Forensic Certifications



Similar documents
Certification and Training

SECURITY CERTIFICATIONS

Guide to information security certifications. SearchSecurity.com's guide to vendor-neutral security certifications

ISQ Handbook. Security. Information. Qualifications. An in-depth coverage of vendor and vendor-neutral qualifications

Information Security Principles and Practices

Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University

GIAC Certification. Enterprise Solution

Information Security Specialist Training on the Basis of ISO/IEC 27002

Kevin Savoy, CPA, CISA, CISSP Director of Information Technology Audits Brian Daniels, CISA, GCFA Senior IT Auditor

Security Transcends Technology

Cyber Defense Operations Graduate Certificate

Computer Security and Investigations

JAMES R. SWAUGER Digital Forensic Examiner

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles

APEC Guide to Information Security Skills Certification. Booklet

Information Technology Cluster

FedVTE Training Catalog SPRING advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

CSN08101 Digital Forensics. Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak

FedVTE Training Catalog SUMMER advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

GIAC Program Overview 2015 Q4 Version

CURRICULUM VITAE JAMES R. SWAUGER Digital Forensic Examiner

Information Security Engineering

Principles of Information Assurance Syllabus

CYBER SECURITY TRAINING SAFE AND SECURE

Social Media Security Training and Certifications. Stay Ahead. Get Certified. Ultimate Knowledge Institute. ultimateknowledge.com

DoD Directive (DoDD) 8570 & GIAC Certification

How To Get A Computer Hacking Program

S A N S Results for Calendar Year 2008

Incident Response. Summary of Expertise and Experience

Information Systems Security Certificate Program

Security Certifications. A Short Survey. Welcome. Stan Reichardt stan2007@sluug.org

Professional Experience

Introduction to Cyber Security / Information Security

Access FedVTE online at: fedvte.usalearning.gov

Shon Harris s Newly Updated CISSP Materials

The fast track to top skills and top jobs in cyber. Guaranteed.

The fast track to top skills and top jobs in cyber. Guaranteed.

Hosted by Lunarline: School of Cyber Security

IT Security Training. Why Security Certification? A Serious Business - Fear Drives the Demand High Demand Freedom to Make and Break Rules

SANS CyberTalent VetSuccess Immersion Academy. VetSuccess

Course Descriptions November 2014

167 th Air Wing Fast Track Cyber Security Blue Ridge Community and Technical College

InfoSec Academy Forensics Track

Programme In Information Security Management

Bellevue University Cybersecurity Programs & Courses

Hackers are here. Where are you?

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

InfoSec Academy Application & Secure Code Track

167 th Air Wing Fast Track Cyber Program Blue Ridge Community and Technical College

Security Certifications. Presentatie SecCert 101 Jordy Kersten MSc., ISC2 Ass., CEH, OSCP

Learning Tree Training Pre-approved Training for Continuing Education Units (CEUs)

Track 2: Introductory Track PREREQUISITE: BASIC COMPUTER EXPERIENCE

EC-Council. Certified Ethical Hacker. Program Brochure

Chapter 7 Securing Information Systems

State of South Carolina InfoSec and Privacy Career Path Model

EC-Council Certified Security Analyst (ECSA)

ITU-IMPACT Training and Skills Development Course Catalogue

DIGITAL FORENSICS AND CYBER INCIDENT RESPONSE SERVICES

CompTIA Certification Renewal Policy and Continuing Education (CE) Program. Kyle Gingrich Senior Director, Product Management

Hackers are here. Where are you?

MASTER S DEGREES & GRADUATE CERTIFICATES REGIONAL ACCREDITATION FUNDING OPTIONS

The Value of Information Security Certifications

Course and Service Portfolio Specialized IT courses for IT professional and organizations willing to take benefit from the competitive advantages

e-discovery Forensics Incident Response

WILLIAM OETTINGER PHONE (702)

Renewing CompTIA Certifications With Achieving Other Vendor Certifications

in Information Security and Assurance

Dr. Lodovico Marziale Managing Partner 504ENSICS, LLC

Protecting Energy s Infrastructure and Beyond: Cybersecurity for the Smart Grid

CAST Center for Advanced Security Training

Hands-On Ethical Hacking and Network Defense - Second Edition Chapter 1. After reading this chapter and completing the exercises, you will be able to:

The Next Generation of Security Leaders

Florida Department of Management Services Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services RFI

Career Paths in Information Security v6.0

(Instructor-led; 3 Days)

EC Council Certified Ethical Hacker V8

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 616 Securing Windows Infrastructure. Make The Difference CAST.

Cybersecurity AAS Program

FORMULATING AN EFFECTIVE CYBERSECURITY CURRICULUM

Tom VAN DEN EYNDE CISSP, CISA, CISM

EC-Council. Program Brochure. EC-Council. Page 1

Certified Cyber Security Analyst VS-1160

Maryland Leaders Raise Concerns about Computer Forensic Shortages IN THIS ISSUE. School of Graduate and Professional Studies Issue:

Field of Study Area of Expertise Certification Vendor Course

Information Security and Privacy. Lynn McNulty, CISSP. Advisory Board November 2008

Transcription:

Forensic Certifications Mayuri Shakamuri CS 489-02 Digital Forensics October 31, 2006 New Mexico Tech

Executive Summary Digital Forensics is rapidly growing and evolving to become a scientific practice with specific legal and procedural guidelines. Certification of computer forensics is a step in the right direction to ensure that digital forensic examiners are able to meet acceptable criteria in the eyes of the law. It follows that, all such criteria are modeled on those established by criminal investigators for gathering evidence and in presenting the same in a court of law. Some of the certifications that this document will investigate into are: EC-Council's Certified Ethical Hacker, (ISC) 2 (International Information Systems Security Certification Consortium) Certification, GAIC (Global Incident Analysis Center) Certifications, SCP (Security Certified Program) Certifications. There weaknesses and limitations in the current certification programs is identified. Some certifications focus strictly on sound forensic evidence collection and analysis. There a very few which cover all core aspects of Digital Forensics. With an increasing number in computer crimes and demand for forensic investigators, there is an urgent need for a centralized standards body. This organization should be capable of integrating all the different guidelines and mold them into common practices that in turn lead to the evolution of certification program(s) from an established accredited institution(s). This document gives an overview of some of the current Digital Forensic certifications available. Shortcomings of the certifications are presented. A proposal for future direction in this field is also made. Page 2 of 11

Introduction There is a dramatic increase in the volume of digital evidence in cases brought before a court of law. There is a growing concern on the admissibility of digital forensic evidence, the tools and methodology that are used for collecting the evidence, as well as legitimate challenges as to the skills of the professionals who collect them. A forensic certificate is a very good gauge to measure an investigator s capabilities in the field of forensics. It is also a proof that an individual meets a minimum standard of knowledge in the area of evidence collection, analysis, and reporting. The certification process puts into place standards and procedure that adhere to proven criteria. It follows that, all such criteria are modeled on those established by criminal investigators for gathering evidence and in presenting the same in a court of law. Certification of computer forensics is a step in the right direction to ensure that digital forensic examiners are able to meet acceptable criteria in the eyes of the law. The problem arises when trying to meet the same standards for physical evidence gathering as the field of Digital Forensics is relatively new and is coming to the forefront with the recent expansion of personal computers in the USA. With more and more electronic transactions being done on a daily basis, the resultant rise in computer based criminal activities has increased. Intruders are using increasingly sophisticated means to intercept personal information such as social security numbers and passwords for identity theft. Into this breach has stepped a multitude of agencies, some genuine, others intent on making a fast buck. There has been a mushrooming of these institutions, each carving out an area of expertise and setting certification standards based on narrow criteria. Within the last few years, a need to consolidate all these differing standards under one umbrella organization has gained importance. This is still an ongoing effort. State of practice There are various certifications offered by several different institutions and organizations. Some take a comprehensive approach to the certification process; they offer both training and practice tests modeled on the certification exam, while others administer just the exam. I present some of the certifications currently available in the Page 3 of 11

field of Digital Forensics. This list is completely based on my subjective opinion. Please refer to the appendix for a summary of certifications. International Information Systems Security Certification Consortium (ISC) 2 [1] (ISC) 2 is a globally recognized organization; they are offering Certified Information Systems Security Professional certificate (CISSP). This certification is intended for midand senior-level managers. This certification appears to have global recognition. CISSP exam tests the individual's competence in the following 10 domains: Access Control, Application Security, Business Continuity and Disaster Recovery, Cryptography, Information security and Risk Management, Legal, Regulations, Compliance and Investigation, Operational Security, Physical Security, Security Architecture and Design, Telecommunications and Network Security. EC-Council, Certified Ethical Hacker [2] This program prepares an individual to be certified as an ethical hacker. An ethical hacker is a skilled professional who understands and knows how to look for the weaknesses and vulnerabilities in network systems. They are trained to use the same knowledge and tools as a malicious hacker from a defense point of view. The nature of work for an Ethical hacker is similar to a penetration tester. Some of these are (ex) hackers that have turned legitimate and see a challenge in catching other hackers using their own skills. This certification is tailored for security officers, auditors, security professionals, site administrators, and anyone concerned about the integrity of the network infrastructure. GIAC (Global Incident Analysis Center) Certifications [3] The SANS Institute (SysAdmin, Audit, Networking, and Security) oversees this particular organization. They validate the skills of security professionals and provide assurance that a certified individual holds the appropriate level of knowledge and skill necessary in key areas of information security. Some of the certifications offered by GAIC are: GIAC Information Security Officer - Basic, GIAC Certified Forensics Analyst (GCFA), GIAC Security Essentials Certification (GSEC), GIAC Certified Firewall Analyst (GCFW), GIAC Page 4 of 11

Certified Incident Handler (GCIH), GIAC Certified UNIX Security Administrator (GCUX), GIAC Systems and Network Auditor (GSNA), and GIAC Certified Security Engineer (GSE). SCP (Security Certified Program) Certifications [4] This certification covers both core security topics as well as advanced security knowledge. There are two levels of certification, the SCNA (Security Certified Network Architect) and SCNP (Security Certified Network Professional). SCNP certification consists of two exams: Hardening the Infrastructure and Network Defense and Countermeasures. SCNA certification consists of advanced security implementation and enterprise security solutions exams. Guidance Software, EnCE [5] The EnCase Certified Examiner Program (EnCE) offers certifications for those who are trained on EnCase Guidance Software. Encase is a widely used commercial forensics investigation software. Professionals who undergo training are eligible to take this certification exam. CSFA (Cyber Security Forensic Analyst) [6] Cyber Security Institute offers this certification. Their testing scenarios are based on actual cases. This certification tests the individual's ability to conduct thorough and sound forensic examination, properly interpret the evidence, and communicate the results effectively. FBI background check is required for an individual to take this certification test. AIS Certification Advanced Information Security Certification (AIS) is an all-in-one security certification divided into 4 main areas: Management, Protection, Detection, and Reaction. The reaction module focuses heavily on computer forensics. Page 5 of 11

Gaps There are some weaknesses and limitations in the current certification programs. Some certifications focus strictly on penetration testing, network security, Incident handling, firewall analysis etc., In my view, there a very few that may cover all core aspects of Digital Forensics, which are preservation, identification, extraction, documentation, and interpretation of digital media for evidentiary and/or root cause analysis. These certifications do not cover all the aspects of Digital Forensics. In other professions like management, medical or engineering, there is one organization overseeing certifications in different specialities. Computer or Digital Forensics is not at that point. There are too many conflicting agencies trying to claim supremacy in terms of the processes and controls to be used in Digital Forensics. Future Practice Once principles and practices of Digital Forensics are codified and agreed to run under one single board which controls accreditation, methodology and practices, the current state of Digital Forensics can be improved upon to further reduce the scope of mistakes and minimizing the chances of evidence gathered being thrown out on challenges to procedures. The American Academy of Forensic Sciences (AAFS) is a renowned organization that is recognized for its work in setting standards for application of science to the legal system. Another organization is the Information Systems Security Certification Consortium (ISC) 2. It is an internationally recognized and well established organization for educating and certifying information security professionals. Certification programs accredited by organizations like AAFS and (ISC) 2 would bring better standards in the area of Digital Forensics. Since the area of Information Technology is rapidly changing, it is important that the certification programs need to be designed to allow for flexibility and revisions as the technology such changes. Conclusion There are several Digital Forensics certifications available currently and there are many different organizations offering them. In this paper we have looked into some of the Page 6 of 11

certifications and their scope. It appears to me that all the certifications I have looked at focus on only some of the security aspects in Information technology. To my knowledge there is no one certification program that addresses all the core aspects of Digital Forensics. Certification program(s) from established accredited institution(s) will help resolve the dilemma of Digital Forensics professionals in choosing a right certification program. References [1] International Information Systems Security Certification Consortium: https://www.isc2.org/cgi/content.cgi?category=7 [2] EC_Council: www.eccouncil.org/ceh.htm [3] Global Information Assurance Certification: www.giac.org [4] Security Certified Program: www.securitycertified.net/ [5] EnCase, Guiance Softwarw: www.encase.com/training/ence/index.asp, EnCase Certification exam: www.prometric.com [6] Cyber Security Institute: http://certifications.cybersecurityinstitute.biz/ [7] ElementK Courseware: www.elementkcourseware.com [8] American Academy of Forensic Sciences: http://www.aafs.org/ Page 7 of 11

APPENDIX Certified Ethical Hacker Organization Requirements Web site Cost GIAC Certifications: a. GIAC Information Security Officer Basic (GISO Basic) b. GIAC Security Essentials Certification (GSEC) c. GIAC Certified Firewall Analyst (GCFW) d. GIAC Certified Incident Handler (GCIH) e. GIAC Certified Intrusion Analyst (GCIA) f. GIAC Certified Unix Security Administrator (GCUX) g. GIAC Certified Windows Security Administrator (GCNT) h. GIAC Information Security Officer (GISO) i. GIAC Systems and Network Auditor (GSNA) j. GIAC Certified Security Engineer (GSE) This certification is for security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. www.eccouncil.org/ceh.htm SCP Certifications SCNP SCNA Note: CompTIA Security+ certification is a prerequisite for both SCP certifications. EnCE www.giac.org SCNP certification consists of two exams: Hardening the Infrastructure and Network Defense and Countermeasures SCNA consists of the Advanced Security Implementation and the Enterprise Security Solutions exams. www.securitycertified.net/ EnCase Certified Examiner Program offers certifications for those who have taken the EnCase Guidance Software. www.prometric.com $150 CSFA, Cyber Security Forensic Analyst FBI Background check http://certifications.cybersecurityi nstitute.biz/ GCFA (GIAC Certified Forensics Analyst) GCFA deals directly with incident handling scenarios and investigation www.giac.org

AIS Certification Computer Forensic, Cybercrime and Security Training Curriculum: a. Certified Cybercrime First Responder (CCFR) b. Internet Crimes Against People (ICAP) c. Internet Crimes Against Children (ICAC) d. Presenting Digital Evidence at Trial (PDET) e. Network Security Intrusion and Detection (NSID) f. Personal Digital Device Forensics (PDDF) g. Advanced File System Recovery Seminar (AFSRS with Certification) h.high Tech Crime Investigator Level 1 i. High Tech Crime Investigator Level 2 Computer Forensic External Certification (CFEC) a. Certified Forensic Computer examiner (CFCE). b. Electronic Evidence Collection Specialist Certification (CEECS) Certified Computer Crime Investigator (CCCI) and Certified Computer Forensic Technician (CCFT) National Institute of Standards and Technology (NIST) TruSecure ICSA Certified Security Associate This is an all in one security certification divided into 4 main areas: Management, Protection, Detection and Reaction. The reaction module deals heavily with computer forensics. Designed for law enforcement by the IACIS, this certification is now open to those with the experience and knowledge $750 active law enforcement officers $1400 Online training cost for both CFCE and CCE $2750.00 60 hours of classroom training and 100 hours of CBT training. www.whitehatinc.com $3,000 Although not a forensics certification, this overall security certification is highly respected and covers essential forensics procedures. Page 9 of 11

Advanced Computer Forensics Boot Camp Computer Forensic Training Center Online Certified International Information Systems Forensics Investigator (CIFI) The International Information Systems Forensics Association (IISFA) National Cybercrime Training Partnership (NCTP) National White Collar Crime Center (NW3C) See above. International Information Systems Security Certification Consortium (ISC) 2 3 day boot camp in the complexities of digital forensics www.infosecinstitute.com Online training and CCE certification through Kennesaw State University $2,700.00 Member s in this association can take Certified International Information Systems Forensics Investigator (CIFI) exam. Programs specifically for law enforcement agencies only. The NCTP offers training on basic and advanced data recovery. This is primarily intended for law enforcement and is offered free to qualifying agencies. CISSP Certified Information System Security Professional 1 Exam (250 questions, 6 hours). $450.00 SSCP Systems Security Certified Practitioner 1 Exam (125 questions, 3 hours). $295.00 $450.00 CIW Security Professional Master CIW Administrator Certification, which includes 4 exams. $500 ($125/exam) GSE GIAC Security Engineer: 7 Exams. $1,750.00 RSA Security RSA/CSE RSA Certified Systems Engineer RSA/CA RSA Certified Administrator RSA/CI RSA Certified Instructors Requires: CSE or CA Cert + Workshop. CheckPoint: CCSA Checkpoint Certified Security Administrator. CCSE Check Point Certified Security Engineer Requires: CSE or CA Cert + Workshop. www.rsasecurity.com $150.00 $150.00 $300.00 www.checkpoint.com $150.00 Cisco: www.cisco.com Cisco Firewall Specialist CCNA + 2 Exams. $375.00 Page 10 of 11

Cisco VPN Specialist CCNA + 2 Exams. $375.00 Cisco IDS Specialist CCNA + 2 Exams. $375.00 CCSP Cisco Certified Security Professional. CCNA + 5 Exams. $750.00 ($125 per exam) TruSecure: www.trusecure.com TICSA TruSecure ICSA Certified Security Associate 1 Exam (70 questions, 90 minutes). $295.00 TICSE TruSecure ICSA Certified Security Engineer TICSA Cert + 1 Exam BrainBench: www.brainbench.com BIS BrainBench Internet Security Certification Requires: 1 Exam. $25.00 BNS BrainBench Network Security Certification Requires: 1 Exam. $25.00 Learning Tree: www.learningtree.com NSCP Network Security Certified Professional 3 Core Courses, 1 Elective Course and associated exams $937.00 $2,645.00 CompTIA Security+ Requires: 1 Exam. $199.00 Security Certified Program: SCNP Security Certified Network Professional SCNA Security Certified Network Architect 2 Exams. 2 Exams $300 ($150 per exam) $360 ($180 per exam) Page 11 of 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information