Posted: Tue Aug 22, 2017 12:51 pm
We have some new investigators that have pretty much no experience in computer forensics. They come from an IT admin background.
I was tasked with updating our "training roadmap" to see what training classes are out there and what classes new investigators should follow to have a solid base to get them up and running as soon as possible.
I would appreciate your input on what you guys thing is the best "computer forensics fundamentals" classes on the market ?
By fundamentals, I mean the following:
- Understanding the importance of data integrity (hash values, write blockers, etc.)
- Computer forensics workflow (collection, processing, analysis, reporting, etc.)
- Handling and preserving digital evidence
- File system basics (FAT, NTFS, ExFAT), file slack, unallocated space, etc.
- Windows artefacts
- Proper documentation and reporting
When I started in this field several years ago, the first training pretty much everyone got was the "Guidance Software EnCase 1" class. This class did an overview of many concepts (data integrity, hash values, write blockers, documentation, reporting, etc.) Then, you would take the other EnCase classes (Windows Forensics, Mac, etc.)
Now, many "basics" classes are available from multiple vendors, such as:
- SANS FOR500 - Windows Forensics
- DF120 - Foundations in Digital Forensics with EnCase
- InfoSEC Institute - Computer and Mobile Forensics Boot Camp
If you have taken those classes, I would greatly appreciate your feedback.