Slashdot Mirror

← Back to Stories (view on slashdot.org)

Where Can I Study Computer Forensics?

Posted by Cliff on from the computer-science-investigations dept.

Porthos asks: "Like many in the Slashdot community (though not all), I'm kind of bored at work. With tech work, there's always something more interesting than what I'm doing because I only have a few years experience and a Bachelor's degree. I want to go to grad school to study Computer Forensics, but I haven't a clue about where to start. Have any Slashdot readers taken this path? Are there any major universities that cater to this field? I know that some organizations, such as the FBI, have teams dedicated to Computer Forensics, but what is the rest of the forensics job market like?"

25 comments

  1. Try UNO by Zelet · · Score: 4, Informative

    Information Assurance

    The college

    The university

    --
    ...And when they came for me, there was no one left to speak out for me." - Martin Niemoeller (1892-1984)
  2. Lots of people by Anonymous Coward · · Score: 3, Interesting

    who study data recovery end up going into computer forensics (that's a huge part of the field).

    If you watch enough episodes of The New Detectives, you'll see them figure out how to rescue data off of badly beaten and formatted floppies.

  3. Try Utica by webscathe · · Score: 2, Informative

    A friend of mine is finishing up his Economic Crime Investigation (ECI) degree at Utica College, which is an extension of Syracuse University, in western NY (though the weather is horrible out there, always grey). They also have an Economic Crime Management masters degree. I don't know if that's exactly what you're looking for but ECI (or ECM for that matter) is a good place to start if you're looking for a background in criminal investigation, law, computers, and white-collar crime. Granted, from what it looks like here the FBI at least don't seem to concerned with the exact degree you get, a masters helps. Just like anything else, you're going to need experience, start small. But what do I know..

    1. Re:Try Utica by Anonymous Coward · · Score: 0

      Yes, do try Utica. I am a graduate of Utica College (computer science, though I had some friends in the ECI program). It's in Central NY though, not Western NY. :^) You are correct that the weather isn't always great, especially in the winter, but it is a nice school nonetheless. They have a forensics lab there, and do a lot of work with AFRL/IF (Air Force Research Labs). Check out the ECII web site for more information.

  4. Strong backgrounds by lake2112 · · Score: 3, Informative

    Like with almost any job, employers are not looking for a degree specifically in computer forensics. I would suggest focusing on CS, especially the areas related to forensics. Also exhibit a strong intrest in criminology and work on the connections between the two by yourself. Good luck.

  5. RIT by denubis · · Score: 1

    RIT either has or is working on a Computer Security/Forensics masters. They're good people.

  6. Right here baby by MaynardJ · · Score: 2, Informative

    Yeah, I'm sitting in class at RIT right now. There's a new forensics course starting next month (taught by Troell, who rocks), which will be rolled into the new security/IA degree from GCCIS. There is supposed to be a masters program, starting in the fall. press release here

  7. On-Line articles, LinuxForensics.com, et al. by ivi · · Score: 1

    A while back, we found some PDF's from either
    a US or UK source, one - possibly from the AG
    Dep't (US) - went into the practical computer
    forensic aspects of crime-scene investigation
    - with topics tied to fevices that might hold
    info useful to the investigation, and bits on
    how to preserve it.

    At local police expo's, I've seen small stand-
    alone hard-disk mirroring devices.

    And there was at least one article (again. on-
    line) embracing Linux as the op sys of choice
    for computer forensics.

    Google is your friend here... ;-)

    Try, eg, Google("linux forensics")

    Here's a site & CD claiming to be useful with
    CF:

    http://www.linux-forensics.com/
    "Penguin Sleuth Kit Bootable CD"

  8. Try Michigan State by Zuben'Ubi · · Score: 1

    My aunt works there as a professor teaching criminal psychology and computer forensics classes.

  9. Wanna get their attention? by NanoGator · · Score: 3, Funny

    Send your resume to them on a burnt floppy.

    --
    "Derp de derp."
  10. Think of what kind of work you want to do by Inexile2002 · · Score: 2, Interesting

    The company I work for, one of the big 4 accounting firms has a computer forensics group as part of their IT practice. They also work extensively with the forensic accounting teams. Most of the people on the computer forensics teams had related skills and then came in and learned most of what they know on the job.

    Depending on what kind of work you're looking to eventually get into, consider trying to get a job at an outfit that already does computer forensics.

  11. Australia... by RedPhoenix · · Score: 2, Interesting

    Probably a little out of your way, but I've heard that Wollongong University in Australia has a computer security degree that allows a specialisation in forensics.

  12. University of Virginia by Coppit · · Score: 1

    Kimberly Wasson taught a class in forensic investigation at UVa last year. For example, they would dig into NTSB reports to find the computer causes for airline crashes.

  13. Don't forget SANS by patbernier · · Score: 2, Informative

    I'm surprised that no one has mentionned SANS yet.

    A search for "forensics" on their home page brings up a list of many System Forensics tracks held at previous and upcoming conferences.

    SANS training is not exactly affordable (unless your employer is paying!), but is well recognized and (in my experience) of excellent quality.

    --
    "Words have meaning, and names have power." -- Lorien
  14. There's Two Parts by DynaSoar · · Score: 1

    An aside first: I signed up with SANS, and got several mailings from them regarding classes at a particular university in Virginia. IIRC they were building a program. Consider seeing who the pros are working with.

    There are two parts to computer forensics.

    The first is the technical; decrypting drives and files, etc. It's for finding out what someone did.

    Then there's behavioral forensics. This is the human side, similar to criminal forensics or criminal psychology.

    In my opinion the latter is more useful. It not only helps when trying to perform the technical part (did he use l33t sp3@|? Then try passwords like that), but it helps you to figure out not just what they did, but what they're doing and what they're likely to do. I think that's more valuable and useful. I think it's far more interesting myself. And it's probably a very open field, because the nature of communication via the net is different, and so different rules would apply.

    --
    "I may be synthetic, but I'm not stupid." -- Bishop 341-B
  15. Forensics by Anonymous Coward · · Score: 0

    The University of Glamorgan runs a Masters Degree in 'Information Security and Computer Crime' which contains a forensics element.

    The University is situated in Wales though, which is not ideal if you need to travel to and from classes every day and you live in the US.

  16. Computer Forensics by Uncle+Duke · · Score: 1

    Check out U of Tulsa. It's the best compared to what's out there. There's lecture and lab an it's part of undergrad and grad programs. I dare say it's best in the country.

    For more details, see cis.utulsa.edu

  17. Check out TU by Uncle+Duke · · Score: 1

    The University of Tulsa Center for Information Security has probably the BEST compared to what's out there. The courses (intro and advanced) have lecture and a lab that's second to none.

    Check out cis.utulsa.edu

    I'm doing a PHD in IA and did the class last semester - it was intense but you won't find better!

  18. University of Central Florida has such a beast by Anonymous Coward · · Score: 0

    Speaking as a UCF grad (Go Knights!)

    http://ncfs.ucf.edu/

    There you go. UCF is a great school. Good Weather and Hot Chicks. What else you need?

  19. Getting started by El+Volio · · Score: 2, Informative

    I do some forensics for a large company, though not as much as I'd like. There's a couple of ways to get into it:

    • Be a cop. Yeah, it sucks for a few years, but it seems like former law enforcement keeps the fraternity going and it's a lot harder for the rest of us.
    • Go to a training course and network (see recent /. poll). I took an Encase course last year; if I had been looking for a job, there were probably several ways I could have gotten one just in the one class.
    • Know something that the forensics guys in your company typically don't and offer to help out, if you already have some contact with them. Most of them are fairly lost in Unix or Macintosh environments and could use some assistance from time to time.

    I don't know how useful a graduate degree specifically in forensics might be; know what you're doing and have a cert or two and you'll be on your way. Then drop out and hang out your own shingle, but that's for another post...

    --

    "You can never have too many elephants on your team."

  20. Coincidental timing? by know_gnus · · Score: 1

    I work in a law firm doing database work that often incorporates data gleaned from computer forensics. Over the last few years, I have seen a very wide variety in terms of quality of the data from vendors. Spoliage, as you may guess, is a rather large no-no, and training for CF professionals is pretty much ad hoc. I think that my observations are not alone: recently, on the litsupport Yahoo! listserv, there had been a discussion about the possibility of instituting a standard certification for computer forensics and, more generally, electronic discovery. Unfortunately, I do not have any answers at present, or any links... been too busy trying to fend off attorneys and paralegals to do more research for you peoples.

  21. Sun, other vendors by identity0 · · Score: 0, Redundant

    Although I can't tell you anything about getting a career in 'computer forensics', I have found some info that might help you.

    Sun's BigAdmin security FAQs page has articles like "Basic Steps in the Forensic Analysis of Unix systems" and "Responding to Customer's Security Incidents". Some of them are from Sun, some from outside sources.

    You might also want to try the Linux documentation project to find some good help files.

  22. do you guys watch smallville? by Anonymous Coward · · Score: 0

    2 weeks ago this girl stole Chloe's hard drive from her work computer and stuck it in this little external hard drive cradle attached to her PC. She used it to suck all the data from the hard drive onto her computer. Is there really such a thing as that?

  23. Experience by fuzzybunny · · Score: 1

    We're putting together a security incident response team (CERt, whatever you want to call it) at a client's, which also takes care of all investigations involving computers.

    These guys have an investigative department consisting primarily of ex-cops. They don't do much IT work, if any, but rather come to us. I've found that the most valuable resource in performing forensic investigations is experience, hands down.

    The team involves people from a number of ops and engineering groups on a part-time basis (with extra confidentiality agreements, yada yada) who handle individual components of investigations for us. They're all very motivated and skilled, and the setup works like a charm.

    Also, Guidance Software has some decent docs (they're very product specific, but will give you a start on where to start looking.)

    --
    Cole's Law: Thinly sliced cabbage