfect! By the way, if you're using Skype to talk about anything you wouldn't want others to see....STOP!
The new version of the SIFT workstation is available. Go get yourself a portal account and download it. Version 2.0 comes with a PDF user guide chock full of forensicy goodness.
Take a look at the GCFA Gold certified list. These guys had to write papers to get gold certified and most of their papers are out their for public review.
The leading incident response and forensics companies publish whitepapers regularly. Go download them, read them, highlight them. The exam is open book, open notes.
I found a gem called "Introduction to The Sleuth Kit" It's got everything from the history of TSK, to command line switches and sample outputs. It's going with me on exam day.
Write out your own study guide, I took notes as I was reading and interviewing people and compiled them into a document. When I took my first practice test I realized that were several holes so I added pages. My study guide is about 50 pages long now. (No, I will not sell you a copy) The process of re-typing things I know are important reinforces them in my head and makes for a great test reference.
Take your time, take the practice tests, ask me questions if you'd like.
I may be the new guy, but I'm here to help.