I’ll be talking about the knoppix-based forensic live CD called Helix on the next Hak5 episode which we’re shooting this coming weekend. It’s been out there for quite awhile, and as a security guy I have gotten the opportunity to use it in an incident response role a couple of times. I believe a 2.0 release is coming in the next couple of months, but no official word yet.
I need some geek roommates so I can delegate some of this network stuff to them :). I’ll eventually get things online, I just stay fairly busy. Sorry!
In the computer world, credentials have always been a little bit different from most other industries. Lawyers, Engineers, Teachers, Doctors, and similar professions have some sort of structured peer-reviewed and enforced system for distributing and maintaining credentials for the work that they do. It is a way of protecting people from illegitimate practice and giving them an avenue of redress should they experience any problems with a particular individual or entity.
Many professions within the computer industry umbrella do not have such credentialing bodies, especially within computer engineering and computer security. There are degrees, vendor and vendor-neutral certifications, however there is no such thing as the equivalent of a bar exam, or a license to practice. I believe that while this should not be necessary for most situations, however, if one is going to testify in a courtroom as an expert, they should have some sort of credentials to prove what they claim to know that aren’t possible to obtain with a credit card and a couple of hours taking a test online.
Read more »
Recently I have been taking various training courses and tests covering different aspects of computing and network security. I’d like to share some of my experience and opinions here.
Brainbench: I took the free Computer Forensics, and Network Security tests they offered. These were fairly comprehensive tests, and I thought they gave me a pretty decent representation of my knowledge. As far as the applicability of the tests though, there does not appear to be very much merit as far as a bullet on your resume, so I would reccomend these purely for self-assessment purposes.
SANS: In prepration for the GSEC test I have taken the practice exams, and they seem to be pretty much what they are advertised to be, not quite as difficult as the real thing, but definitely required knowledge of the material. I feel more confident in taking my test after taking these practice exams.
CERT VTE: I completed the Forensic Specialist course on here, and while there is no test, the sheer volume of information is staggering. There are also extremely detailed labs available which actually put you into virtual machine and let you accomplish a set of tasks. Absolutely wonderful stuff.
A hectic schedule and general lack of manpower has kept me from updating this as often as i’d like.
Instead of a spare time sort of hobby project, this got shuffled around behind the scenes, and gave birth to another project. We are starting an actual company to offer our services, although this website may undergo some alterations in order to feed off of that. I believe this will become a sort of voice of the company into the general populace of the security focused individuals on the web.
More will be announced soon, the company we are starting will be primarily focused on data recovery, network penetration/vulnerability scanning, and forensics to a degree. However, we will also offer the usual services you might find at Geek Squad or what not, just on more of a footnote basis. The primary focus will be providing businesses enterprise solutions for the aforementioned.
The website is http://www.digifixsolutions.com and will serve as our banner to the world. Advertising will ramp up in the real world, with some being devoted to online solutions. Hopefully we will be successfull in our endeavour.
It’s been awhile since we posted anything here. Things have been busy in my personal life, and I haven’t had time to sit down and work on much.
I am looking for ideas as far as methods and concepts for Intrusion Detection go. Right now my short-term project is to finish building a few servers with parts I have laying around and setup a small network to test out various concepts on, as well as forensics.
Another thing i’m trying to get started on is something that allows easier tracking of events stemming from an alarm on the IDS.
Is there a way to self-train in forensics without spending a couple firstborn children on Encase?
-Chris
