I haven't posted in a while so I asked my 6 year old boy what he thought I should write about.
"Ghosts!" was his immediate and emphatic answer. I don't know how to explain to him that my blog is about digital forensics and related topics, so here I am writing about ghosts. A ghost , as I understand it, is a physical manifestation of a person's soul after their body has died. I myself have never witnessed said manifestations, but I have had some pretty damn weird stuff happen to me in one of my homes and in the cave I worked at when I was a teenager. For the record, ghosts don't exist.
Neither do entry-level jobs for forensic analysts without a bachelor's degree.
I may have more luck looking for a forensics job if I ever decide to leave Montana. That's not a decision I ever want to have to make. Simply put, this place rocks! So what's a guy do to try to make himself more marketable? Certification and Education are a good place to start.
I have been studying for the CISSP exam for the last several weeks and plan to take the exam in September. CISSP also counts for several credits towards a Bachelor's degree in Information Assurance and Security.
Bonus!
I Hated (yes, capital H) high school but I tried to go to community college right afterward, anyway. I wound up feeling like it was just an even more miserable extension of the former so I withdrew (dropped out) midway through my second semester and joined the Navy. I got lots of training in the Navy that I actually enjoyed, like math, science, electronics, computers, etc. After I got out, I took some Microsoft courses and took all the MCSE tests. I enjoyed those classes as well. Now I have 12 years of experience and a fistful of certificates from formal training as well as the GCFA cert and my MCSE.
It's time to go back and rectify the whole "dropped out" thing. I'm looking at a couple of the online colleges and gearing up to knock out a degree as fast as I can. I look at the curriculum and it causes me pain to have to take "Windows Server Networking" since I could likely teach the course. But it has to be done. I'm no longer running into job postings that state "or equivalent experience".
Wish me luck.
I'll need it to stay awake for "Introduction to Unix"
P.S. I'm going to get back to some more technical posts in the near future. I have a few system images to run through and post about.
Sunday, July 18, 2010
Monday, June 7, 2010
CDAC Cybersecurity: Incident Handling and Response
So, what's a guy with lots of computer skillz and a shiny new GCFA certificate do for fun? He goes to FEMA Cybersecurity training! I know you're all jealous, admit it.
These classes are free if you can catch one in your area, but I can honestly say that I didn't learn anything new in this class. It did reinforce a lot of prior learned techniques and I got another certificate for my "I Love Me" wall.
Here it is in a nutshell:
Day 1:
We covered the basics of Network Security. Access Control, Physical Security and Biometrics, Social Engineering.
Risk Assesment and Business Continuity Planning, Information Classifications, Privileges and Auditing.
Lab on setting Password complexity and length. (Yah, pretty weak stuff)
Device Hardening, Firewalls, Secure Protocols.
Lab on Packet capture and Network Monitoring. (not bad, but not in-depth enough to teach what you're actually looking at. I already know the how-to's)
These classes are free if you can catch one in your area, but I can honestly say that I didn't learn anything new in this class. It did reinforce a lot of prior learned techniques and I got another certificate for my "I Love Me" wall.
Here it is in a nutshell:
Day 1:
We covered the basics of Network Security. Access Control, Physical Security and Biometrics, Social Engineering.
Risk Assesment and Business Continuity Planning, Information Classifications, Privileges and Auditing.
Lab on setting Password complexity and length. (Yah, pretty weak stuff)
Device Hardening, Firewalls, Secure Protocols.
Lab on Packet capture and Network Monitoring. (not bad, but not in-depth enough to teach what you're actually looking at. I already know the how-to's)
Tuesday, May 25, 2010
Training, conferences and contacts. Oh My!
Professional development: The process of increasing the professional capabilities of one's self by attending training or meetings of like-minded professionals who are willing to share information and techniques.
This week I'm attending a FEMA course called "Cybersecurity: Incident Handling and Response". So far it has been review but it looks promising for the next 3 days. It is a free course if one is in your area but seating is limited. I recommend checking it out. I'll provide a full review after the course is over.
If you've been following the blog you know that I am a major proponent of professional networking. It's a great way to meet people that you may be able to employ or gain employment from, there are also lots of people that just know a lot about security, forensics, hacking, etc. that are willing to share ideas and tips. I had no idea that there was already a group of these people that meet regularly here in Helena and have for some time. 2 hours into class and I had an invite to the local DEFCON group. First Friday of the month at the best sandwich shop in town? Done. It simply can't hurt to get yourself known inside local circles.
Speaking of DEFCON, I'll be attending in Las Vegas this year. It will be the first time I've ever attended any kind of hacking conference and I'm pretty stoked to check it out.
This week I'm attending a FEMA course called "Cybersecurity: Incident Handling and Response". So far it has been review but it looks promising for the next 3 days. It is a free course if one is in your area but seating is limited. I recommend checking it out. I'll provide a full review after the course is over.
If you've been following the blog you know that I am a major proponent of professional networking. It's a great way to meet people that you may be able to employ or gain employment from, there are also lots of people that just know a lot about security, forensics, hacking, etc. that are willing to share ideas and tips. I had no idea that there was already a group of these people that meet regularly here in Helena and have for some time. 2 hours into class and I had an invite to the local DEFCON group. First Friday of the month at the best sandwich shop in town? Done. It simply can't hurt to get yourself known inside local circles.
Speaking of DEFCON, I'll be attending in Las Vegas this year. It will be the first time I've ever attended any kind of hacking conference and I'm pretty stoked to check it out.
Thursday, May 6, 2010
Baby Steps
Getting into digital forensics is a tough job. Writing about it regularly is even tougher. Since passing the exam, I have been working on a marketing package to pass out around town, had meetings with my bosses trying to convince them that "Yah. Really. We can charge $225/hr and up for these services", landed my first official retainer fee, set up a proposal for e-discovery work and performed my regular myriad of break-fix, server upgrade and auditing work. I've also helped produce an outline for a book idea with my good friend and forensic-y mentor Chris and sent in a column idea to Into the Boxes. It's been a bit of a whirlwind, but never you mind. I live to serve.
I was contacted by a civil defense lawyer about the feasibility of admitting all the content of a Yahoo user group into court. I mulled it over a bit and tried out a few techniques I've learned over the years for dumping websites, did a little proof-of-concept and turned in an estimate for work. This could turn into a significant amount of work sorting, searching and carving usable info for the defense. I accomplished my proof of concept using a combination of freebie web tools and some yellow-belt linux kung-fu. If I land it and wind up doing all the work I'll be sure to post a more in depth analysis.
I updated my resume, wrote a Curriculum Vitae, created a sheet of services my company can offer and turned it all over to our technical writers and marketing people. I hope I don't get a pile of useless mush with pretty colors back.
Tuesday, April 20, 2010
It can be done!
91.3% Well above the passing grade. It feels good to earn a certification like GCFA. Especially when there are only ~2000 in the entire world.
So what's next?
I've been in study mode for several months so I've decided to just keep on going and start studying for the CISSP exam. I was studying for the exam about 3 years ago when I changed jobs. At the time there was no need for me to carry a certification like that and my company wasn't really interested so I dropped it. I wish I had just forged ahead alone and done it. At any rate, I still have the "All-in-One" CISSP study guide and I'll be ready for the test in a few more months.
I'm also going to start working my local contacts for some forensics work and push towards "Expert Witness" status. It will be a big deal to get a few cases on my Curriculum Vitae and be able to help out some of the area lawyers with cases involving computers, media and any other digital devices. Mobile forensics seems like a niche worth exploring although I can't imagine a lot of steady work coming from it.
I was invited to contribute to "Into the Boxes" which is pretty exciting. I would love to contribute but I'm having a hard time coming up with a topic that won't make me seem like the village idiot compared to the rest of the guys writing for it. I'm open to suggestions on that front.
Chris has started a new blog series on command line vs. GUI tools. I may play devils advocate just for fun. We'll see what he posts later in the week.
Keep studying, keep practicing, I'm still here to help.
Grayson
So what's next?
I've been in study mode for several months so I've decided to just keep on going and start studying for the CISSP exam. I was studying for the exam about 3 years ago when I changed jobs. At the time there was no need for me to carry a certification like that and my company wasn't really interested so I dropped it. I wish I had just forged ahead alone and done it. At any rate, I still have the "All-in-One" CISSP study guide and I'll be ready for the test in a few more months.
I'm also going to start working my local contacts for some forensics work and push towards "Expert Witness" status. It will be a big deal to get a few cases on my Curriculum Vitae and be able to help out some of the area lawyers with cases involving computers, media and any other digital devices. Mobile forensics seems like a niche worth exploring although I can't imagine a lot of steady work coming from it.
I was invited to contribute to "Into the Boxes" which is pretty exciting. I would love to contribute but I'm having a hard time coming up with a topic that won't make me seem like the village idiot compared to the rest of the guys writing for it. I'm open to suggestions on that front.
Chris has started a new blog series on command line vs. GUI tools. I may play devils advocate just for fun. We'll see what he posts later in the week.
Keep studying, keep practicing, I'm still here to help.
Grayson
Tuesday, April 6, 2010
Studying for the GCFA certification: Part 2
Last post I gave you some books to read, let's move on to web resources.
Blogs:
The forensics community is not very large but many of the people in it are more than happy to share the latest developments in hardware, software and techniques. If you search Google for "computer forensics blogs" you come up with a fairly long list of related blogs. Some of them are geared towards hardware reviews and others towards tool usage. Many are by the same people that wrote the books I mentioned last post. My best advice is to follow a couple that suit you and follow the cross-links from each blog.
For example: My blog has a link to "The Digital Standard" written by Chris Pogue, his blog is linked to "Windows Incident Response" written by Harlan Carvey, his blog is linked to the official SANS blog and so on, and so forth. These guys write regular posts about installations, incidents, tool suites and plain old opinion. There are more than a few tasty informational nuggets on their sites. After you take a practice test or two, you'll start to find discussions related directly to best practices and tool usage that you will likely see on the test.
Blogs:
The forensics community is not very large but many of the people in it are more than happy to share the latest developments in hardware, software and techniques. If you search Google for "computer forensics blogs" you come up with a fairly long list of related blogs. Some of them are geared towards hardware reviews and others towards tool usage. Many are by the same people that wrote the books I mentioned last post. My best advice is to follow a couple that suit you and follow the cross-links from each blog.
For example: My blog has a link to "The Digital Standard" written by Chris Pogue, his blog is linked to "Windows Incident Response" written by Harlan Carvey, his blog is linked to the official SANS blog and so on, and so forth. These guys write regular posts about installations, incidents, tool suites and plain old opinion. There are more than a few tasty informational nuggets on their sites. After you take a practice test or two, you'll start to find discussions related directly to best practices and tool usage that you will likely see on the test.
Friday, April 2, 2010
Studying for the GCFA certification: Part 1
I'm scheduled to take the GCFA certification test on April 13th. I have been studying non-stop since right after the New Year.(Call it a resolution if you'd like) I took a practice test last week and scored 86%. I was pretty happy with that score considering I'm learning it under self-study.
Before you take any of the SANS practice tests you are required to sign a legal notice regarding divulging any test questions and their ethics standards.(see: have some or look for a new field) If you landed on this post hoping for a brain dump or a list of the hard test questions, move along, there is nothing to see here.
If you're looking for an overall view of the type of materials you need to study and the background that computer forensics requires, stick around, I may be able to help.
Before you take any of the SANS practice tests you are required to sign a legal notice regarding divulging any test questions and their ethics standards.(see: have some or look for a new field) If you landed on this post hoping for a brain dump or a list of the hard test questions, move along, there is nothing to see here.
If you're looking for an overall view of the type of materials you need to study and the background that computer forensics requires, stick around, I may be able to help.
Subscribe to:
Posts (Atom)