Thursday, September 25, 2008

What they don't teach you in computer forensics school.

Having attended quite a few computer forensics schools in my time, and after talking with other practitioners getting into the forensics field, it struck me that computer forensics schools leave some things out.

I have to presume the reason for it is because this field has been dominated by law enforcement and internal investigation types or major corporations for the majority of its life. So it is probably assumed that knowing how to do all the things required to actually practice in the field are already covered by internal training or policies.

For the independent practitioner, all of the things that others do have to be done as well, but no one is providing courses or information for these tasks.

So consider this a shameless plug if you want and stop reading here.

I have decided to begin offering a Digital Forensics Practice course. In this course consultants will learn how to:

  • Properly handle evidence including all of the forms, policies and procedures they need to keep records.
  • What they need to have in their forensics lab for handling and processing digital evidence and where to get it. Not hardware or software, but little things like evidence bags, etc.
  • How to properly set up a case and manage it from start to finish including best practices for the actual analysis of the case, including documentation.
  • How to write and present standardized reports.
  • What to put in a report and how to format it properly.
  • How to assist attorneys and clients through the preservation and discovery process.
  • How to analyze the work of an opposing expert.
  • How to prepare for court testimony.
  • How to prepare a CV or resume for qualifying as an expert.
  • How to testify in court.
  • Setting up and managing case files and documentation.
  • How to determine how much to charge for their work.
  • Dealing with retained and indigent cases.
  • Ethical responsibilities of digital forensics experts.
  • How to deal with cases involving contraband, such as child porn.

The course is open to anyone, but classes are limited to 10-12 people.

I am looking for input for anything I may have missed or anything that someone would like to see covered. If you have suggestions or would like to find out more, email me at larry@guardiandf.com

Courses will begin in January of 2009.

3 comments:

  1. This is an excellent idea! I believe this would be greatly helpful to those of us just entering the field.

    ReplyDelete
  2. I have been a Corporate investigator for some time, and have established a lot of non-legal system related best practices.

    I would be interested to see how a corporate investigator can make themselves available either as a court expert or to defense/prosecution without having to commit to starting a new business.

    ReplyDelete
  3. Nice post indeed! I think it is much better that they do not teach forensics in schools because as long as the subject remains unknown to the public at least people are afraid of trying to find loopholes in it.

    ReplyDelete

I have moderated my comments due to spam.