Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login

Site Notices
Posted: 4/28/2018 10:35:04 PM EDT
Just wondering how many here are doing the above. I'm new to both and am looking to find some good training for computer forensics.
Link Posted: 4/29/2018 8:35:26 PM EDT
Some “good training” for somebody new is getting the basics down and meeting the national standards.

The bare minimizing is the ASCLD/LAB standards which local/state agencies should be aware of. If your federal, most agencies follow the NIST standards. Depending on what level a person is- depends on what activities they are doing and thereby dictates training.

On an open form I won’t share the software or tools we use.

I will say this, if your agency suddenly threw you into this role and hey don’t have establsished SOP’s, training plan and bought the bare bones required equipment ($50,000 + for a full basic pacakage with equipment, training costs and software), and budgeted for the annual upgrades in equipment and software- tread lightly as you are being set-up for failure.

Nobody touches anything with direct and constant supervision in our shop until they complete the four basic courses - two weeks each.

If you are a true beginner- look at going to FLETC for training. Done at matter if your a local/state/fed- all can go! When you leave you will be well on your way and can then call the local US Secret Service, introduce yourself and ask to get in the electronic crimes task force. You then get a chance to build your skills with folks from all over your area.
Link Posted: 4/30/2018 1:48:13 AM EDT
If you're doing this on the law enforcement side, join HTCC. You'll get an avalanche of help
Link Posted: 4/30/2018 2:02:33 AM EDT
@bcauz3y
Link Posted: 4/30/2018 9:37:58 AM EDT
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By ar-jedi:

@bcauz3y
View Quote
Present and accounted for, sir!

What is your background, OP?
Link Posted: 4/30/2018 1:32:26 PM EDT
[Last Edit: 4/30/2018 1:34:10 PM EDT by Bullet_Sponge]
OP what's your background?

FLETC offers a bunch of computer forensics classes, and the Secret Service trains state/local officers (along with Judges and Prosecutors) at the National Computer Forensics Institute in Hoover, AL (outside of Birmingham). It's an outstanding program and all the training / travel and equipment costs are covered. Downside: The wait list is long and priority is given to members of the various USSS ECTFs.

Not exactly sure how the FBI does things but I believe they do something similar through their RCFLs - someone else could speak to that better than I.

If you're not LEO (or not LEO yet) then there are some computer forensic-related certifications you could pursue, just be advised that the costs will start to rack up significantly if you don't have an Agency that will cover the training. There's also several schools offering computer forensics-related graduate programs...

Feel free to hit me up with any questions...
Link Posted: 4/30/2018 1:43:11 PM EDT
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By joeyd16779:
Some “good training” for somebody new is getting the basics down and meeting the national standards.

The bare minimizing is the ASCLD/LAB standards which local/state agencies should be aware of. If your federal, most agencies follow the NIST standards. Depending on what level a person is- depends on what activities they are doing and thereby dictates training.

On an open form I won’t share the software or tools we use.

I will say this, if your agency suddenly threw you into this role and hey don’t have establsished SOP’s, training plan and bought the bare bones required equipment ($50,000 + for a full basic pacakage with equipment, training costs and software), and budgeted for the annual upgrades in equipment and software- tread lightly as you are being set-up for failure.

Nobody touches anything with direct and constant supervision in our shop until they complete the four basic courses - two weeks each.

If you are a true beginner- look at going to FLETC for training. Done at matter if your a local/state/fed- all can go! When you leave you will be well on your way and can then call the local US Secret Service, introduce yourself and ask to get in the electronic crimes task force. You then get a chance to build your skills with folks from all over your area.
View Quote
Just you mentioning ASCLD made my eye twitch...
Link Posted: 4/30/2018 9:27:41 PM EDT
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Bullet_Sponge:

Just you mentioning ASCLD made my eye twitch...
View Quote
It's ANAB now...

Link Posted: 4/30/2018 9:41:27 PM EDT
[Last Edit: 4/30/2018 9:42:55 PM EDT by Bullet_Sponge]
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Shenanigunz:
It's ANAB now...

https://media0.giphy.com/media/C6JQPEUsZUyVq/giphy.gif
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Shenanigunz:
Originally Posted By Bullet_Sponge:

Just you mentioning ASCLD made my eye twitch...
It's ANAB now...

https://media0.giphy.com/media/C6JQPEUsZUyVq/giphy.gif
There's several different entities providing digital forensic lab accreditation now. I think they were looking for all that sweet, sweet money that was at stake when DOJ main was pushing hard for mandatory lab accreditation. It took basically every federal law enforcement agency in DC to simultaneously yell "Aw hell no" in unison to get that particular draft memo thrown in the burn bag. For now, at least.

My eye is twitching again just thinking about all the bullshit I went through 2014 - 2016 about that topic...
Link Posted: 4/30/2018 9:50:53 PM EDT
Contact your nearest Secret Service field office and get nominated for their school.
Link Posted: 5/1/2018 11:20:23 PM EDT
My background is 20 years law enforcement at county and city level. Majority of that in patrol and been assigned in CID as a crime scene detective past 2.5 years. My dept had several guys doing mobile device and computer forensics. I've done some of the mobile device training and been doing that since last year. Our guys mainly doing ICAC warrants and most of the computer exams are related to that. I've got no background in computers other than normal use. Dept sent me through basic and intermediate FTK with additional training by AD upcoming. Made some contacts with USSS during some recent training. Not gonna get my hopes up on that. Like I said definitely looking for some good digital evidence handling classes.
Link Posted: 5/2/2018 9:00:49 AM EDT
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By CSIGunNut:
My background is 20 years law enforcement at county and city level. Majority of that in patrol and been assigned in CID as a crime scene detective past 2.5 years. My dept had several guys doing mobile device and computer forensics. I've done some of the mobile device training and been doing that since last year. Our guys mainly doing ICAC warrants and most of the computer exams are related to that. I've got no background in computers other than normal use. Dept sent me through basic and intermediate FTK with additional training by AD upcoming. Made some contacts with USSS during some recent training. Not gonna get my hopes up on that. Like I said definitely looking for some good digital evidence handling classes.
View Quote
I'm assuming you're relatively close to retirement? Just be prepared for the inevitable question about "Why should we spend so much time/money to train you up when you're just going to leave in a few years..."

Some of the more "old-school" LEO management likes to think that the only reason people get involved in "the cyber" is to get some cushy post-retirement gig.

Just my $0.02.

Also: Tons of free online training here through DHS's FED VTE program: https://fedvte.usalearning.gov/ It's free if you've got a .gov email account or are a veteran. More of a cybersecurity focus rather than strictly forensics, but some good stuff nonetheless.
Link Posted: 5/2/2018 9:06:52 AM EDT
I work at the Crime Laboratory in Arkansas as a death investigator, but we have a Digital Evidence section with two guys working it, they started in IT type professions.
Link Posted: 5/27/2018 8:57:59 AM EDT
USSS has the Basic network Intrusions Program and BICEP,
Both are entry level and not fairly advanced.

SANS training, COMPTIA Security + (A+, Network +) are all good base level certifications. You can go from there!

Remember Computer Forensics is really split into several areas, which overlap. You can be an Investigator and get the jist to work ICAC, or you can work carving, network instrusion/malware/imaging/pcap anaylsis, or mobile forensics.
Link Posted: 5/29/2018 10:52:48 PM EDT
FLETC is probably your best bet for the basic classes to start off. But your department has to understand the amount of money its going to take. Its more than just a laptop and some programs. Its very equipment intensive overall and the proper way to extract and preserve evidence is very hardware intensive for things that will eventually be destroyed and can't be reused...

Because of all the constant updates to operating systems and new models of phones and computers coming out every couple months, the software licenses must be renewed and updated frequently. Its big bucks to a medium size department and can be budget crushing to a small one.

We (Fed agency) send our computer guys to the two week class at FLETC before they even get assigned as to CF... Then after a couple months of working hand in hand with a senior computer guy, they go back for more advanced training.
Link Posted: 5/30/2018 10:13:54 AM EDT
[Last Edit: 5/30/2018 10:14:49 AM EDT by bcauz3y]
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By NYresq1:
FLETC is probably your best bet for the basic classes to start off. But your department has to understand the amount of money its going to take. Its more than just a laptop and some programs. Its very equipment intensive overall and the proper way to extract and preserve evidence is very hardware intensive for things that will eventually be destroyed and can't be reused...

Because of all the constant updates to operating systems and new models of phones and computers coming out every couple months, the software licenses must be renewed and updated frequently. Its big bucks to a medium size department and can be budget crushing to a small one.

We (Fed agency) send our computer guys to the two week class at FLETC before they even get assigned as to CF... Then after a couple months of working hand in hand with a senior computer guy, they go back for more advanced training.
View Quote
Yep. The last .org I spun up spent about $50,000 on equipment.
Link Posted: 5/30/2018 10:24:36 PM EDT
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By bcauz3y:

Yep. The last .org I spun up spent about $50,000 on equipment.
View Quote
I think each one of our guys gets about $20k worth of stuff issued to him... And then add in the cost of all the stuff they have in the lab, pluss the cost for all the drives and USB keys they use for every thing they pull is huge.

In my desk right now I have about a half dozen 256G usb keys with extracted evidence. Plus another half dozen 500G Seagate hard drives locked in the vault... those things aint cheap!
Link Posted: 5/31/2018 9:50:30 AM EDT
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By bcauz3y:
Yep. The last .org I spun up spent about $50,000 on equipment.
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By bcauz3y:
Originally Posted By NYresq1:
FLETC is probably your best bet for the basic classes to start off. But your department has to understand the amount of money its going to take. Its more than just a laptop and some programs. Its very equipment intensive overall and the proper way to extract and preserve evidence is very hardware intensive for things that will eventually be destroyed and can't be reused...

Because of all the constant updates to operating systems and new models of phones and computers coming out every couple months, the software licenses must be renewed and updated frequently. Its big bucks to a medium size department and can be budget crushing to a small one.

We (Fed agency) send our computer guys to the two week class at FLETC before they even get assigned as to CF... Then after a couple months of working hand in hand with a senior computer guy, they go back for more advanced training.
Yep. The last .org I spun up spent about $50,000 on equipment.
Looks like someone was buying Talino workstations. j/k
Link Posted: 5/31/2018 10:00:07 AM EDT
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By NYresq1:

I think each one of our guys gets about $20k worth of stuff issued to him... And then add in the cost of all the stuff they have in the lab, pluss the cost for all the drives and USB keys they use for every thing they pull is huge.

In my desk right now I have about a half dozen 256G usb keys with extracted evidence. Plus another half dozen 500G Seagate hard drives locked in the vault... those things aint cheap!
View Quote
This. One of the things that lots of "Management" doesn't get is that the expense isn't a "one time" deal. You've got software licenses to renew each year, training that's required to keep up with the current trends and/or keep up with your certs, hardware that's always in need of update / replacement plus tons of rather expensive "expendable" items like hard drives / USB thumbs drives / etc...
Link Posted: 7/23/2018 6:39:14 AM EDT
I did it for a couple years thinking that it was great.

Then I had to recover photos off peoples hard drives and when I did I didn't like the content.

About four of those in a row and i couldn't do it any more and left it to those that could.

I would never do it again.

This was for LE in NYS.
Link Posted: 7/23/2018 11:55:52 PM EDT
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Gotyour06:
I did it for a couple years thinking that it was great.

Then I had to recover photos off peoples hard drives and when I did I didn't like the content.

About four of those in a row and i couldn't do it any more and left it to those that could.

I would never do it again.

This was for LE in NYS.
View Quote
The majority of cases I'll be working are CP cases. I don't like having to look through thousands of images either but someone has to do it. I think that at the end of my career this will be some of the most rewarding. It seems like every 2-3 search warrants we serve we find touch offenders. Getting those assholes off the streeets is what makes it worth it.
Link Posted: 7/27/2018 9:49:59 AM EDT
FYI there's a lot of good information here, once you get assigned to a unit also look at IACIS for certification. It's two weeks in Florida and it's held once a year, you won't regret going. And I'm going to agree with the idea of official backing, I've been doing this for 20 years (Yes I'm that old!) I just got the approval to expand our unit by adding 5 detectives, with training and certs, hardware and software I just spent $500,000.00!

Oh and if anyone .... ANYONE suggests being federally accredited ask them to step out in the alley, and beat them to death with a hammer! I lost most of my hair and got PTSD due to that.

And if you really want to torture yourself get into network intrusion reconstruction, it can be fun .... trust me.

HTH Jim
Link Posted: 7/27/2018 10:13:55 AM EDT
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Cybercop:
FYI there's a lot of good information here, once you get assigned to a unit also look at IACIS for certification. It's two weeks in Florida and it's held once a year, you won't regret going. And I'm going to agree with the idea of official backing, I've been doing this for 20 years (Yes I'm that old!) I just got the approval to expand our unit by adding 5 detectives, with training and certs, hardware and software I just spent $500,000.00!

Oh and if anyone .... ANYONE suggests being federally accredited ask them to step out in the alley, and beat them to death with a hammer! I lost most of my hair and got PTSD due to that.

And if you really want to torture yourself get into network intrusion reconstruction, it can be fun .... trust me.

HTH Jim
View Quote
Oh come on ASCLD certification isn't that har-

[Gets hit with keyboard]

Link Posted: 7/28/2018 9:57:19 PM EDT
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Cybercop:
FYI there's a lot of good information here, once you get assigned to a unit also look at IACIS for certification. It's two weeks in Florida and it's held once a year, you won't regret going. And I'm going to agree with the idea of official backing, I've been doing this for 20 years (Yes I'm that old!) I just got the approval to expand our unit by adding 5 detectives, with training and certs, hardware and software I just spent $500,000.00!

Oh and if anyone .... ANYONE suggests being federally accredited ask them to step out in the alley, and beat them to death with a hammer! I lost most of my hair and got PTSD due to that.

And if you really want to torture yourself get into network intrusion reconstruction, it can be fun .... trust me.

HTH Jim
View Quote
My partner just went through the two weeks in FL for IACIS and is doing the assignment work after. I've managed to complete four FTK offered classes and passed my ACE certification. Got a FLETC class coming up this week and several other classes scheduled throughout the rest of the year. I've learned enough to be dangerous and f*$k some stuff up. The more I do the more questions I have. My admin has no clue what all this takes to be proficient and seems like they think I"m supposed to be an expert after just a few training classes. We do the best we can with what we can get.
Link Posted: 8/14/2018 10:39:49 AM EDT
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Bullet_Sponge:
Looks like someone was buying Talino workstations. j/k
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Bullet_Sponge:
Originally Posted By bcauz3y:
Originally Posted By NYresq1:
FLETC is probably your best bet for the basic classes to start off. But your department has to understand the amount of money its going to take. Its more than just a laptop and some programs. Its very equipment intensive overall and the proper way to extract and preserve evidence is very hardware intensive for things that will eventually be destroyed and can't be reused...

Because of all the constant updates to operating systems and new models of phones and computers coming out every couple months, the software licenses must be renewed and updated frequently. Its big bucks to a medium size department and can be budget crushing to a small one.

We (Fed agency) send our computer guys to the two week class at FLETC before they even get assigned as to CF... Then after a couple months of working hand in hand with a senior computer guy, they go back for more advanced training.
Yep. The last .org I spun up spent about $50,000 on equipment.
Looks like someone was buying Talino workstations. j/k
He's not the only one, good equipment. I just ordered 7 workstations and one server. Came to about $215.000.00, and with all of the evidence we handle they just wrote a check!

Jim
Link Posted: 8/14/2018 11:39:43 AM EDT
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Cybercop:
He's not the only one, good equipment. I just ordered 7 workstations and one server. Came to about $215.000.00, and with all of the evidence we handle they just wrote a check!

Jim
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Cybercop:
Originally Posted By Bullet_Sponge:
Originally Posted By bcauz3y:
Originally Posted By NYresq1:
FLETC is probably your best bet for the basic classes to start off. But your department has to understand the amount of money its going to take. Its more than just a laptop and some programs. Its very equipment intensive overall and the proper way to extract and preserve evidence is very hardware intensive for things that will eventually be destroyed and can't be reused...

Because of all the constant updates to operating systems and new models of phones and computers coming out every couple months, the software licenses must be renewed and updated frequently. Its big bucks to a medium size department and can be budget crushing to a small one.

We (Fed agency) send our computer guys to the two week class at FLETC before they even get assigned as to CF... Then after a couple months of working hand in hand with a senior computer guy, they go back for more advanced training.
Yep. The last .org I spun up spent about $50,000 on equipment.
Looks like someone was buying Talino workstations. j/k
He's not the only one, good equipment. I just ordered 7 workstations and one server. Came to about $215.000.00, and with all of the evidence we handle they just wrote a check!

Jim
They are great when they work. Admittedly, that's a vast majority of the time but I've been less than thrilled at their customer service when something does break. My experience is a few years old when their customer service was basically one guy flying around to fix things - so they may be better now...
Top Top