Computer Forensics, Ethical Hacking & Network Security Training

Many of us have seen the "CSI: Crime Scene Investigation" TV Show - and there's no doubt that this series and it's offshoots have highlighted and glamorised the Digital Forensics industry somewhat.

The terms Computer or Digital Forensics basically describe the science of finding and analysing digital data from computers and all types of storage media, generally to form part of a legal case. Since the evidence has to often stand up in court, it has to be collected, logged, analysed, presented and dealt with in very particular ways. One of the most important aspects of this being the accurate collection of evidence - and the chain of custody from the crime scene through to the court.

There are many sub-branches or specialities of Digital Forensics which include mobile device forensics, database forensics, firewall and data switch/router forensics and of course network forensics.

In essence, there are five main parts to the Digital Forensics process: Preparation, Data Collection, Examination, Analysis and Reporting. Any Computer Forensics Investigator needs to be fully and properly trained to carry out the specific tasks required.

The main goal of Computer Forensics is to trace and explain 'digital artefacts'. These can be a whole system, any storage medium, or an electronic document such as an email or image.

It could even be the digital remnants of the movement of data - which would involve building an audit trail of what went where and when. Many crimes are solved these days by an offender unwittingly leaving a digital 'footprint' somewhere down the line. There are documented cases of serial killers being found because of a snippet of information found in an email trail.

Other areas where Computer Forensics contribute are: Legal (both criminal and civil) cases; specialised data recovery where the media has failed or been damaged; evidence gathering for employment termination; and analysis following a 'hack' attack to determine what went wrong.

Network Security & Computer Forensics Certification Tracks

There are a number of specialist certifications that cover these specialist topics, but many require a considerable level of background IT security experience before the actual certification is conferred. The CEH (Certified Ethical Hacker) and CHFI (Computer Hacking Forensic Investigator) are mid-high level certifications offered through the EC Council.

The Ethical Hacker Certification requires 2 years of experience in the information security field (you would normally be expected to hold either an MCSA or CCNA or some commercial equivalent) and there is also a pre-requisite of the ENSA (EC Council Network Security Administrator) qualification.

As such, these programs are certainly not for the new IT career changer, although they could be studied purely for the knowledge, with the understanding that experience will be required to complete the program.

It should be stressed that these are NOT starter programs though. They should not be attempted by anyone without relevant background experience or training.

The EC-Council also recommends completion of the CEH before attempting the CHFI. Following this, the ECSA Security Analyst program will add the other required area to elevate yourself towards the celebrated LPT: Licensed Penetration Tester - probably one of the most prestigious security certifications available in the world.

In effect, a very thorough security & anti-penetration based certification track would start with the CompTIA A+, Network+ & Security+ (and probably some Microsoft server program like the MCITP Server 2008 Administrator,) and then progress onto the EC-Council ENSA.

If you already had a few years of real-world network security experience, then you could probably jump straight into the ENSA. Following these certifications, the CompTIA Linux+ would be advisable before attempting the CEH, (and then possibly the CHFI,) before the ECSA/LPT program puts the final cherry on top!

Bear in mind that all these certifications would require an extended time-line of at least 5 years and a lot of on-the-job experience. To give you an idea of the weight of these qualifications, many US military and intelligence community security positions require the CEH as a pre-requisite and advise study of the ECSA/LPT.

The CISSP (Certified Information Systems Security Professional) is another mid level certification offered via the impressively named 'ISC2' (International Information Systems Security Certification Consortium.)

Achieving certification requires proving 4-5 years in the information security field, although you can register for the Associate of ISC2 immediately.

This means that studying for the CISSP can start much earlier - and since our CISSP programs cover the CompTIA Security+ syllabus, the CompTIA certification can be taken immediately, allowing access into the security field where experience can be gained.

If a student is new to the field of IT then you undoubtedly want to preface this certification with the CompTIA A+ & Network+ to ensure a full understanding of basic networking prior to taking the Security+ and then moving on to the CISSP.

For those who are new career-changers to IT, but want to move towards security, ethical hacking or forensics, we recommend the CompTIA A+ & Network+ with either the CompTIA Security+ or the EC-Council Security 5 starter qualification. These could also be linked to an MCITP Server 2008 program to help with job placement. You need to talk to a professional advisor in this area though - as it is more complex than others.