Computer Forensics

Computer evidence
Andrew Brookes/Cultura/Getty Images

Computer forensics is a branch of forensic science (forensics for short). As you likely know, forensics is the scientific analysis of people, places and things to collect evidence during crime investigations, that helps to prove innocence or guilt in court.

Computer forensics, sometimes called digital forensics, has a like purpose. But it specializes in the scientific analysis of computer communications and the data on computer storage devices, such as disks and CD-ROMs. Typical applications of computer forensics are listed below.

  • Investigate and uncover evidence of illegal activities conducted via computer, such as credit-card fraud, intellectual property theft, pedophilia, terrorism and computer system intrusion (hacking). Illegal activities conducted via computer are generally referred to as "computer crimes" or "cyber crimes".
  • Investigate and uncover evidence of crimes that weren't directly committed via computer, but for which the accused might have stored evidence on computer data storage devices
  • Detect and close computer system security holes through "legal" hacking

Consequently, computer forensics experts are often called "Cyber Cops", "Cyber Investigators" or "Digital Detectives". Many are self-employed consultants.

Starting a Computer Forensics Career

Although relatively new, computer forensics is a growing career field. That's because computer crimes have increased so rapidly, that they've quickly become a fact of life. In turn, they've caused losses in the billions of dollars annually and continue to do so.

To start a computer forensics career, you'll likely need a computer forensics degree or a related degree (e.g., computer science, criminal justice or engineering) with computer forensics training tacked on, such as through degree major and minor options or post-degree certification.

Practical knowledge and skills ​required depend on the computer forensics career niche you're targeting. But, technical and analytical skills are typically a must for all computer forensics careers. Knowledge and skills in a broad range of computer storage devices, operating systems, programming languages, and software applications open more doors. So does knowledge and skills in some to all of the following specifics.

  • File formats
  • Software drivers
  • Networking, routing, communication protocols, and ​security.
  • Cryptology
  • Reverse software engineering
  • Investigative techniques
  • Computer forensics tools, such as password crackers, email converters, or the EnCase or Forensic Toolkit (FTK) software applications

Real-world knowledge of the computer forensics career niche in which you are to specialize will likely open more doors too.

For example, if you are to specialize in providing evidence of computer crimes to law-enforcement agencies, then knowing the legalities of search and seizure, and the approved techniques for collecting and preserving evidence will likely be mandatory; if you are to specialize in helping banks secure their computer networks, then a knowledge of the banking business and an understanding of the financial "bottom line" will likely further your computer forensics career.

Some employers who hire career computer forensics experts are willing to accept equivalent knowledge and experience in place of education credentials or an advanced degree in place of experience.

To get an idea of what's commonly required by employers, try a search for computer forensics jobs and read the job descriptions.

Locating Computer Forensics Training

Several colleges, universities, and technical schools offer computer forensics training curriculums that lead to:

  • Computer forensics degrees
  • Related degrees with computer forensics training options
  • Computer forensics certificates

Courses are offered online, in the classroom or both. Examples of U.S. educational institutions that showed up in a Web search for the search string computer forensics training and variations are listed below.

A few educational institutions displayed in the search for other countries, too. Because computer forensics is a growing career field, more educational institutions worldwide are likely to follow suit in the near future.

To find computer forensics training curriculums, check with your local educational institutions. Alternately or additionally, perform an online, educational-institution search for computer forensics training at a facilitating Web site.

You might also generally search the Web for computer forensics training and variations of the search string, such as computer forensics education, computer forensics degree, and computer forensics course. Look for clues in the text of search listings for other relevant search strings and variations to try, such as digital forensics training.

Among computer forensics certifications, the Certified Information System Security Professional (CISSP) is the most recognized, according to Web resources at this writing. It's offered by the International Information Systems Security Certification Consortium or (ISC) 2, a non-profit organization. Examples of other computer forensics certifications are listed below.

Additionally, AccessData offers computer forensics training and certification related to its Forensic Toolkit software, while Guidance Software offers the same related to its EnCase software. There are also a variety of "add-on" computer forensics training courses offered by various organizations.

To find more computer forensics certification and training resources, search the Web for computer forensics certification and variations of the search string, such as computer forensics training and computer forensics course. Also, try plugging in the search string digital forensics.

Searching for Computer Forensics Jobs

Computer forensics jobs for both consultants and employees are often through law-enforcement agencies, military and government intelligence agencies, and private security and consulting companies. Employment staffing firms commonly act as recruiting agents.

To give you an idea of the number of computer forensics jobs available at this writing, a simple search on the text string (keyphrase) computer forensics at Dice, a popular technical job bank, returned 145 jobs and consulting gigs. Monster.com, a popular job bank that lists jobs of many types, returned 199.

That's not enough to say that computer forensics job opportunities "abound". But, the number of job opportunities aren't pitiful either, especially for such a specialized occupation.

Computer forensics job titles varied, ranging from Computer Forensics Analyst to Vulnerability Security Research Engineer. Many job opportunities listed required a degree and at least two years of experience.

A few computer forensics job opportunities optionally required equivalent knowledge and experience in place of education or an advanced degree in place of experience. Several required a security clearance, for which there is no compromise.

Because job titles vary, not every relevant job opportunity will be listed as a "computer forensics job" when job searching. To attempt to increase the number of opportunities listed, start with the keyphrase computer forensics and then scan the job descriptions for other potential keyphrases, such as digital forensics.

Your best bet for finding computer forensics jobs will likely be through computer, contract, and government job banks, recruiters and staffing firms.

If you wish to strike out on your own as a consultant, word-of-mouth through hobnobbing and networking will likely land more computer forensics jobs. Meanwhile, landing jobs through contract staffing firms might be the way to go, until the word spreads. It might also earn referrals for you, which will spread the word.