The (Badly) Illustrated Musings of a Cheeky Forensics Monkey ...
I think diving in to memory forensics would be good stuff. Volatility has been getting a lot of good praises. What's your background? What type of stuff interests you? Forensics can be broad but can also get very focused too.
Thanks for the suggestion. I think there's some existing memory images out there so I might try that out next. It probably won't be anything too complicated and won't involve malware. I'm uber paranoid about infections lol.At this stage, I am in sponge mode - learning as much as I can when I can. I can't really list specific things that REALLY interest me because I am still learning about what I don't know (if that makes any sense). In general, if it can be used to retrieve digital evidence I am interested/am game to have a look-see. However, not having access to commercial forensics software (eg EnCase, FTK) I am focusing on open source/free software.
I'm probably in the same boat is you, trying to learn as much as I can with Forensics. I'm about to finish up my masters (this month) in computer forensics. Unfortunately my program was brand new and we didn't get enough practical hands on- we don't have a lab, encase, etc. So i've had to learn most of the stuff on my own.I live in the DC area, and do have some good stuff going on close to me which is fantastic. Harlan Carvey has a monthly forensic meetup that I attend. I'm also making friends with more people in the forensic and IR space.I live really close to Guidance software's main training facility, and I'm hoping to attend both Encase I & II training in March 2012. I'm very excited about that. I'll probably get the EnCe shortly after, or at least that's the plan!
Sounds like a good plan. I was curious about those Carvey forensic meetings but will probably never get the chance to attend. Unfortunately, the EnCe courses over here are probably a little too expensive for me at the moment.Connecting with people already in the industry sounds like the most promising way to enter. Speaking of which, feel free to drop me an email (see my profile page for the address) if you want to discuss anything further in a not so public manner.