Cert Damage Assessment: Fill & Download for Free

If you are looking to enter the Digital Forensics domain, a certification could really help since it will equip you with key skills needed to land a job. You would ideally want a certification program that provides you the best value that money could buy, lands you your dream job and doesn’t take an eternity to finish. SANS is undoubtedly respected as a training company in the industry, and they offer several programs to teach the various facets of digital forensics. But despite fanboying over SANS my entire life, I would no longer recommend SANS programs to learn digital forensics. Here are 3 reasons why: 1. Skills taught: They have learned intelligently that breaking up domains into new courses means more profit$. Here is an example of how they “teach” you forensics. Generally, here are some of the key things you need to know as a digital investigator/forensics specialist professional: Identify, gain access to and secure any necessary devices or systems. This may be the systems that you’re examining, reconstructing (to procure evidence from damaged components) or analyzing; Copy or use other means to ensure data is not changed during the analysis; Recover the target information and assess the credibility and completeness of the data and identify and document any metadata associated with the files, such as date of creation, owner, etc; Document any other findings or discovered files or communications which may be relevant and ensure that all work is done in compliance with local and federal laws and forensic standards; Collect the information in a legally admissible way and provide an audit trail; Compile and secure the evidence and write structured reports acceptable for court; Provide testimony when called and advise and train law enforcement and legal staff on forensics. While the scope can be broader, it's obvious that for the law enforcement assignments, the analyst must at least have the skills above. Could you possibly guess how many SANS courses must you take to learn the skills above with SANS? Answer: 6 certification programs! Each of these certifications cost about $5-6K! Don’t believe me? Let’s look at the skills taught by these programs, taken from the SANS website page of these products. Certification programs from SANS you need, to hone all of those skills: FOR498: Battlefield Forensics & Data AcquisitionAcquire data effectively from:PCs, Microsoft Surface, and Tablet PCsApple Devices, and Mac, and MacbooksRAM and MemorySmartphones and portable mobile devicesCloud storage and servicesNetwork storage repositoriesProduce actionable intelligence in 90 minutes or less Link: https://www.sans.org/course/battlefield-forensics-and-data-acquisition#__utma=71453702.835135635.1583154709.1583154709.1583154709.1FOR500: Windows Forensic AnalysisConduct in-depth forensic analysis of Windows operating systems and media exploitation focusing on Windows 7, Windows 8/8.1, Windows 10, and Windows Server 2008/2012/2016Identify artifact and evidence locations to answer critical questions, including application execution, file access, data theft, external device usage, cloud services, geolocation, file download, anti-forensics, and detailed system usageLink: https://www.sans.org/course/windows-forensic-analysisFOR508: Advanced Incident Response, Threat Hunting, and Digital ForensicsDetect how and when a breach occurredIdentify compromised and affected systemsPerform damage assessments and determine what was stolen or changedLink: https://www.sans.org/course/advanced-incident-response-threat-hunting-trainingFOR518: Mac and iOS Forensic Analysis and Incident ResponseMac and iOS Fundamentals: How to analyze and parse the Hierarchical File System (HFS+) and Apple File System (APFS) by hand and recognize the specific domains of the logical file system and Mac-specific file types.User Activity: How to understand and profile users through their data files and preference configurations.Advanced Intrusion Analysis and Correlation: How to determine how a system has been used or compromised by using the system and user data files in correlation with system log files.Links: https://www.sans.org/course/mac-and-ios-forensic-analysis-and-incident-responseFOR526: Advanced Memory Forensics & Threat Detection It provides the skills necessary for digital forensics examiners and incident responders to successfully perform live system memory triage and analyze captured memory images. The course uses the most effective freeware and open-source tools in the industry today and provides an in-depth understanding of how these tools work. FOR526 is a critical course for any serious DFIR investigator who wants to tackle advanced forensics, trusted insider, and incident response cases. Linl: https://www.sans.org/course/advanced-memory-forensics-and-threat-detectionFOR585: Smartphone Forensic Analysis In-DepthHow the data got onto the smartphoneHow to recover deleted mobile device data that forensic tools missHow to decode evidence stored in third-party applicationsHow to detect, decompile, and analyze mobile malware and spywareAdvanced acquisition terminology and free techniques to gain access to data on smartphonesHow to handle locked or encrypted devices, applications, and containerLinks: https://www.sans.org/ondemand/course/advanced-smartphone-mobile-device-forensicsIt's ridiculous to spend all this time on a few certifications to land a job, where odds are, you are going to learn majority of these skills, while training on the job. 2. Cost of certification: Should someone opt for the classroom format for these courses, they’re a mind-boggling $5000 - $6000 each! Comparable forensics courses from the others are only about $2500! Let's consider this from the perspective of ROI: Return on Investment: Average salary of a Digital Investigator: $95,000 Cost of 6 SANS certifications:: 5000*6 = $30000. Time taken to salvage this money with an annual paycheck of $95,000 = 4 months! (assuming you don’t have to eat, drink, sleep or live) For example, you can totally go for Computer Hacking and Forensics by Cybrary, CHFI- Computer Hacking Forensics Investigator by EC-Council, Computer Forensics by RIT or CCE- Certfied Computer Examiner, which are widely respected by organizations for their comprehensive outline and an effective course duration. 3. Employment opportunities after SANS Forensics certifications: None of the certifications individually are mapped to any serious forensic job roles around. While they are mapped to NICE framework 2.0, it's tough to map these hugely segregated skills to actually jobs. E.g. only a handful of organizations would need specialized mobile forensics personnel or Operating System Forensics experts. LinkedIn has around 20 jobs listed worldwide for mobile forensics experts which is the only SANS forensic certification mapped to job roles, according to NICE framework 2.0. The domain of digital forensics demands forensic experts with comprehensive knowledge of Computer forensic basics and tools required at all phases. This creates serious doubts over the job prospects created by this certification program. SANS is not bad as I know their quality is high, but in a market where this training is widely needed, they are clearly interested in only their profits and not the needs of the masses. As such, I prefer will pick other cert bodies. I’m eager to hear your thoughts about it.

I am not a medical personnel; however, I have been through CERT training, which is training for people to respond whenever there is a disaster.The first rule of our training is to assess the damage before entering a situation because if you end up injured, you are no longer helping the situation. I am sure that medical personnel receive the same instructions.If a person is lying on the ground, CERT training instructs us to first determine why they are lying on the ground before moving in to help the person. Did a brick from a construction project hit the person and cause them to black out? If so, rushing in when it is possible further bricks could fall is not advisable. If we get hit with a brick, then we are another person that may need saving while not helping the original person at all.What happens if we come upon a group of people laying on the ground. If it is due to a release of a dangerous gas, then rushing in only leads to another person passed out on the ground.What if it is due to people being in building after an earthquake? Rushing in unless you’re sure a building is structurally sound enough for evacuation could lead to an additional person being killed and/or buried in the rubble.In all cases of an emergency, assessing a situation while heading toward it is the best reaction. If you are walking calmly, your brain is free to assess and evaluate and stop the responder before they put themselves into a life-threatening situation.

Typical penetration testing report will have the following parts:executive summary - this is more important than most testers think. This the only bit most executives will read. Make sure it’s short and to the point (no more than 2 pages), has the BUSINESS context of your findings and gives severity ratings. Important: business context generally means - how much money it will cost me if all the bad stuff you wrote down will happen. It can be downtime, lost of data, brand damage, regulatory fines etc - but all ends up with costs eventually. With severity ratings try to understand if the severity you mention will be bad for the actual scenario. For example - running an app with self signed SSL cert on the internet: bad. Running it internally for test purposes? not as such. Be realistic.Methodology - try to explain which testing methodology/risk assessment setup you’re using - typically you’ll see testers using OWASP or OSSTMDetailed findings - here is where the bulk of the reporting is. Per finding try to reference the relevant testing category (infa, app, data transport etc), reference the right testing methodology (OWASP #XX etc), make sure you add proof of your finding (data sample of screenshot). Important notes: as much as possible, try to add instructions on how to recreate the findings so the person reading the report cal follow your steps. Add practical proposal on how to approach fixing the issue. If you’re adding data samples be sure to mask sensitive details such as user passwords, personal details etc. Adding such details to a report is a BIG no no.that’s it in a nutshell, good luck!