[unisog] Forensic Training

Joseph Bazeley JBAZELE at luc.edu
Wed Sep 28 21:45:29 GMT 2005

I've been to a couple of EnCase's trainings along with the SANS forensics track.  If you have the money to spend on EnCase (the PSP gives you all of the modules for 3 years for $5K) after buying your forensic hardware (think high end workstation, plus a couple of write-blocking devices) then I'd recommend going with EnCase as I've found it much easier to use and to explain your findings to others.  If you go down that route, the IRFAD course is the one you should start with.  The classes I've attended have been about 60/40 gov't/non-gov't.  If you'd rather save the money, all of the tools from the SANS course are open source - when I took it last year it was primarily on the Sleuth Kit and Autopsy.  They can get you to the same answer as EnCase, but it's a slightly more difficult trip IMO.  The other vendors to look at in the space who offer both software and training include AccessData (http://accessdata.com/), Paraben (http://www.paraben-forensics.com/), and SMART (http://www.asrdata.com/).

Joe Bazeley
Loyola University Chicago

>>> jeff.gimbel at ndsu.edu 9/28/2005 11:44:23 AM >>>
Wondering if anyone has taken any forensic training and what you think is 
the best out there.  We are looking at Foundstone, Encase, SANS, ... type of 
training.  Any other suggestions?

Jeff Gimbel
ITS/NDUS Help Desk Consultant
jeff.gimbel at ndsu.edu 

More information about the unisog mailing list