Digital Forensics: The Chance to Play Detective

Credit EligibleAs a BankInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

August 3, 2009 - Upasana Gupta, Contributing Editor

After Hurricane Katrina devastated much of Louisiana, the state was granted $9 billion for recovery and disbursement to individual homeowners. Keith Barger, a director in KPMG's Forensic practice in Houston, was put in charge of a forensics and fraud team to ensure verification of insurance claims, investigations and to trace fraud activities. This work kept Barger's team busy for a year and a half.

"Forensics is broader in scope than people anticipate it," Barger says.

He specializes in electronic data discovery, data analytics and investigative services in support of civil litigation and provides advisory services regarding technology related matters. He also provides expert witness testimony when appropriate in connection with these services. His in-house team is involved in high profile investigations, applying tools and methodologies to data analytics, data mining, recovering deleted files, tracing internet activities and many other tasks. Most of his clients are government agencies and large private corporations. The team consists of-

The forensics profession today is fast-growing because of the increasing number of cyber crime activities that occur throughout the world, maintains Barger.

The Emergence of Forensics
"Forensics has become very important in the last 10-12 years since one great disadvantage of technology's integration into society is the capacity for people to use the technology for criminal purposes," says Jill Slay, PhD, CISSP, FACS, PCP, MIEEE

Member, (ISC) 2 Board of Directors. The types of crimes that can be committed using technology can be represented in two distinct categories: crimes committed using a computer (e.g. hacking, fraud) and those committed against computers (e.g. Denial of Service.

"In today's economy more people are working remotely, which provides greater opportunities for malicious employees to create harmful attacks," says Paul Henry, SANS Institute certified instructor in Forensics and cyber crime and President of Forensics & Recovery LLC, an independent network breach and computer forensics investigative company based in Florida.

Forensic computing can be described as the investigation into criminal or unethical activities that may have left digital or electronic evidence. Although this definition appears simplistic, adds Slay, it specifies the existence of digital evidence, which is the very core of 'computing' in the term forensic computing.

In the current job market, demand for such experts is increasing in United States, where many companies are facing real-time cyber crime activities. "We have forensic experts that we are looking for," says Nadia Short, vice president of strategy & business development at General Dynamics Advanced Information Systems, who seeks people that are able to lead the investigation and incident response activities. They primarily focus on the ability to understand file systems, logs, histories, patching and, more importantly, understand chain-of-custody activities as we look to provide that kind of data to law enforcement officials as they look to "put the bad guys away."

Career Options
The typical career path/ responsibilities for forensics professionals include: Entry-level Forensic Analyst: Analyses of hardware, including applications/ operating systems, storage media, file systems, imaging hard drive etc. Forensics professionals need to know in-depth how computer systems work and operate, says, Eric Fiterman, CEO & President of Methodvue, a private intelligence organization specializing in the discovery and deterrence of complex threats to people, commerce, and governance.

Forensic Senior Analyst: Analyses of software, applications, know-how of data capture including volatile and non-volatile data. Recovery of sensitive data whether it is documents, emails, graphics, cookies, etc. Ability to identify the source and origin of a particular disruption or security issue, says Fiterman. Being able to answer "How bad is the damage both in financial and technical terms and who was responsible for this crime?"