Next Hottest Certification: Private Investigator

I like watching those real life crime shows like American Justice and City Confidential. It is amazing to see how folks can take a torn piece of toilet paper and solve a crime with it. The smallest clues can make the biggest differences. I also like seasons 1-3 of Sponge Bob Square Pants but I will save that cliffhanger analogy for my upcoming blog on packet sniffing... Chances are that sometime in our IT career we are going to be faced with few choices: - Sushi or In-Out Burger? - Reformat a machine or gather evidence to prosecute a hacker. Just like the game Fable II (which is on the highly recommended list of cool RPG's) every choice effects the outcome of your character. Gathering evidence that someone has broke into your network and manipulated your digital assets seems simple enough right? Go out and download an open source forensic tool kit like SleuthKit http://sleuthkit.org or a commercial one like FTK http://www.accessdata.com purchase the Computer Forensics Library (highly recommend 3 book set) and get started. You can almost hear Bill Curtis saying, "But which Jimmy Ray didn't know was that although he is certified engineer and been in the business for over 18 years, he is not certified to handle and preserve digital evidence and his work is inadmissible in a court of law" For folks out there looking to do digital forensics for prosecution, many states are requiring that you be state licensed as either a peace officer or...a private investigator. Kinda takes me back to the episode on Star Trek NG when Picard is Dixon Hill... Anyway... We can still practice digital forensics for internal use (for now) BUT if that goes outside to the criminal/civil courts then we lose all credibility. Some of the states that are requiring you to be a state licensed Private Investigator are: South Carolina, North Carolina, New York, Texas, Washington, Georgia, Virgina, Nevada and a few others have some conditional laws, like in California you can gather evidence but once you interview someone then that requires a license. Digital evidence is different then physical evidence in that digital evidence is very transitional in both state and movement. To be admissible in court a judge during a pretrail hearing will determine if the evidence is both reliable and relevant. This is called the Daubert test or Daubert Hearing. It checks evidence and the gathering process against these four rules: - Testing: Can and has the procedure been tested? - Error Rate: Is there a known error rate of the procedure? - Publication: Has the procedure been published and subject to peer review? - Acceptance: Is the procedure generally accepted in the relevant scientific community? I certainly respect the courts ruling on this. Digital evidence has been used to prosecute not only hackers but other cases like: - Dennis Rader; BTK Killer - Scott Peterson The good news here is that there is a major league shortage of Private Investigators with a IT background. If you are looking for another cert to chase or just kinda tired of subnet masking and patch Tuesday, then here are a couple things you can do to get started: - Look up your states requirements to be a State Licensed Private Investigator. In my state of Wisconsin, it is a 100 question exam and employed at a Private Investigation firm. No worries there, they are all looking for IT professionals - Start studying for the ISFCE Certified Computer Examiner cert. This is the only vendor neutral digital forensics certs out there today. Kinda like the CISSP. http://www.certified-computer-examiner.com - Make up a few forensics ISOs and start testing on your machines - OPTIONAL: pick up a disk duplicator. I like the one from http://diskology.com but http://www.forensic-computers.com has some cool stuff also, just a little pricey I believe this is going to be a huge field and the chance to get it early and really make a name for yourself. Plus forensics is just darn cool to mess around with. With your troubleshooting knowledge and IT skill set, you would be amazed at how much you already know about forensics. And the best part; You can pick up one of those cool private eye type hats and flash your business card at folks with the title Private Investigator. Hey Folks, I let the air out of Ken Presti tires and I took his Network World Podcast for a day. I called up Solar Winds Chief Geek Josh Stevens and we discussed the awesome new code they have buzzed up for us engineer types in the land of packets. Click over and have a listen at: http://www.networkworld.com/podcasts/cisconews/2008/102908cisconews.html Jimmy Ray

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Copyright © 2008 IDG Communications, Inc.