Baby Steps

Getting into digital forensics is a tough job.  Writing about it regularly is even tougher.  Since passing the exam, I have been working on a marketing package to pass out around town, had meetings with my bosses trying to convince them that "Yah. Really. We can charge $225/hr and up for these services", landed my first official retainer fee, set up a proposal for e-discovery work and performed my regular myriad of break-fix, server upgrade and auditing work. I've also helped produce an outline for a book idea with my good friend and forensic-y mentor Chris and sent in a column idea to Into the Boxes. It's been a bit of a whirlwind, but never you mind. I live to serve.

I was contacted by a civil defense lawyer about the feasibility of admitting all the content of a Yahoo user group into court.  I mulled it over a bit and tried out a few techniques I've learned over the years for dumping websites, did a little proof-of-concept and turned in an estimate for work. This could turn into a significant amount of work sorting, searching and carving usable info for the defense.  I accomplished my proof of concept using a combination of freebie web tools and some yellow-belt linux kung-fu.  If I land it and wind up doing all the work I'll be sure to post a more in depth analysis.

I updated my resume, wrote a Curriculum Vitae, created a sheet of services my company can offer and turned it all over to our technical writers and marketing people. I hope I don't get a pile of useless mush with pretty colors back. 

Studying for the GCFA certification: Part 2

Last post I gave you some books to read, let's move on to web resources.

Blogs:

The forensics community is not very large but many of the people in it are more than happy to share the latest developments in hardware, software and techniques. If you search Google  for "computer forensics blogs" you come up with a fairly long list of related blogs. Some of them are  geared towards hardware reviews and others towards tool usage. Many are by the same people that wrote the books I mentioned last post.  My best advice is to follow a couple that suit you and follow the cross-links from each blog.

For example: My blog has a link to "The Digital Standard" written by Chris Pogue, his blog is linked to "Windows Incident Response" written by Harlan Carvey, his blog is linked to the official SANS blog and so on, and so forth.  These guys write regular posts about installations, incidents, tool suites and plain old opinion.  There are more than a few tasty informational nuggets on their sites. After you take a practice test or two, you'll start to find discussions related directly to best practices and tool usage that you will likely see on the test.

Studying for the GCFA certification: Part 1

I'm scheduled to take the GCFA certification test on April 13th. I have been studying non-stop since right after the New Year.(Call it a resolution if you'd like)  I took a practice test last week and scored 86%. I was pretty happy with that score considering I'm learning it under self-study.

Before you take any of the SANS practice tests you are required to sign a legal notice regarding divulging any test questions and their ethics standards.(see: have some or look for a new field)  If you landed on this post hoping for a brain dump or a list of the hard test questions, move along, there is nothing to see here.

If you're looking for an overall view of the type of materials you need to study and the background that computer forensics requires, stick around, I may be able to help.