[dongdong88]

In general, operations staff will not have chance to rub shoulders with senior staff unless things happen.

They are also one of the staff that the company says can do without with and will lay you off without the blink of an eye, only to realize their importance when things can't be handled or when things go awry.

Quote:

Digital Forensics in some way, is put the image into Encase click here and there. Then comes out a report.

LOL... this is not what forensics is for.

[MoeMoeSama]

Xiaosa1 wrote:

Financial/Accounting Forensics specialist reviews businesses or companies' financial records for signs of fraud/ misrepresentation or money laundering. The Big 4 and Major banks normally hire these people for a very good salary. Something like an auditor but more specialized. They are used when a company has a major financial scandal e.g. Olympus. The BOD normally will hire an audit firm to do a third party audit. Thats where Financial forensics people come in.

In short, to catch people cooking the books la. These are the real specialists. Digital Forensics in some way, is put the image into Encase click here and there. Then comes out a report.

Financial forensics must really manually review every statement and financial record in the company.

..... cannot disagree in a sense...

[Xiaosa1]

running Forensics software is like running vulnerabilities scanner in a simplistic view. Input scan settings, final result is a raw output report, open ports/services. based on the raw data, input risk and recommendations.

Same for forensics analysis. Say download porn policy violations. So grep the hdd image for key words, or try to retrieve deleted images. Same context to me.

Encase and FTK had come to a stage where by a lot of searches are templated and automated. E.g. Search for Porn .. Click Yes. Of course there are more advanced stuff like timelines comparison, system activities review

[dongdong88]

Yes... the software is meant to aid the analyst.

However, one needs to go further than just clicking here and there...

[Xiaosa1]

For those who are interested in looking at the actual scope of Computer forensics jobs, VISA Singapore is looking for an Sr. Information Security Analyst (Computer Forensics). The job advertisement is available on its website

[MoeMoeSama]

Xiaosa1 wrote:

For those who are interested in looking at the actual scope of Computer forensics jobs, VISA Singapore is looking for an Sr. Information Security Analyst (Computer Forensics). The job advertisement is available on its website

RESPONSIBILITIES
Lead and conduct technical investigations of information security related incidents on a global network while using computer forensics tools such as Encase, FTK and F-Response for evidence collection and analysis
Analyze suspicious binaries and network forensic logs as part of the efforts to mitigate potential targeted threats against the company
Identify, record and manage host- and network-based indicators of compromise (IOCs)
Act as Subject Matter Expert on information security related issues pertaining to Investigations and Incident Response where you will guide other teams through your case recommendations
Interact and assist other investigative teams within Visa on time sensitive, critical investigations
Review, interpret and communicate risk and business impacts of security exploits, patches and vulnerabilities
Lead structured response and subsequent remediation of large scale Security Incidents ensuring involvement of correct technical and non-technical teams
Develop and conduct Incident Response mock scenarios for training on an annual basis
Develop, document and implement process level improvements for Investigations and Incident Response (e.g. updates to Computer Security Incident
Response Team (CSIRT) Handbook, cross team processes etc.)
Mentor and train staff on Investigations and Incident Response


Qualifications


Bachelor's Degree in Computer Science (or related field) or equivalent work experience
8 to 10 years of experience in Information Security, with a concentrated focus on Incident Response, Forensics, Investigations and Case Management
CISSP and EnCE completed or “exam ready”
Demonstrated ability to handle sensitive and confidential information and matters is essential.
Possess highly developed analytical reasoning skills with the ability recognize and evaluate facts, objectively analyze situations, synthesize and organize data/information from multiple sources
Advanced level experience using network and system forensics tools
Familiarity with malware reverse engineering and ethical hacking beneficial
The ability to work effectively with other functional areas and understand the operational and cultural issues relevant to achieving superior results
Strong knowledge and administrative experience on Windows and UNIX platforms
Knowledge of mid-range and mainframe operating environments - Tandem, MVS, TPF, OS-400 preferred
Able to draft, interpret and communicate policies, procedures and technical requirements
Must be both a self-starter and team player; must work well independently with limited supervision
Excellent written and verbal communication skills, interpersonal and presentation skills and the proven ability to influence and communicate effectively.
Must be extremely flexible and able to manage multiple tasks and priorities on very tight deadlines.
Candidate must possess a strong aptitude for Risk Management
GREM, CFCE, GCIH, GCFA, EnCE CHFI, GCIA, GCED, GPEN Certifications preferred
Established network in the law enforcement community is preferred.



Info. Security Specialist (Computer Forensics)


Is on linkedin and visa website :0

[Xiaosa1]

The job scope had confirmed some requirements of a Cyber forensics analyst discussed in this thread

1. Ex Police force
2. Trained investigator
3. Incident handling skills and Information Sec knowledge
4. Multiple Certifications required
5. Product certified required (FTK/Encase)

[shallwechen]

I think the point is very important for us. "Incident handling skills and Information Sec knowledge" Everyone need the skills, just my opinion.

[MoeMoeSama]

Xiaosa1 wrote:

The job scope had confirmed some requirements of a Cyber forensics analyst discussed in this thread

1. Ex Police force
2. Trained investigator
3. Incident handling skills and Information Sec knowledge
4. Multiple Certifications required
5. Product certified required (FTK/Encase)

1. and 2. is basically the same... what they want is the connection and also being in PTD give you experience in presenting evidence in court.. that what i hear la.

[Xiaosa1]

MoeMoeSama wrote:

1. and 2. is basically the same... what they want is the connection and also being in PTD give you experience in presenting evidence in court.. that what i hear la.

Just to be clear. Your point is only applicable in Singapore. In countries like United States, there are a lot of people who are licensed investigators, with out ex police force status, but still with the relevant network.

For example, private investigators, commercial/fraud investigators even bounty hunters....

[MoeMoeSama]

Xiaosa1 wrote:

Just to be clear. Your point is only applicable in Singapore. In countries like United States, there are a lot of people who are licensed investigators, with out ex police force status, but still with the relevant network.

For example, private investigators, commercial/fraud investigators even bounty hunters....

Yes true cant disagree on that viewpoint

[dongdong88]

A job posting on Symantec. I wonder if part of their job scope to post blogs.

Seems like some of the things will go on the blog...

Senior IT Security Threat Analyst at Symantec in Singapore - Job | LinkedIn