CICRA & EC-Council sponsor first ever Hacking Challenge and Information Security Quiz in Sri Lanka

CICRA Institute of Education in association with the International Association of Electronic Commerce Consultants (EC-Council), USA is sponsoring the first ever 'Hacking Challenge' and the 'Information Security Quiz' in Sri Lanka.

Each member of the winning team of the Hacking Challenge and the Information Security Quiz will receive a free training voucher to follow globally recognized, prestigious but expensive Certified Ethical Hacker (C|EH) training programme at the state of the art computer laboratory at the CICRA Institute of Education in Colombo 05.

"Normal course fee of a C|EH program per person is Rs. 150,000/-. EC-Council, USA has agreed to provide complimentary courseware whilst they are offering free training to the winners of the Hacking Challenge and the Information Security Quiz," CICRA Director/CEO Boshan Dayaratne said."In the modern world information is the key to success. Therefore, information security is very important in the corporate and also government sectors. That is why they are promoting 'Hacking Challenge and the Information Security Quiz," Mr. Dayaratne said.

"C|EH program trains information security professionals to think and act as hackers but practice only as ethical hackers to defend IT systems of their organisations. This qualification is even recognized by the US Department of Defence," he said.

Hacking or gaining access to computer file or network illegally or without authorisation has become a serious cybercrime all over the world. Organised by Sri Lanka Computer Emergency Readiness Team (Sri Lanka CERT), a fully owned subsidiary of the ICT Agency of Sri Lanka (ICTA), the Hacking Challenge and the Information Security Quiz will be held respectively on 13th and 14th October at the ICTA premises and at Hotel Renuka, Colombo 3 respectively. The two competitions are organized as part of the National Cyber Security Week.

Sri Lanka CERT said that the Hacking Challenge had two objectives."One is to allow penetration testing enthusiasts to measure their skills in a simulated environment, free of legal repercussions; the other objective is to allow these enthusiasts to be rewarded, if they rack up the highest points according to the scoring system - by way of C|EH training," Sri Lanka CERT said.Meanwhile, Security Quiz is targeted at students in tertiary education institutions. "The quiz will be conducted over eight rounds, each round comprising questions from a specialised security area".

Sri Lanka CERT is mandated with the protection of Information and Information Systems within the state sector, particularly in regard to the e-Sri Lanka initiative. At the same time Sri Lanka CERT is also mandated to extend its services to the private sector and general public. It is a full member of the Asia Pacific CERT and Forum of Incident Response Security Teams (FIRST) associations. Sri Lanka CERT also assists the public by combating common cyber security incidents such as Facebook and webmail account compromise.

Best Digital Forensics Certifications

There is an appreciable number of available, high-quality certification programs that focus on digital investigations and forensics. However, there are also many certifications and programs in this area that are far less transparent and widely known.

There’s been a steady demand for digital forensics certifications for the past several years, mainly owing to the following:

As a result, there is a continuing rise of companies that offer digital forensics training and certifications. Alas, many of these are “private label” credentials that are not well recognized. Making sense of all options and finding the right certification for you may be trickier than it seems.

To help choose their top five certifications for 2019, they looked at several popular online job boards to determine the number of advertised positions that require these certifications. While the actual results vary from day to day and by job board, this should give you an idea of the number of digital forensic jobs with specific certification requirements.

*We covered two GIAC credentials, presented together in a single GIAC section below.

Digital forensics is a relatively lucrative space for practitioners. The average salary for intermediate digital forensic jobs in the U.S. – $63,959, according to SimpyHired – trails that of network engineers, system administrators and project managers. However, a senior specialist or forensic analyst, whether working in the private industry or government channels, will often earn six figures in major metro areas. They found salaries on the high end running almost $107,000 for forensic analysts and more than $127,000 for digital forensic roles.

AccessData is the maker of the popular Forensic Toolkit (FTK) solution for digital investigations. The company also offers a variety of related products and services, such as AD Lab, AD eDiscovery, AD Enterprise and AD Triage.

The AccessData Certified Examiner (ACE) is worth pursuing for those who already use or plan to use FTK, which enjoys widespread use in law enforcement and private research and consulting firms. The certification requires one exam, which covers the FTK Imager, Registry Viewer, PRTK (Password Recovery Toolkit) and FTK Examiner Application/Case Management Window tools in detail. AccessData recommends basic to moderate forensic knowledge before attempting the exam. This includes an understanding of digital artifacts, Registry files, encrypting and decrypting files, hashing, attack types, using live and index searching, and other topics. See the latest ACE Study Guide for details.

Recertification is required every two years. Credential holders must pass the current ACE exam, which focuses on the most current versions of FTK and other tools, to maintain their credentials.

AccessData FTK BootCamp (three-day classroom or live online)

FTK Intermediate courses

Registration required to receive a join code to access the testing portal

The International Association of Computer Investigative Specialists (IACIS) is the organization behind the Certified Forensic Computer Examiner (CFCE) credential. This organization caters primarily to law enforcement personnel, and you must be employed in law enforcement to qualify for regular IACIS membership.

A formal application form, along with an application fee, is necessary to join IACIS. Regular membership includes current computer/digital forensic practitioners who are current or former government or law enforcement employees or forensic contractors to a government agency. All other practitioners can apply for Associate membership to IACIS, provided they can pass a background check. Membership fees and annual renewal fees are required. IACIS membership is not required to obtain the CFCE credential.

To obtain the CFCE credential, candidates must demonstrate proficiency with CFCE core competencies. One option is IACIS’ Basic Computer Forensic Examiner (BCFE) two-week training course; it meets the 72-hour training requirement, costs $2,995, includes a free laptop and waives the IACIS membership fee for nonmembers. IACIS membership is required to attend the course. Candidates completing the training course can enroll directly in the CFCE program upon completion of the course. Those not attending the BCFE course may meet the 72-hour training requirement with a comparable course (subject to IACIS approval), pay a $750 registration fee, and successfully pass a background check to enroll in the CFCE program and sit for the exam.

The CFCE exam is a two-step testing process that includes a peer review and CFCE certification testing:

Upon completion of both the peer review and the certification phase, candidates must submit a notarized form certifying that the practical and written exams were completed independently without assistance from anyone else.

Certificants must recertify every three years to maintain the CFCE credential. Recertification requires proof of at least 40 hours of professional education, a passing score on a proficiency test in the third year, proof of computer/digital forensics work experience, or passing scores on three proficiency tests within three years, and either three years of IACIS membership or payment of a $150 recertification fee.

Despite the time and expense involved in earning a CFCE, this credential has high value and excellent name recognition in the computer forensics field. Many forensics professionals consider the CFCE a necessary merit badge to earn, especially for those who work in or for law enforcement.

72 hours of training in computer/digital forensics comparable to CFCE core competencies; BCFE training course meets training requirement

Without BCFE training: take a comparable course, pay $750 registration fee and pass a background check

The EC-Council is a well-known training and certification organization that specializes in the areas of anti-hacking, digital forensics and penetration testing. The organization’s Computer Hacking Forensic Investigator (CHFI) certification emphasizes forensics tools, analytical techniques, and procedures involved in obtaining, maintaining, and presenting digital forensic evidence and data in a court of law.

The EC-Council offers training for this credential but permits candidates to challenge the exam without taking the course, provided they have a minimum of two years of information security experience and pay a non-refundable $100 eligibility application fee.

The CHFI course covers a wide range of topics and tools (click the exam Blueprint button on the certification webpage). Topics include an overview of digital forensics, in-depth coverage of the computer forensics investigation process, working with digital evidence, anti-forensics, database and cloud forensics, investigating network traffic, mobile and email forensics, and ethics, policies and regulations. Courseware is available, as well as instructor-led classroom training.

The EC-Council offers numerous other certifications of potential value to readers interested in the CHFI. These include the Certified Ethical Hacker (CEH), CEH (Practical), EC-Council Certified Security Analyst (ECSA), ECSA Practical, Certified Network Defender (CND) and Licensed Penetration Tester (LPT), Certified Application Security Engineer (CASE), and Certified Chief Information Security Officer (CCISO). It also offers credentials in related areas such as disaster recovery, encryption and security analysis. Visit the EC-Council site for more info on its popular and respected credentials.

Candidates must agree to the EC-Council Non-Disclosure, Candidate Application and Candidate Certification agreement terms.

Training recommended but not required:

To challenge the exam without training, you must have two years of information security work experience and/or education to reflect specialization, pay a non-refundable application fee of $100, and complete the Exam Eligibility Application Form.

More information on the application process is located on the Application Eligibility Process webpage.

Guidance Software, acquired by OpenText in 2017, is a leader in the forensics tools and services arena. Its well-known and widely used EnCase Forensic software helps professionals acquire data from many different types of devices, complete disk-level examinations and produce reports of their findings. The company also sells software for remote investigations (EnCase Endpoint Investigator), eDiscovery, risk management, mobile investigations and endpoint security.

The company’s certification program includes the Certified Forensic Security Responder (CFSR), EnCase Certified eDiscovery Practitioner (EnCEP) and EnCase Certified Examiner (EnCe). Available to professionals in the public and private sector, the EnCE recognizes an individual’s proficiency using EnCase Forensic software and mastery of computer investigation methodology, including evidence collection, preservation, file verification, file signatures and hashing, first responder activities, and much more.

To achieve EnCe certification, candidates must show proof of a minimum of 64 hours of authorized computer forensic training or 12 months of qualified work experience, complete an application, and then successfully complete a two-phase exam that includes a written and practical portion.

EnCE certifications are valid for three years from the date obtained. Recertification requires one of the following:

Training options through Guidance Software:

Completion of the EnCE application

Passing the Phase I exam earns an electronic license to complete the Phase II exam.

$75 renewal fee

Learning On Demand subscription provides access to 400 courses across the OpenText Learning Services platform.

SANS is the organization behind the Global Information Assurance Certification (GIAC) program. It is a well-respected and highly regarded player in the information security field in general. SANS not only teaches and researches in this area, it also provides breaking news, operates a security alert service, and serves on all kinds of government, research and academic information security task forces, working groups, and industry organizations.

The organization’s incident response and forensics credentials include the following:

The intermediate GCFE and the more senior GCFA are the focus of this section. Neither credential requires taking SANS courses (which have a strong reputation for being among the best in the cybersecurity community, with high-powered instructors to match), but they are recommended to candidates and often offered before, during or after SANS conferences held around the U.S. at regular intervals.

Both the GCFE and GCFA focus on computer forensics in the context of investigation and incident response, and thus also focus on the skills and knowledge needed to collect and analyze data from Windows and/or Linux computer systems during such activities. Candidates must possess the necessary skills, knowledge, and ability to conduct formal incident investigations and advanced incident handling, including dealing with internal and external data breaches, intrusions, and cyberthreats; collecting and preserving evidence; understanding anti-forensic techniques; and building and documenting advanced digital forensic cases.

Most SANS GIAC credentials are valid for four years. Candidates may recertify for the GCFE and GCFA by earning 36 continuing professional experience (CPE) credits. In addition, credential holders must pay a certification maintenance fee of $429 every four years.

The SANS GIAC program encompasses more than 36 information security certifications across a broad range of topics and disciplines. IT professionals interested in information security in general, as well as digital forensics, would be well advised to investigate further on the GIAC homepage.

GIAC Certified Forensic Analyst (GCFA)

GCFE recommended course: FOR500: Windows Forensic Analysis ($6,210)

GCFA recommended course: FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting ($6,210)

Exams proctored by Pearson VUE. Registration with GIAC required to schedule an exam.

$1,899 (no training – referred to as a certification challenge)

Additional details available here.

There are lots of other certification programs that can help to further the careers of IT professionals who work in digital forensics.

One certification we’ve featured in the past is the CyberSecurity Institute’s CyberSecurity Forensic Analyst (CSFA). The CyberSecurity Institute provides digital forensic services aimed at law firms, businesses and individuals, and administers a small but well-respected certification program. The CSFA is designed for security professionals with at least two years of experience performing digital forensic analysis on computers and devices running the Windows operating system and creating investigative reports. Although the certification didn’t generate as many job board hits as their other featured certifications, the CSFA is still worth your attention.

The same goes for the Certified Computer Examiner (CCE) from the International Society of Forensic Computer Examiners, also known as ISFCE. The CCE is well recognized in the industry and in the law enforcement community as a leading credential for digital forensics professionals, but it fell a little short on job board hits during their review this year.

Other good certifications include the Professional Certified Investigator (PCI), a senior-level, vendor-neutral computer investigations and forensics credential available through ASIS International. The organization also offers the Certified Protection Professional (CPP), which includes an investigation component, and the Physical Security Professional (PSP) in its certification program. Forensics candidates can also pursue one of the High Tech Crime Network vendor-neutral certifications – the Certified Computer Crime Investigator or Certified Computer Forensic Technician, both of which have a Basic and an Advanced credential.

If you look around online, you’ll find numerous other forensics hardware and software vendors that offer certifications and plenty of other organizations that didn’t make the cut for the 2019 list of the best digital forensics certifications. But before you wander outside the items mentioned in this article, you might want to research the sponsoring organization’s history and the number of people who’ve earned its credentials, and then determine whether the sponsor not only requires training but stands to profit from its purchase.

You might also want to ask a practicing digital forensics professional if they’ve heard of the certifications you found on your own and, if so, what that professional thinks of those offerings.

How Growth Hacking Can Grow Your Company Wildly

“Growth hacking” has become a popular term in Silicon Valley over the past couple of years. A lot of people in the technology industry are familiar with the concept, but outside of that area, people tend to be unfamiliar with it.

Growth hacking has many different definitions, but to me, it’s a way to get the most leverage out of your customer acquisition. It’s a funny concept because a lot of internet marketers have been using growth hacking for years without even realizing it.

I have used growth hacking to grow my businesses, from scratch to thriving businesses, very quickly, and I want to teach you how to come up with your own growth hacking strategies. To me, growth hacking is a certain way of thinking when it comes to marketing.

Well-known companies that have used growth hacking include Dropbox, which implemented an automated referral system that urged users to refer friends in exchange for more space. Airbnb is said to have reached out to people who were renting out their homes on Craigslist and recommend they use the Airbnb platform. And PayPal is known for giving $10 to every user who referred a friend.

When I first started my company Quickcashforgolfclubs.com, I had stumbled upon an untapped niche in the used golf club market. My business model was very simple. I would buy used golf clubs from stores, pro shops and consumers for cash, and then resell the clubs for two to five times as much as I bought them for. I started the business with only $500 and had to bootstrap it to buy more inventory.

One night, I was sitting in my dorm room and brainstorming on how to get more customers. I was scrolling through Facebook and realized I could friend and message every single person in Southern California with a golf profile picture and pretty much say the same thing. I ended up automating this process, and my business grew exponentially without spending any money on advertising. Not long after that discovery, they were selling golf clubs in more than 20 different countries and every state in the U.S.

Recently, I co-founded a company called LiveVoice, which sells phone, live chat and email outsourcing services to small and medium-size businesses. I came up with an idea to target companies, through cold email marketing, that were hiring customer service reps on Glassdoor because I realized that they added a lot of value to those companies. On top of that, their messaging could appear relevant and personalized because they could pretty much say the same thing. This worked extremely well, and they started finding customers that were willing to pay us tens of thousands of dollars each month.

So, let me break down the process of how you can develop a growth hacking strategy as a method for growing your business.

1. Find a place where your dream customers hang out. Growth hacking starts with finding a common place where your target market hangs out, whether they are online or offline. It’s kind of like how lawyers advertise on billboards placed along highways. That is where their target market often is. I used this with Facebook and Glassdoor for my businesses.

2. Figure out messaging that your customers will engage with. If you look at the growth hacking strategies used by the most successful companies, they all have a call to action that resonates with their customer base. The ask of their users is, more or less, quid pro quo. In other words, "I will give you something in exchange for something." For example: “Refer your friends, and I will give you my product for a discount.”

3. Look at data. When you’re growth hacking, data should rule everything around you. Test different strategies, and compare the results to figure out what works and what doesn’t.

4. Get creative. Growth hacking requires you to be analytical, but even more importantly, it requires you to be creative. Think of things your customers want and how you can give them a deal by doing something beneficial for you in return.

If you start to brainstorm on ways you can get creative to reach and attract your dream customers, and come up with systems that can be repeated over and over again, then you will be on your way to developing a growth hacking system that can make you a great deal of money.