Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Forensic Certifications

advertisement 
Forensic Certifications
Mayuri Shakamuri
CS 489-02 Digital Forensics
October 31, 2006
New Mexico Tech
Executive Summary Digital Forensics is rapidly growing and evolving to become a scientific practice with
specific legal and procedural guidelines. Certification of computer forensics is a step in
the right direction to ensure that digital forensic examiners are able to meet acceptable
criteria in the eyes of the law. It follows that, all such criteria are modeled on those
established by criminal investigators for gathering evidence and in presenting the same in
a court of law.
Some of the certifications that this document will investigate into are: EC-Council's
Certified Ethical Hacker, (ISC)2 (International Information Systems Security Certification
Consortium) Certification, GAIC (Global Incident Analysis Center) Certifications, SCP
(Security Certified Program) Certifications.
There weaknesses and limitations in the current certification programs is identified. Some
certifications focus strictly on sound forensic evidence collection and analysis. There a
very few which cover all core aspects of Digital Forensics.
With an increasing number in computer crimes and demand for forensic investigators,
there is an urgent need for a centralized standards body. This organization should be
capable of integrating all the different guidelines and mold them into common practices
that in turn lead to the evolution of certification program(s) from an established
accredited institution(s).
This document gives an overview of some of the current Digital Forensic certifications
available.
Shortcomings of the certifications are presented.
direction in this field is also made.
Page 2 of 11
A proposal for future
Introduction
There is a dramatic increase in the volume of digital evidence in cases brought
before a court of law. There is a growing concern on the admissibility of digital forensic
evidence, the tools and methodology that are used for collecting the evidence, as well as
legitimate challenges as to the skills of the professionals who collect them. A forensic
certificate is a very good gauge to measure an investigator’s capabilities in the field of
forensics. It is also a proof that an individual meets a minimum standard of knowledge in
the area of evidence collection, analysis, and reporting. The certification process puts
into place standards and procedure that adhere to proven criteria. It follows that, all such
criteria are modeled on those established by criminal investigators for gathering evidence
and in presenting the same in a court of law. Certification of computer forensics is a step
in the right direction to ensure that digital forensic examiners are able to meet acceptable
criteria in the eyes of the law.
The problem arises when trying to meet the same standards for physical evidence
gathering as the field of Digital Forensics is relatively new and is coming to the forefront
with the recent expansion of personal computers in the USA.
With more and more
electronic transactions being done on a daily basis, the resultant rise in computer based
criminal activities has increased. Intruders are using increasingly sophisticated means to
intercept personal information such as social security numbers and passwords for identity
theft. Into this breach has stepped a multitude of agencies, some genuine, others intent
on making a fast buck. There has been a mushrooming of these institutions, each carving
out an area of expertise and setting certification standards based on narrow criteria.
Within the last few years, a need to consolidate all these differing standards under
one umbrella organization has gained importance. This is still an ongoing effort.
State of practice
There are various certifications offered by several different institutions and
organizations.
Some take a comprehensive approach to the certification process; they
offer both training and practice tests modeled on the certification exam, while others
administer just the exam. I present some of the certifications currently available in the
Page 3 of 11
field of Digital Forensics. This list is completely based on my subjective opinion. Please
refer to the appendix for a summary of certifications.
International Information Systems Security Certification Consortium (ISC)2 [1]
(ISC)2 is a globally recognized organization; they are offering Certified Information
Systems Security Professional certificate (CISSP). This certification is intended for midand senior-level managers. This certification appears to have global recognition. CISSP
exam tests the individual's competence in the following 10 domains: Access Control,
Application Security, Business Continuity and Disaster Recovery, Cryptography, Information
security and Risk Management, Legal, Regulations, Compliance and Investigation,
Operational
Security,
Physical
Security,
Security
Architecture
and
Design,
Telecommunications and Network Security.
EC-Council, Certified Ethical Hacker [2]
This program prepares an individual to be certified as an ethical hacker. An ethical
hacker is a skilled professional who understands and knows how to look for the weaknesses
and vulnerabilities in network systems. They are trained to use the same knowledge and
tools as a malicious hacker from a defense point of view. The nature of work for an Ethical
hacker is similar to a penetration tester. Some of these are (ex) hackers that have turned
legitimate and see a challenge in catching other hackers using their own skills.
This
certification is tailored for security officers, auditors, security professionals, site
administrators, and anyone concerned about the integrity of the network infrastructure.
GIAC (Global Incident Analysis Center) Certifications [3] The SANS Institute (SysAdmin, Audit, Networking, and Security) oversees this
particular organization. They validate the skills of security professionals and provide
assurance that a certified individual holds the appropriate level of knowledge and skill
necessary in key areas of information security. Some of the certifications offered by GAIC
are: GIAC Information Security Officer - Basic, GIAC Certified Forensics Analyst (GCFA) ,
GIAC Security Essentials Certification (GSEC), GIAC Certified Firewall Analyst (GCFW), GIAC
Page 4 of 11
Certified Incident Handler (GCIH), GIAC Certified UNIX Security Administrator (GCUX), GIAC
Systems and Network Auditor (GSNA), and GIAC Certified Security Engineer (GSE).
SCP (Security Certified Program) Certifications [4]
This certification covers both core security topics as well as advanced security
knowledge. There are two levels of certification, the SCNA (Security Certified Network
Architect) and SCNP (Security Certified Network Professional). SCNP certification consists
of two exams: Hardening the Infrastructure and Network Defense and Countermeasures.
SCNA certification consists of advanced security implementation and enterprise security
solutions exams.
Guidance Software, EnCE [5]
The EnCase Certified Examiner Program (EnCE) offers certifications for those who
are trained on EnCase Guidance Software. Encase is a widely used commercial forensics
investigation software.
Professionals who undergo training are eligible to take this
certification exam.
CSFA (Cyber Security Forensic Analyst) [6]
Cyber Security Institute offers this certification. Their testing scenarios are based
on actual cases. This certification tests the individual's ability to conduct thorough and
sound forensic examination, properly interpret the evidence, and communicate the results
effectively. FBI background check is required for an individual to take this certification
test.
AIS Certification
Advanced Information Security Certification (AIS) is an all-in-one security
certification divided into 4 main areas: Management, Protection, Detection, and Reaction.
The reaction module focuses heavily on computer forensics.
Page 5 of 11
Gaps There are some weaknesses and limitations in the current certification programs.
Some certifications focus strictly on penetration testing, network security, Incident
handling, firewall analysis etc., In my view, there a very few that may cover all core
aspects
of
Digital
Forensics,
which
are
preservation,
identification,
extraction,
documentation, and interpretation of digital media for evidentiary and/or root cause
analysis. These certifications do not cover all the aspects of Digital Forensics. In other
professions like management, medical or engineering, there is one organization overseeing
certifications in different specialities. Computer or Digital Forensics is not at that point.
There are too many conflicting agencies trying to claim supremacy in terms of the
processes and controls to be used in Digital Forensics.
Future Practice Once principles and practices of Digital Forensics are codified and agreed to run
under one single board which controls accreditation, methodology and practices, the
current state of Digital Forensics can be improved upon to further reduce the scope of
mistakes and minimizing the chances of evidence gathered being thrown out on challenges
to procedures.
The American Academy of Forensic Sciences (AAFS) is a renowned
organization that is recognized for its work in setting standards for application of science
to the legal system. Another organization is the Information Systems Security Certification
Consortium (ISC)2. It is an internationally recognized and well established organization for
educating and certifying information security professionals. Certification programs
accredited by organizations like AAFS and (ISC)2 would bring better standards in the area
of Digital Forensics. Since the area of Information Technology is rapidly changing, it is
important that the certification programs need to be designed to allow for flexibility and
revisions as the technology such changes.
Conclusion There are several Digital Forensics certifications available currently and there are
many different organizations offering them. In this paper we have looked into some of the
Page 6 of 11
certifications and their scope. It appears to me that all the certifications I have looked at
focus on only some of the security aspects in Information technology. To my knowledge
there is no one certification program that addresses all the core aspects of Digital
Forensics.
Certification program(s) from established accredited institution(s) will help
resolve the dilemma of Digital Forensics professionals in choosing a right certification
program.
References
[1] International Information Systems Security Certification Consortium:
https://www.isc2.org/cgi/content.cgi?category=7
[2] EC_Council: www.eccouncil.org/CEH.htm
[3] Global Information Assurance Certification: www.giac.org
[4] Security Certified Program: www.securitycertified.net/
[5] EnCase, Guiance Softwarw: www.encase.com/training/ence/index.asp,
EnCase Certification exam: www.prometric.com
[6] Cyber Security Institute: http://certifications.cybersecurityinstitute.biz/
[7] ElementK Courseware: www.elementkcourseware.com
[8] American Academy of Forensic Sciences: http://www.aafs.org/
Page 7 of 11
APPENDIX Organization Certified Ethical Hacker GIAC Certifications: a. GIAC Information Security Officer – Basic (GISO – Basic) b. GIAC Security Essentials Certification (GSEC) c. GIAC Certified Firewall Analyst (GCFW) d. GIAC Certified Incident Handler (GCIH) e. GIAC Certified Intrusion Analyst (GCIA) f. GIAC Certified Unix Security Administrator (GCUX) g. GIAC Certified Windows Security Administrator (GCNT) h. GIAC Information Security Officer (GISO) i. GIAC Systems and Network Auditor (GSNA) j. GIAC Certified Security Engineer (GSE) SCP Certifications ‐ SCNP ‐ SCNA Note: CompTIA Security+ certification is a prerequisite for both SCP certifications. EnCE CSFA, Cyber Security Forensic Analyst GCFA (GIAC Certified Forensics Analyst) Requirements This certification is for security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. Web site Cost www.eccouncil.org/CEH.htm www.giac.org SCNP certification consists of two exams: Hardening the Infrastructure and Network Defense and Countermeasures SCNA consists of the Advanced Security Implementation and the Enterprise Security www.securitycertified.net/ Solutions exams. EnCase Certified Examiner Program offers certifications for those who have taken the EnCase Guidance Software. www.prometric.com FBI Background check http://certifications.cybersecurityi
nstitute.biz/ GCFA deals directly with incident handling scenarios and investigation www.giac.org $150 AIS Certification Computer Forensic, Cybercrime and Security Training Curriculum: a. Certified Cybercrime First Responder (CCFR) b. Internet Crimes Against People ‐ (ICAP) c. Internet Crimes Against Children ‐ (ICAC) d. Presenting Digital Evidence at Trial ‐ (PDET) e. Network Security Intrusion and Detection ‐ (NSID) f. Personal Digital Device Forensics ‐ (PDDF) g. Advanced File System Recovery Seminar ‐ (AFSRS with Certification) h.High Tech Crime Investigator Level 1 i. High Tech Crime Investigator Level 2 Computer Forensic External Certification (CFEC) a. Certified Forensic Computer examiner (CFCE). b. Electronic Evidence Collection Specialist Certification (CEECS) This is an all‐in‐one security certification divided into 4 main areas: Management, Protection, Detection and Reaction. The reaction module deals heavily with computer forensics. Designed for law enforcement by the IACIS, this certification is now open to those with the experience and knowledge active law enforcement officers Certified Computer Crime Investigator (CCCI) and Certified Computer Forensic Technician (CCFT) National Institute of Standards and Technology (NIST) 60 hours of classroom training and 100 hours of CBT training. TruSecure ICSA Certified Security Associate Although not a forensics certification, this overall security certification is highly respected and covers essential forensics procedures. Page 9 of 11
$750 $1400 Online training cost for both CFCE and CCE $2750.00 www.whitehatinc.com $3,000 Advanced Computer Forensics Boot Camp 3‐day boot camp in the complexities of digital forensics www.infosecinstitute.com
Computer Forensic Training Center Online Online training and CCE certification through Kennesaw State University Certified International Information Systems Forensics Investigator (CIFI) The International Information Systems Forensics Association Member’s in this association can take (IISFA) Certified International Information Systems Forensics Investigator (CIFI) exam. National Cybercrime Training Partnership (NCTP) National White Collar Crime Center (NW3C) International Information Systems Security Certification Consortium (ISC) 2 CISSP ‐ Certified Information System Security Professional SSCP ‐ Systems Security Certified Practitioner CIW ‐ Security Professional $2,700.00 $450.00 Programs specifically for law enforcement agencies only. The NCTP offers training on basic and advanced data recovery. This is primarily intended for law enforcement and is offered free to qualifying agencies. See above. 1 Exam (250 questions, 6 hours). $450.00 1 Exam (125 questions, 3 hours). Master CIW Administrator Certification, which includes 4 exams. $295.00 $500 ($125/exam) GSE ‐ GIAC Security Engineer: 7 Exams. RSA Security RSA/CSE ‐ RSA Certified Systems Engineer RSA/CA ‐ RSA Certified Administrator RSA/CI ‐ RSA Certified Instructors Requires: CSE or CA Cert + Workshop. $1,750.00 Requires: CSE or CA Cert + Workshop. www.rsasecurity.com
$150.00 $150.00 $300.00 www.checkpoint.com
$150.00 Cisco: www.cisco.com
Cisco Firewall Specialist CCNA + 2 Exams. CheckPoint: CCSA ‐ Checkpoint Certified Security Administrator. CCSE ‐ Check Point Certified Security Engineer Page 10 of 11
$375.00 Cisco VPN Specialist CCNA + 2 Exams. $375.00 Cisco IDS Specialist CCNA + 2 Exams. TruSecure: CCNA + 5 Exams. $375.00 $750.00 ($125 per exam) www.trusecure.com
TICSA ‐ TruSecure ICSA Certified Security Associate 1 Exam (70 questions, 90 minutes). TICSE ‐ TruSecure ICSA Certified Security Engineer BrainBench: TICSA Cert + 1 Exam www.brainbench.com
BIS ‐ BrainBench Internet Security Certification Requires: 1 Exam. $25.00 BNS ‐ BrainBench Network Security Certification Requires: 1 Exam. $25.00 CCSP ‐ Cisco Certified Security Professional. Learning Tree: $295.00 www.learningtree.com
NSCP ‐ Network Security Certified Professional 3 Core Courses, 1 Elective Course and associated exams CompTIA Security+ Requires: 1 Exam. $937.00 ‐ $2,645.00 $199.00 Security Certified Program: SCNP ‐ Security Certified Network Professional 2 Exams. SCNA ‐ Security Certified Network Architect 2 Exams Page 11 of 11
$300 ($150 per exam) $360 ($180 per exam)
Related documents
ALUMNI -Placement - Cochin Stock Exchange
ALUMNI -Placement - Cochin Stock Exchange
MS BI Professional Certifications
MS BI Professional Certifications
The Ten Steps of the Texas State Auditor`s Performance Measures
The Ten Steps of the Texas State Auditor`s Performance Measures
PRESS RELEASE: McCoy Bolt Works, Inc. announced the receipt of
PRESS RELEASE: McCoy Bolt Works, Inc. announced the receipt of
institute for rapid resolution therapy, inc.
institute for rapid resolution therapy, inc.
Download
advertisement