I currently work full time in the IT Field and want to expand my skills and one thing I am interested in is Computer Forensics.

I have been trying to find a course online for the last two evenings using Google and all I can find are courses which are 5 days long or is a university course over a number of years.

I don’t really want to do a 5 day course as one I have to take time of work but I learn more if I can do it over time. I have been trying to find an evening class or a night school but I can find nothing in the London area.

Is it possible to do lab training online or is hands on experience more beneficial.

Thanks in advance if you can help.

Hi Millwall ... (hope its not mad larry the dog of TV notoriety :) )

What part of digital forensic work is it that "turns your cogs", legal, procedural, image/data recovery?

Paths in at the mo tend to be of two or three distinct camps.

1: go back to University - (pt/ft 1-4+ yrs) ( no g'tee of job afterwards and potentially have to fund 2: below as well)

2: Pay for and attend a recognised commercial software vendor Certification course. (Usually Accessdata or Guidance Software)

3: Use your current experience and try to get in at entry level with a company that already does forensics. ( note: to get in you normally have to have 2: above as training is expensive and companies are reluctant to pay for that to see another company poach their new staff )

wrt online courses I'm just plain sick of paper vendors these days.

There are few if at all any online courses that will get you anything worthwhile.
Possibly one stands out as excellent. google Farmerdude +forensic. Hands on is the main way to go.

If You just want to tinker, grab some opensource software, and a few drives from ebay, and get your hands dirty.
See if You like the feel of it. *THE* main part of data forensics is correct legal procedure. Go find the ACPO guidelines and see what Your up against in terms of doing it right, or check the manuals nicely packaged with Helix forensic software and the like

Begin with the end in mind. Work out where you want to be in <x> years and then find a path to it.
Finding a forensics course without knowing this may leave You disappointed as a University may have a different idea of what "the job" entails.

hth

Kern

LOL @ Mad Harry comment ;-).

I'm more interested in image/data recovery. I already have quite a decent job in IT but i'm learning more of the security aspects side of encrypting technology, e.g using TrueCrrpt on all computer laptops to ensure data cannot be recovered. However the cynical in you always wants to test this to ensure it cannot be broken.

However if a computer is not encrypted I would like to know how to recover data and examining computers, just for a good understanding of this field.

The reason I want to go on a course as to purchase Encase or alternative software can be quite expensive so I would rather get training to go to with it.

As you say getting quite a few hard-drives from ebay could be useful to see if it can be recovered or any data. E.g. files, email correspondence or things like MSN, yahoo, ICQ chat logs.

I just really want to add to my skill set as you never know when you could be out of a job so want to keep my options open.

hehe, apologies to Harry of course, not larry. jaded memory of the 70s panorama program Harry staging a one man attack on the Spurs end.

Yeh there are quite a few software utils out there that are free. Predominantly Linux based, but you can get "Live CD's" so you don't even need to mess with your own setup. They run directly from CD as long as You set the Pc to boot directly from the optical disc drive on startup.

You may want to unplug Your own drive, before commencing all this, as a safety measure and plug in a blank formatted drive as the Target to save your bitstream image or recovered data to.

look out for

Helix
Fccu
The Coroners Toolkit
Autopsy
The Sleuthkit
Testdisk/Photorec

and so on

all the above disc images are Free for download.
Testdisk/photorec is available as a program download for both windows and Linux environments, as well as being available in the full disc images above, altho' it'l be a few releases older on those, than the currently available one from Christophe Greniers website.

Kern