Forensic Computing
- Thread starter knowlesy
- Start date
ah quality I've been thinking of that, where about's are you doing it ?
Im currently on placement at the minute just as a general engineer / technician which Is pretty cool, I go back for my 3rd year in September.... however Im wanting to go more into either data recovery etc or network security, this list needs massively updating, and I'm considering creating a blog to combine everything I find etc.... I just need to get the time in all honesty
Suspended
- Joined
- 18 Oct 2002
- Posts
- 9,480
I am a Senior Forensic Investigator - have been employed in this field for over 8 years now.
Someone recommended:
Forensic Computing: A Practitioner's Guide
By Brian Jenkinson, Anthony J. Sammes
I'd second that. It's a good book. They are both instructors on the Forensic Foundation course at Shrivingham and I've met them both. Brian Jenkinson is a bit up his own arse and stuck in the past. Tony Sammes however is a true gent, one of the nicest blokes I've ever met. He really knows his stuff as well. A former officer in the Royal Signals, he was a key member or the ARPA Net team and helped design some of the protocols still in use today.
One thing you have to understand is that a lot of people in this field talk the talk, but few really are very capable. There are a lot of charlatans as well, mainly small one and two man bands, but some of the larger companies are also full of cowboys.
If you want to get started then make sure you have a through knowledge of hardware and software. Understand what files are changed or created when users carry out certain activities and where they are located in the O/S. Don't rely on the software to do everything, you need to understand what is going on underneath. Too many new practitoners only know 'push button forensics' and that's to their detriment.
If you need any help then let me know.
Someone recommended:
Forensic Computing: A Practitioner's Guide
By Brian Jenkinson, Anthony J. Sammes
I'd second that. It's a good book. They are both instructors on the Forensic Foundation course at Shrivingham and I've met them both. Brian Jenkinson is a bit up his own arse and stuck in the past. Tony Sammes however is a true gent, one of the nicest blokes I've ever met. He really knows his stuff as well. A former officer in the Royal Signals, he was a key member or the ARPA Net team and helped design some of the protocols still in use today.
One thing you have to understand is that a lot of people in this field talk the talk, but few really are very capable. There are a lot of charlatans as well, mainly small one and two man bands, but some of the larger companies are also full of cowboys.
If you want to get started then make sure you have a through knowledge of hardware and software. Understand what files are changed or created when users carry out certain activities and where they are located in the O/S. Don't rely on the software to do everything, you need to understand what is going on underneath. Too many new practitoners only know 'push button forensics' and that's to their detriment.
If you need any help then let me know.
Last edited:
Ah quality, thanks very much, would it be ok to throw a few ideas for my dissertation your way ? I must admit i agree with your final statement of understanding hardware & software and not relying on software forensics, sadly I feel my course isnt long enough to go as in depth as that and were only being taught the basics, well more of a foot on the ladder approach but I think the odd one or two people onthe course believe its more like csi, where your in a room full of top notch hardware and itll do everything for you, ....
Last edited:
Suspended
- Joined
- 18 Oct 2002
- Posts
- 9,480
Ah quality, thanks very much, would it be ok to throw a few ideas for my dissertation your way ? I must admit i agree with your final statement of understanding hardware & software and not relying on software forensics, sadly I feel my course isnt long enough to go as in depth as that and were only being taught the basics, well more of a foot on the ladder approach but I think the odd one or two people onthe course believe its more like csi, where your in a room full of top notch hardware and itll do everything for you, ....
I am not promising anything, but if you are really interested then I can put you in touch with a very good friend who works at a medium sized company up there. Perhaps some work experiance during the summer?
True of all parts of forensics: them that can, do; them that can't, teach. It's a good general rule that real forensic scientists are far to busy to write books, so the texts get written by some lecturer or similar who has never even seen a forensic lab. The cobble together a load of wrong, inappropriate and needlessly complicated ways of doing things for their writing, which seldom match reality.
As for the free-lancers who practice the actual science on behalf of the defence, they tend to divide into two groups: the ones trained by the main prosecution-side employers, and cowboys. Sometimes these categories overlap.
M
Id love to be able to do that in all honesty, but Im currently on placement till september and i have to make it at least 45 weeks there due to starting at a placement late
really really REALLY appreciated though
Being able to write program, and well, is also a useful skill. Sometimes you may need to write your own tools or process some extracted data, as an example I needed to decompress NTFS compressed files/fragments in unallocated and slack space, there's not a button that does that and LZ77 isn't something you do in your head or with a piece of paper. Perl and C are IMO the most useful, perl for text manipulation and simple scripting, C for writing tools that will run fast.
Associate
- Joined
- 16 Feb 2009
- Posts
- 1,505
Following in my foot steps of doing a masters. Don't forget to bring me along for freshers week
Borich
Exactly the same here. My sixth form is doing forensics as a BTEC starting next year. I'm tempted to resit the year as i don't think i've done that well anyway and drop Geography and pursue my intrest in Forensics
Any books etc like Yarde said would be great
I currently work for a large Police force and have just applied for the post of a Digital Forensic Analyst. I have done a week in the department and some of the stuff you are subjected to is shocking but its my dream job realistically, you can just see how involved and interested the whole team are in the job.
Is it like CSI?
No. Its a lot more complex than you might think if your along the sides of an office type job. Our analysts have a lot of involvement in the front line side of things as well. They help plan raids and interview suspects etc as well as producing the evidence.
They do it at BTEC now? It's a big enough waste of space at degree level. Here's my advice from inside the business: don't bother. There's very little recruitment of forensic scientists going on currently (about 800 are about get made redundant actually) and where there is, the recruiters are NOT interested in FS qualifications. What they want are basic qualifications, mainly chemistry and biology for most work, or computer science for computer work. It's easy to teach you FS, harder to train you in the background stuff, hence the priorities.
M