Hands-on experience is essential to any kind of forensics proficiency and
knowledge. Whether you get that experience at work or in your own time elsewhere, you really can't pursue such credentials without spending lots of
time learning and doing packet traces, analyses and forensic reconstructions
of event sequences, attack signatures and so forth.
That said, you can pursue any number of programs in this area that will
get you credentials in this subject matter, though it may sometimes be
stated in terms of protocol analysis rather than forensics, per se. But the two
topics
are practically inseparable, so don't let this dissuade you from following
any
of the paths I'm about to recommend:
1. EnCase Certified Examiner
Requires six months of experience or 32 hours of classroom training in
Guidance
software's EnCase forensic analysis products (widely used by law enforce-
ment and IT security professionals).
2. Pine Mountain Group Certified NetAnalyst program
Various levels of certification that
include coverage of forensic tools and techniques throughout. No
experience requirements jump out at me, but PMG really wants you to
attend all four weeks (or more) of their training classes to get certified.
3. Sniffer Certified Professional program
Sniffer technologies wants you to have Sniffer and take their training,
too.
4. WildPackets NAX or Network Analysis Certification
Same as above, except WildPackets prefers (but does not require) that
you use Etherpeek and wants you to go to WildPackets Academy for
training.
That's about all the directly relevant stuff I know of, but for a broader
survey of the subject matter, visit www.informit.com and search on
"tittel protocol analysis" to read an article I wrote for them that goes
into
more detail on this subject.
For more information on this topic, visit these other SearchSecurity.com resources:
News & Analysis: Veteran sleuth on the cutting edge of cybercrime investigation
Featured Topic: Computer forensics
