[unisog] Forensic Training

Aaron Wade agw8 at cornell.edu
Wed Sep 28 21:52:13 GMT 2005


As one of the "forensics guys" at Cornell I'd suggest you go vendor neutral to 
start with.  As Dan said, a few of us went to NTI and I can attest to the 
fact that their training prepares you in terms of methodology.  It also 
provides you with the information to deal with FAT and NTFS.  Encase training 
will teach you how to use their product, not how to conduct a forensic 
investigation properly.   Keep in mind that Guidance Software is releasing 
their training manual for the EnCE in December.

Some vendor neutral training recommendations:
NTI 
CCE bootcamp 
Digital Intelligence 
SANS

Vendor based training:
ASR Data SMART
Encase
AccessData

-Aaron

On Wednesday 28 September 2005 05:02 pm, Ken Connelly wrote:
> We used pieces of Autopsy, Sleuth Kit, Coroner's Toolkit, plus a few
> other things on Linux, and Windows Forensic Toolchest for winders.  We
> also got the Helix CD, but didn't use it much.
>
> - ken
>
> Michael Grinnell wrote:
> >I haven't taken the Forensics track at SANS, but I've seen some of
> >the material in other tracks.  IIRC, it's pretty good.  I think it
> >uses Encase for Windows forensics and the Coroner's Toolkit for
> >Linux.  Don't kill me if it's changed though, it's been a few years
> >since I went to SANS.
> >
> >Michael Grinnell
> >Network Security Administrator
> >The American University
> >e-mail: grinnell at american.edu
> >
> >On Sep 28, 2005, at 4:16 PM, Allison MacFarlan wrote:
> >>I've taken the Encase class and it's good, but it's completely
> >>Encase-centric. And you'd probably be the only non-Law-Enforcement
> >>person in there. :-|
> >>
> >>On Sep 28, 2005, at 12:44 PM, Jeff Gimbel wrote:
> >>>Wondering if anyone has taken any forensic training and what you
> >>>think
> >>>is
> >>>the best out there.  We are looking at Foundstone, Encase, SANS, ...
> >>>type of
> >>>training.  Any other suggestions?
> >>>
> >>>=======================
> >>>Jeff Gimbel
> >>>ITS/NDUS Help Desk Consultant
> >>>jeff.gimbel at ndsu.edu
> >>>=======================
> >>>
> >>>
> >>>_______________________________________________
> >>>unisog mailing list
> >>>unisog at lists.sans.org
> >>>http://www.dshield.org/mailman/listinfo/unisog
> >>
> >>+++++++++++++++++-+--+---+----+--
> >>Allison S. MacFarlan
> >>Information Security Officer
> >>Academic Media and Technology
> >>Yale University
> >>http://www.yale.edu/its/security/asm
> >>ph: 203-432-6684
> >>bp: 203-370-0554
> >>
> >>_______________________________________________
> >>unisog mailing list
> >>unisog at lists.sans.org
> >>http://www.dshield.org/mailman/listinfo/unisog
> >
> >_______________________________________________
> >unisog mailing list
> >unisog at lists.sans.org
> >http://www.dshield.org/mailman/listinfo/unisog

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050928/ea182fe1/attachment.bin


More information about the unisog mailing list