Henry Dalziel | Digital Forensics | July 3, 2015
So, you are looking for ways to get started in the digital forensics industry? Read on my friend, because we are going to help you out!
#1 Make Yourself Knowledgeable! Talk With Authority
It’s all well and good romanticizing about becoming a computer forensic expert and pursuing a career in the forensics industry, but if you ‘walk the walk’, you’ve also got to ‘talk the talk’; the point being that you’ve got to know your subject matter.
Speaking with authority and ‘matter-of-factly’ with regards to computer forensics will impress potential employers.
Helping to uncover terrorist cells and plots, along with unraveling criminal organizations can all be considered as being the ‘exciting’ stuff regarding cyber security and digital forensics, but being able to tout ‘real-life’ examples and case-studies will clearly illustrate your passion for the industry.
For example, did you know that the crucial bit of evidence MI6/MI5 GCHQ (British Intelligence) obtained when being able to identify ‘Jihadi John’s’ identity was the fact that he used a laptop in Syria to download design software (likely something like Photoshop) which was being offered on a free trial? His error was that he used his personal and unique student discount code that had been given to him when he was a student at London’s Westminster University, (where he studied computer technology). So, a simple error caught him out. Information like that is fascinating but the important point here is that you should have a bunch of stories like this ready…why? Because everyone loves a story right!? You’ll come across as personable, likeable – and, of course, professional.
You can’t fault enthusiasm, and a consequence of that will be you being labelled as being a passionate member of the digital forensics community. Being able to describe developing forensic technologies with ‘real-life’ stories is one of most valuable tips we can give to students seeking entry-level cybersecurity jobs.
#2 Make Yourself Knowledgeable! Talk With Authority
Getting certified shows your seriousness and commitment to adhere to standards within the computer forensic community. As a cybersecurity training organization we are strongly in favor of getting certified, and in this section we have a couple of suggestions with regards to digital forensics courses. Last year we posted a piece regarding our recommended digital forensic courses and we still maintain that these are the most desired within the community. Here’s the list:
Sure, there is always going to be an argument whether tech certs, especially within cybersecurity and digital forensics are worth it, and we cover that in our poll, with over 70% voting in favor of getting certified.
What’s the difference between the EC-Council’s CHFI Certification, the ISC2 CCFP and mile2’s CDFE and CNFE?
If you are not sure about the key differences here they are:
The CHFI Certification (CHFI):
Entry Requirement: To take the CHFI Exam and get certified (it’s now at v8 in 2015) (Computer Hacking Forensic Investigator) the student must have at least two years of information security related experience, or you must have educational Background that reflects specialization within cybersecurity/ information technology.
CHFI Training Options: You can either study through an Approved Training Center (Live Online, Classroom-Based etc), or through self-study.
CHFI Course Overview: The CHFI v8 Course will certify you in the specific cybersecurity discipline of computer forensics from a vendor-neutral perspective. The syllabus is very comprehensive and detailed-orientated and the training will allow you to be able to accurately (and professionally) identify an attacker’s digital footprints and to properly gather the necessary evidence to prosecute. The course includes training of the top digital forensic tools used within the industry (which we discuss below, in section #3).
ISC2 Certified Cyber Forensics Professional (CCFP):
Entry Requirement: There are slightly more requirements to study this computer forensics course compared to EC-Council CHFI. Students must have a four year college degree leading to a Baccalaureate, or equivalent and in addition they must have three years of digital forensics or IT cybersecurity experience. If you are not sure whether or not you qualify then get in touch with ISC2.
CCFP Training Options: Like CHFI, CCFP is a course managed by ISC2 (the ‘awarding body’) and can be studied through a variety of deliveries including self-study, classroom based etc.
CCFP Course Overview: CCFP in our opinion is an incredibly deep and complex course that teaches fundamental principles, forensic methodology, forensic analysis whilst also teaching how to create reports that can be used within a prosecution setting.
mile2’s CDFE and CNFE:
Entry Requirement: A background in cybersecurity will clearly help the individual better understand the course content, but the entry requirements are more welcoming and flexible than ISC2 and EC-Council.
CDFE and CNFE Training Options: Like the other forensic courses listed in this section, these two certifications can be studied Live Online, Classroom Based or via self-study.
CDFE and CNFE Course Overview: mile2’s CDFE (Certified Digital Forensics Examiner) and CNFE (Certified Network Forensics Examiner) are two equally beneficial computer forensic courses that will help to strengthen your CV and employability profile.
Our summary here is real simple: get certified! It will help your career and if your peers have it, and you do not, then you will be at a disadvantage. Furthermore, if HR Managers and Cybersecurity Head-Hunters/ Recruiters are seeking professionals specifically with these skills, and if you don’t have it, then you may potentially miss out on an interview opportunity.
#3 Learn How To Use Digital Forensic Tools!
We can’t emphasize this enough…learn how to use digital forensic tools, (also referred to as being ‘hacking tools’). We have created a large directory of hacking tools here and we even have a ‘top-ten list of hacker tools’ (that you also know how to use as well), but since our focus is on digital forensics, lets just give a brief overview of the ‘popular forensics’ tools.
There are many others, but in any event: take our word for it, you must be very proficient with being able to use digital forensic tools and specific Linux Operating Systems that are used for computer forensics such as DEFT and CAINE.
#4 Get Involved In The Community
One specific mailing list we’d recommend is the “DFIR: Incident-Response, Malware Analysis, Digital Forensics Professionals in the SANS Community” which is a large community of digital forensics experts.
Digital forensic mailing lists are the perfect place to send out messages for job announcements, job-seeking advice etc which are all focused within digital forensics.
The key is to participate in communities so that you can get valuable advice from professionals within the community.
Here are a bunch of resources to help you get going:
#5 Digital Forensic Conferences
We manage the web’s most active and visited list of cybersecurity conferences and have done so since 2013. Here is our Cybersecurity Conference list for 2015 and for 2016.
We see there as being two key benefits to attending conferences, which are:
Clearly attending conferences (specifically digital forensic conferences and events) are an excellent way to meet like-minded peers within the community. Being able to network will set you up as being able to discover job opportunities.
This is obvious but attending conferences will place you at the cutting-edge of the latest advancements within digital forensics.
Examples of forensic conferences happening this year include:
#5 Informational Interviews
Information Interviews are a great way to help you in your quest to get started with a career in digital forensics. For those that don’t know, an “Informational Interview” is a meeting in which a potential job seeker seeks advice on their career, the sector they are interested in, and the corporate culture of a potential future workplace.
Reciprocally, the person being interviewed learns about the job seeker and decides their professional potential and fit within their organization.
Aside from learning about the business and industry from a seasoned forensic professional, you will also position yourself as a potential employee, so when a position become available you will be able to apply.
On the subject of cybersecurity interview questions (i.e. the more ‘traditional’ format of an interview rather than an ‘information interview’) you might be interested in our “100 Cybersecurity Interview Questions”. Another excellent resource comes from InfoSec Institute.
#7 Start Your Own Consultancy!
OK, this is one of our favorite tips….start your own digital forensics/ cybersecurity consultancy!
We’ve been in the computer forensics training game a few years now, and we’ve worked with thousands of students over the years in a variety of cybersecurity disciplines. One of the main questions we get asked is ‘how to find entry-level computer forensics jobs, or cybersecurity roles’ by students, and the typical concern is that they lack the necessary experience. Those completely new to searching for employment often state this:
…you can’t get the entry-level job because you don’t have the experience, and you can’t get the experience because you can’t get a job….
The above is a catch-22 and our suggestion is to start a (possibly part-time?) consultancy. The huge benefit of doing this would be that you would generate experience and credibility on your CV. Sure, starting a digital forensics consultancy is no simple feat, but you don’t have to start a ‘pure-play’ forensics company, you can offer general IT/ cybersecurity/ pentesting etc and then move into forensics. Having that commercial experience will help you with your job search and will generate the experience that you badly need!
We hope you enjoyed our blog post in which we review suggestions to help you apply for Computer Forensics Jobs.
Please drop a comment below if you have any questions, and good luck with your job search! Let us know how you get on, other readers would really appreciate your thoughts and feedback.
Lastly, if you found this blog post interesting you might find another titled: Cyber Security Jobs – Advice and Tips For All Entry Level Job Seekers” of equal value which also highlights a bunch of cybersecurity job-seeking tips.