[Dshield] Forensic Analysis Practical

Esler, Joel esler at knology.net
Sat Mar 26 14:03:35 GMT 2005

alot of the complaints were that they didn't have enough time to complete
the practical.  I think this may be an excuse.  I have a full time job doing
packet level analysis, and I completed mine.

If people truly don't have enough time, maybe a bigger time limit may be
given.  I think taking away the "proof" part of the certification stinks.  I
liked the GIAC certs because it forced people to not only take a test (like
every other cert), but prove what they know in a practical.  Yes, you could
make the arguement that people just google all the answers for the
practical, but you still have to write it in your own words, and if it's
right, it's right.  If it's wrong, the graders will tell you.


------------- Original message follows -------------

First off let me say that I think taking away the Practicals from the GIAC
certs is a big mistake.  The practical is what separated the GIAC certs
from every other certification out there.

To respond to your initial query...
There are a few "scientific" journals for the field of forensics.
Digital Investigation is one, and they are always looking for papers. 
They are as peer reviewed as you would find any other submission to SANS.


Eoghan Casey is the Editor in Chief and every article they have published
so far has been of high quality.  It's a shame it costs so much though.

And the Internation Journal of Digital Evidence is another peer review


And getting published in the Sleuthkit Informer wouldn't be a bad notch in
the belt either.



> From: list-bounces at lists.dshield.org on behalf of Pete Cap
> Sent: Fri 3/25/2005 6:28 AM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Forensic Analysis Practical
> I'm not aware of any peer review in our community outside of the SANS
> reading room.

> Personally, I would like to see a publication along the lines of a
> scientific journal, complete with serious peer review.  People could write
> articles on analytical technique, reviews of tools, case studies, and so
> forth.  I believe that there would be less pressure in this forum than you
> might find in a GIAC practical assignment.
> Thoughts?
> Regards,
> Pete

-------------- Sponsor Message ------------------------------------
Join us at SANSFIRE 2005 in Atlanta!
The Internet Storm Center Conference.
Details: http://www.sans.org/sansfire2005

send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list