Is a career in digital forensics for you?

Is a career in digital forensics for you?

Henry Dalziel | Digital Forensics | June 19, 2013

In a previous blog post we looked at what it means to be a pentester (you might have heard the profession being termed an ‘ethical hacker’ or ‘penetration tester’).

As we mentioned in that post, there are good and bad sides to the job. Good because you are following your interest and hopefully passion, and bad because there is a considerable amount of auditing and report-writing.

Being a penetration tester is a niche within the world of IT. Another niche is digital forensics; and that is what this post is all about.

A quick word why we are writing this post: we have a live chat feature throughout our site and we realized that the majority of inquiries that come through the live chat ask how they (the visitor to our site) can start their career within Information Security. The answer we give (the live chat is either handled by myself or Lily) is always the same: specialize! Seriously, that is our best advice. Rather than start off as a jack-of-all-trades, we suggest to get moving right away in a specialist field and digital forensics is a great niche. Not only is it in-demand but the pay is very good.

A computer can be a witness to a crime
Think about it. The drug dealer, terrorist, sexual predator or white-collared criminal can and in most cases do, use computers to manage their affairs, business and crimes. Sure, they think that are being smart by encrypting their data but that is where the digital forensics earns their pay. In much the same way that a physical witness can make or break a case, so it is the same with a machine that a criminal used and being able to make that evidence speak as if it was a real witness.

Patience is key
Just like our post about being a penetration tester, patience is key. As a matter of fact, even a bad-guy hacker needs patience! We all do! Digital forensics can take days even months to complete; the duration being something which is almost wholly dependent on the quality and quantity and level of encryption within the hard drives.

Windows, alas, is also a key OS you must learn inside and out
We use Linux more than we do Windows in the office (our designer uses Mac and Windows) but if you’d like to get into the forensics scene then Windows is your friend. We’d suggest switching your main OS to Windows if you have swung to Linux. We blog a lot about Linux penetration testing distros, with our favorite being BackBox, but let’s face it, most of the civilized world uses Windows, and the computers on which you will be researching will very likely be Windows. Windows 7 and to a degree I guess 8 are most widely used, and a working knowledge of Vista and XP will certainly be useful. What is critical is that you understand the inside of the Operating System intimately well, not least the registries and the entire file structures. You have to know what you are looking for and quickly. Your client (be they Police or a Fortune 500) will need deadlines to be met so you’ll need to work as fast as you can. Having to learn where and how to access files might be costly so learn the system now, today!

Now for a contradiction!
In the above we mentioned to use Windows as your daily OS – but you will – and must – become very familiar with a Linux forensics distro. We’d recommend CAINE, a distro we’ve blogged about a few times before. Central to the benefit of learning a specific Linux forensics distro is that all the necessary tools you’ll need to perform a concise and complete forensics audit will be contained with the distro, so learn it!

What does it take to be a forensics expert?
Passion, a capacity to learn, a desire to become an expert and a curious mind are necessary inherent skills that are required to become a successful digital forensics expert. Hardware, software, encryption methodologies are all evolving on a weekly basis – join an email list and you’ll see what we mean.

A digital forensics certification will certainly help as will work experience or if you are just starting out, evidence of your exposure to the subject by either having joined a local hacking club or having attended conferences etc. If you are invited to an interview you might be asked to perform a forensics test, such as how to recover deleted files. Learn how to do this so that you can do it in your sleep!

Final word
If you have got this far and you are still reading this then clearly you are interested – so go for it! There is demand for digital forensics, especially good ones, so get involved! Our final tip is to have a think about becoming a mobile device forensics expert. Smart phones are now commonplace, and there are not that many qualified professionals out there. Mobile device forensics would therefore be a very good choice if you are starting your career in security or thinking of migrating your career over to forensics.

Do you work in forensics? Let us know, we’d love to have and share your thoughts!

  • Bob

    hello…i have just passed out of high school and joined for a bachelor degree in computer application and am planning to do a masters degree in the future. i am very interested in computers and programming (studied java in school) and am looking forward to a career in the field of cyber security. So tell me how to proceed!

    • Hi – thanks for your post. You should absolutely follow a career in Information Security – the job market and the demand for InfoSec professionals is growing. As a matter of fact there are not enough talented security professionals! The demand is huge. Yes, there are lots of IT professionals that work in security, but there are not that many – truly – talented individuals. By the sounds of it you have a degree which is an excellent start. A vendor neutral cert will likely also help but as always, experience is key. Have you thought about interning, or even setting up your own consultancy? To get yourself going you could pentest, pro bono, organizations networks in your neighborhood – just a thought! Let us know how you get on. If you need any specific help please do contact us directly.

  • DarrenGray

    Hi, it’s a great article Henry, Thank you!

    In regards to mobile forensics kindly recommend or at the least provide us a list of books that will help beginners like me to learn and master mobile forensics.

    Thanks in advance!

  • sidh

    Hi. I have completed my 12th Exam With PHY.CHM.MATH(PCM). I wanna carrer In Digital Forensics (Computer Forensics), please tell me the process with fees etc.

    • Thanks for your comment. We don’t currently offer digital forensics certifications – at the moment! I know that EC Council do offer such certs so that is probably the best place to check.

  • I mostly agree except for making windows your primary OS. People learn to use windows already and what they need is technical internal knowledge which doesn’t come from running it. At Bloomsburg University our new digital forensics degree curriculum introduces Linux in the first year with follow up courses in advanced Linux, Python, and forensics that leverage Linux.

  • Cami

    Hello. I’m really interested in digital forensics, but I didn’t have any experience in learning computer. Do you think it is okay for me to pursue this course? I mean, I only know basic computer. Just basic. Anyway, I just graduated from high school.

  • Lea

    I’m about to complete my national Diploma in IT Management, although i’ve done it for three years I’ve discovered that I love the networking and security part of IT. I’m very interested in doing a digital forensic course, is it possible to migrate from what I’m doing currently to digital forensics? Do they relate?

  • Sipho Banele Thwala

    I’m a Police officer who is very much interested in forensics and i have a Diploma in IT,CompTia A+ and one certification in Server Administration 2008.In our organization we are about to set up a cyber crimes unit so i wanna have this certification especially in computer and mobile forensics.Any feedback would much appreciated.

  • Adebayo Ahmed

    I would love to know the classes required in Digital Forensic . how many subject ? what are the subject (classes)

Leave a comment or reply below...thanks!