Digital forensics, or cybercrime forensics, professionals are called in to investigate when information is stolen from a computer, network, web application, cell phone or another digital device. The forensics team’s job is to determine exactly what was done and how it was done, attempt to recover and/or repair stolen or damaged data files, and to work with other information security experts to prevent it from happening again.
The CSIs of the infosec universe, digital forensics experts are critical in minimizing any harm done from cybercrimes, and reconstructing the crime to aid in bringing the perpetrators to justice.
Anytime the law is involved, following the rule of law is vital to a successful culmination of an investigation. Adhering to proper evidence handling procedures will be of paramount concern for digital forensics experts. Many digital forensic experts are employed by governments or government suppliers/contractors. For a large portion of these positions, a high-level security clearance is necessary.
Four steps to becoming a digital forensics expert
1. Education: There are a variety of college degree programs that lend themselves to careers in digital forensics. These include: computer engineering, computer science, electrical engineering, applied mathematics, cybersecurity, information technology, and of course digital forensics. More advanced positions in digital forensics sometimes require master’s degrees.
2. Career path: There are entry-level positions available in digital forensics that provide excellent avenues of entry into the field. Working in general forensics roles while developing infosec skills is also a viable path. So too are positions in information technology fields with a special focus on cybersecurity. Software development is another track that can lead to digital forensics careers.
3. Professional certifications: Employers predominantly want to see a number of professional certifications on resumes, and this is particularly true with more senior positions. There is a long list of available certifications applicable to digital forensics. Several organizations now offer widely-recognized certifications for digital forensics occupations.
4. Keep current: As with most cybersecurity career paths, it is vital to remain current with what is happening in the industry. Keeping skills and knowledge up to date with all of the latest trends is made easier when the field has its own professional trade association. In digital forensics, that association is The International Society of Forensic Computer Examiners, or ISFCE.
Offering relevant continuing education, professional training, and proficiency testing for digital forensics professionals. The Scientific Working Group on Digital Evidence (SWGDE) is another cybercrime forensics organization dedicated to keeping industry professionals’ knowledge and skills current. SWGDE focuses on fostering open communication between industry organizations and professionals.
What is a digital forensics expert?
Job titles for digital forensics professionals vary quite a bit, but are generally variations on a theme. Titles seen frequently include digital forensics engineer, digital forensics investigator, digital forensics specialist, digital forensics analyst, digital forensics examiner, digital forensics technician, and others.
Job scope probably varies a little less than titles, but will obviously depend on seniority and experience levels. Cybercrime forensics experts primarily enter the picture after there has been a breach of information security. That’s the time to put on the CSI trench coat and dig deep into the evidence. No blood and guts, just digital trails.
Digital forensics skills and experience
As post-mortems of digital crimes involve investigations of computing devices, including mobile devices, software, and storage databases and devices, digital forensic experts must possess in-depth and low-level knowledge of as many of such systems as possible.
Skill requirements likely to be encountered with employers include:
- In-depth knowledge of popular operating systems, including mobile OS, networks and hardware
- Knowledge of investigative methods to locate specific electronic data
- Proficiency in the latest cyber forensics, response, and reverse engineering skills and understanding of the latest exploit methodologies.
- Experience using UFED Analytics Desktop
- Experience with disk and memory forensics tools
- Ability to analyze malware and obfuscated code
- Designing and building custom processes to facilitate evidence collection.
- Password cracking of common office file types and mobile device backups
- Metadata cleansing of office and pdf documents
- Proficient in the use of encryption, both hardware and software
Knowledge of specific computer languages, such as:
Common professional certifications often sought by employers include those available from: ISFCE (International Society of Forensic Computer Examiners), IACIS (The International Association of Computer Investigative Specialists), GIAC (Global Information Assurance Certification), CISSP (Certified Information Systems Security Professional), (ISC)2 (International Information Systems Security Certification Consortium) IEEE (Institute of Electronic and Electrical Engineers), Cellebrite, AccessData, BlackBag, and EnCase.
Some employers may also require more basic certifications, such as CompTIA A+, which certifies IT operational and technical support skills. There are a number of training and certification paths available that are considerably more focused on one or a few specific types of hardware or operation systems. One such course is iOS Forensics, which hones in on Apple’s notoriously difficult to crack iPhone operating systems.
Passmark Software, an authority in hardware and software performance benchmarking, has expanded into digital forensics with its OSForensics toolset. It performs many of the tasks associated with digital forensics. Passmark also provides a training and certification class whereby digital forensics professionals can hone and demonstrate their proficiency with OSForensics.
Soft skills sought by employers include: Written and oral communications, excellent analytical skills, ability to organize complex investigations, and the ability to document and report findings to stakeholders.
What do digital forensics experts do?
Today, there is a digital element to almost every legal investigation. From civil cases like infidelity, child custody, accident reconstruction, civil disputes and missing persons, to criminal cases such as fraud, espionage, arson, larceny, and wrongful death, digital forensics is now used as a critical element of most investigations. Breach of information security is obviously a major focus for digital forensics experts.
In the pursuit of finding answers, digital forensics professionals utilize skills and knowledge of all elements of information systems and security to extract all relevant data. This includes a wide variety of computer hardware and software, networking systems, as well as mobile devices and systems.
With this knowledge, digital forensics professionals will attempt to restore deleted data, analyze recovered data, and perform a complete forensic examination of all computers, databases, and systems. This information is assembled and used to reconstruct what actually happened, and then reported on to affected parties. In civil or criminal cases that have progressed to legal courts, digital forensics experts are often called on to provide expert testimony.
Digital forensics expert job description
Specific functions of digital forensics experts will vary substantially based on the employer’s agenda and the specific case being worked on. Potentially, tasks will include some or all of the following:
- Utilize leading forensic software to identify, collect, preserve and analyze electronic data from laptops, desktops, servers, backup tapes, cell phones, PDAs and a wide variety of other media
- Recover deleted user data, hidden data, file fragments, and temporary files
- Managing and tracking electronic evidence
- Identify and document tactics, techniques, and procedures used by an attacker to gain unauthorized access
- Develop and disseminate engagement reports, technical reports, and briefs based on analytic findings
- Follow industry-standard forensic best practices while imaging, preserving, transporting and handling electronic data and associated physical devices.
- Provide expert witness testimony
Outlook for digital forensics
Information security professionals will be in high and rapidly-growing demand for the foreseeable future. In fact, there is a significant shortage of infosec professionals in all disciplines, and the shortage is expected to persist well into the coming decade. As networks, applications, and information needs become consistently more complicated and critical to business and state operations, these systems become more directly targeted and more vulnerable.
Digital forensics experts are needed by almost any type of organization. Scanning job listings, one will find openings at many types of corporations, and the bigger the company, the more digital forensics experts they are likely to need. Because digital forensics are now often a part of criminal investigations, government agencies are prime employers.
Law enforcement agencies such as district attorney offices, police, the FBI, and CIA are often looking for additions to their digital forensics teams. In fact, the FBI recently created what it calls the Forensic Examiner Talent Network, which is designed to provide a stable of expert talent in cybercrime forensics.
How much do digital forensics experts make?
In 2019, Payscale.com reports that digital forensics professionals are making from about $50,000 to about $114,000 per year, with an average annual salary of $72,000. Bonuses, commissions and profit-sharing can add as much as $25,000 annually. A quick search of job posting sites uncovered one position that paid $160,000.
Looking for more information about careers in cybersecurity? LEARN MORE.