Digital Forensics: The Chance to Play DetectiveWork is Hard, But Jobs Plentiful for Professionals Who Like to Follow the Evidence Trail
"Forensics is broader in scope than people anticipate it," Barger says.
He specializes in electronic data discovery, data analytics and investigative services in support of civil litigation and provides advisory services regarding technology related matters. He also provides expert witness testimony when appropriate in connection with these services. His in-house team is involved in high profile investigations, applying tools and methodologies to data analytics, data mining, recovering deleted files, tracing internet activities and many other tasks. Most of his clients are government agencies and large private corporations. The team consists of-
The forensics profession today is fast-growing because of the increasing number of cyber crime activities that occur throughout the world, maintains Barger.
The Emergence of Forensics
"Forensics has become very important in the last 10-12 years since one great disadvantage of technology's integration into society is the capacity for people to use the technology for criminal purposes," says Jill Slay, PhD, CISSP, FACS, PCP, MIEEE
Member, (ISC) 2 Board of Directors. The types of crimes that can be committed using technology can be represented in two distinct categories: crimes committed using a computer (e.g. hacking, fraud) and those committed against computers (e.g. Denial of Service.
"In today's economy more people are working remotely, which provides greater opportunities for malicious employees to create harmful attacks," says Paul Henry, SANS Institute certified instructor in Forensics and cyber crime and President of Forensics & Recovery LLC, an independent network breach and computer forensics investigative company based in Florida.
Forensic computing can be described as the investigation into criminal or unethical activities that may have left digital or electronic evidence. Although this definition appears simplistic, adds Slay, it specifies the existence of digital evidence, which is the very core of 'computing' in the term forensic computing.
In the current job market, demand for such experts is increasing in United States, where many companies are facing real-time cyber crime activities. "We have forensic experts that we are looking for," says Nadia Short, vice president of strategy & business development at General Dynamics Advanced Information Systems, who seeks people that are able to lead the investigation and incident response activities. They primarily focus on the ability to understand file systems, logs, histories, patching and, more importantly, understand chain-of-custody activities as we look to provide that kind of data to law enforcement officials as they look to "put the bad guys away."
The typical career path/ responsibilities for forensics professionals include: Entry-level Forensic Analyst: Analyses of hardware, including applications/ operating systems, storage media, file systems, imaging hard drive etc. Forensics professionals need to know in-depth how computer systems work and operate, says, Eric Fiterman, CEO & President of Methodvue, a private intelligence organization specializing in the discovery and deterrence of complex threats to people, commerce, and governance.
Forensic Senior Analyst: Analyses of software, applications, know-how of data capture including volatile and non-volatile data. Recovery of sensitive data whether it is documents, emails, graphics, cookies, etc. Ability to identify the source and origin of a particular disruption or security issue, says Fiterman. Being able to answer "How bad is the damage both in financial and technical terms and who was responsible for this crime?"
Investigation Specialist: Forensic investigation services cover all areas of computer misuse, Internet/email abuse, fraud, pornography, hacking and intellectual property theft. Investigation procedures are needed, and in many cases required, to guarantee that found evidence can withstand examination in court.
Expert Witness: A lot of times forensics investigation requires presentation in court, and needs the services of an expert witness who testifies that evidence discovered in any particular case will withstand examination, says Eric Robi, CCE, an expert witness and President of Federal Forensics Group, an independent consulting firm specializing in computer forensics and analysis. The expert witness is usually required to provide an independent expert testimony in the form of expert opinion, present the findings in laymen terms and in the written reports in court presentation and/or examination. Provide easy to read and well-organized 'expert' reports to support the testimony including reports and statements that are provided to verify where and how data have been recovered, processed etc.
Management Position in Forensics: These days large companies have their own forensics and e-discovery teams that do the required investigation, analysis and recovery of systems and data. Most places require a senior forensics manager to lead and support the team as well as directly report to senior management.
Forensics experts recommend an undergraduate degree in computer science or engineering, specializing in forensic computing or IT security. Next: a master's degree and specialized training by vendor certification companies including SANS Institute, which offers GIAC Certified Forensics Analyst (GCFA); the EC Council for its Certified Computer Hacker (CEH); and International Society of Forensic Computer Examiners (ISFCE) offering the Certified Computer Examiner (CCE). "Hiring an interesting mix of individuals of technology level professionals with strong IT background and law enforcement professionals has been successful for my team," says Barger.
In addition, vendor product training is essential for forensics professionals from forensics software providers, including EnCase Guidance Software, Access Data, and Microsoft.
"Skills and abilities would be the logical and mathematical ones of science and engineering and the problem solving skills needed in detection as well as in the sciences," says Slay. Capacity to do tedious work with very strong analytical skills and solid background in information technology and network security is required in forensics, adds Henry.
On the Job
Henry indicates that starting salary for a professional in forensics is around $70,000 annually ,assuming the candidate possesses the necessary IT and analytical background and training required. The salary range is high for senior analysts and professionals between $150,000-300,000 annually.
Among the challenges on the job:
For more information on career options in forensics: