Starting Computer Forensics & have some questions

Jess86

New Member
Nov 22, 2016
3
0
#1
I am interested in going to school for my bachelor's Criminal Justice Computer Forensics and I would like some advice from people who have either worked in this field or are currently working. Any advice is appreciated but I have some questions as well. Feel free to answer all or some of my questions as this is also part of a school assignment. Should take about 20 mins. Thank you in advance.
1. What do you like and dislike about this field?
2. What requirements in the computer would I need? (very nervous i will invest a thousand dollars into the wrong computer. Might be looking for the wrong things.
3. I have heard that working in the legal field in criminal recoveries that it wears on you mentally. (rape or murders) True or false
4. Does anyone have a past criminal background and not been able to finds work due to that? Nothing serious, but i heard that the simplest charge can stop you from working.
5. What are some of the most difficult or frustrating parts of this career.
6.What type of advancement opportunities are available for an entry-level worker in this career?
7.what kind of hours do you work?
8.How does this career affect your lifestyle?
9.What type of tasks do you do in a typical day or week?
10.How do I best prepare myself for this career?
11. How did you get the job you have?
12.What kind of job (titles) can I get with a Bachelor's in Criminal Justice Computer Forensics. What is your degree and exact title?
13.How is the economy effecting this career?
14. Do you ever take work home with you? If so on average how often?
15.Is your work primarily individual or predominately in groups or teams?
16.What courses have proved to be the most valuable to you in your work?
17. Is there a dress code where you work? Is it business or casual?
18.When people leave this career, what are the usual reasons?
19.What skills or personal characteristics do you feel contribute most to success in this industry?
20.What sacrifices have you had to make to succeed in this field, and do you feel the sacrifices were worth it?
 

SgtJackie

New Member
Nov 30, 2015
58
0
#2
For some reason I can't post my answers.....
 

azuleonyx

Member
Experienced Member
Oct 20, 2018
60
Ratings
48
18
Charlotte, North Carolina Area
cyberfenixtech.blogspot.com
Twitter
https://twitter.com/AzuleOnyx
#3
I am also switching into the field from a mainly Networking/Voice background (over 15yrs). I think there are multiple facets of "computer forensics" or "digital forensics".

I think one of the the most interesting parts of the job is ability to continually expand knowledge and enjoy the puzzling aspects of each investigation.

On one hand, there is the legal of of the application of forensics where you might have to process or gather data about crimes you may be disturbed by. However, this all depends on your mentality on seeing these images. Not every war veteran has PTSD. On the other hand, you have corporate (and non-deadly crimes) cases where you locate some issue that may or may not be a crime (misuse of data, stealing data, misuse of equipment, etc).

Hours worked for something like this, probably depends the job, I would guess. Some investigations might be time sensitive where you might have to work longer days to get the information back to the investigators.

As for computer, this is something I struggle with. I am building out a small lab/forensic station on my Razer Blade Stealth. Starting out, nearly anything that will run Linux/Windows good should be find for learning the skills you need. However, I do not think this a proper computer to attempt this for real work.

There are some forensic workstations (SUMURI Talino KA-L Alpha, $2,095) that you can buy or you can go with a mobile workstation, something like msi WT72 Workstation (Intel Xeon). Still, these are going to run between 2 and 5 grand. For what I want to do with it, I am going with the Xeon (better on virtualization) but I don't really need the high graphics card though.
 

RobertM

New Member
TRUSTED Contributor
Sep 30, 2018
23
Ratings
14
3
#4
1. What do you like and dislike about this field?
Always something new to learn and discover.
This is both a positive and a negative, especially when you learn something new for one investigation, but then don't use those skills for 6 months to a year. It can be hard to keep up with the ever-changing technology unless you really love this stuff.

2. What requirements in the computer would I need? (very nervous i will invest a thousand dollars into the wrong computer. Might be looking for the wrong things.
Good CPU, fast SSD's and memory.
For day to day work, 16 GB RAM will work. (minimum)
Better specs is always better, but for the most part, you can make due with just a good fast system for many aspects of the job.

3. I have heard that working in the legal field in criminal recoveries that it wears on you mentally. (rape or murders) True or false
It can and why you need to make sure to take care of yourself. Get away from the computer, take breaks and exercise. Another key point is to keep some distance from the actual facts of the case. Go after the artifacts, but don't get too involved in the actual investigation or the victims of the crime you are investigating. You will see things you can't un-see.
Good to learn techniques to reduce the vivid memories you may have (put the image B&W, eliminate noise, see it from a distance, make it fuzzy in your mind)
And most important, talk with a doctor if you need it. Everyone will have different experiences and relate differently to what you see based on your own life and background.

5. What are some of the most difficult or frustrating parts of this career.
It really depends on where you work and what opportunities the job provides. If in law enforcement, tenure can be very frustrating.

9.What type of tasks do you do in a typical day or week?
Cellphone and computer analysis. Digging through the data. Talking with investigators and lots of time getting the data into a report so that it is readable and concise.

11. How did you get the job you have?
Had a background in programming before going into law enforcement. Applied for opening in the unit when it became available.


14. Do you ever take work home with you? If so on average how often?
No

15.Is your work primarily individual or predominately in groups or teams?
Individual, but working with an investigator to identify the items of interest for their investigation,.

16.What courses have proved to be the most valuable to you in your work?
SANS FOR585 with Heather Mahalik. Exception course. Really goes deep into cellphones and understanding why you must use multiple software tools during an investigation.

19.What skills or personal characteristics do you feel contribute most to success in this industry?
Wanting to always learn and understand more.

20.What sacrifices have you had to make to succeed in this field, and do you feel the sacrifices were worth it?
Taking time after work to read and learn. I believe that it is worth it if you enjoy what you are doing.

I hope this helps.
 

Lids

Member
Experienced Member
Oct 23, 2018
30
Ratings
31
18
#5
1. What do you like and dislike about this field?
Like RobertM said above, every day is different -- there's always new tech coming out on the market, new software applications, new HDD standards, new encryption methodologies. Always something to learn about and refine existing understanding and knowledge from. You're never going to know everything - if I could take what I learn tomorrow to cases I worked on years ago, I may have conducted the investigations differently. In terms of "dislike", it's more my own frustrations - I work corporate investigations so there are days when you could just be sitting waiting for the phone to ring, but then it will be insanely busy for a few weeks.

2. What requirements in the computer would I need? (very nervous i will invest a thousand dollars into the wrong computer. Might be looking for the wrong things.
I wouldn't stress too much about what computer you get to start out with -- fast SSD drives and some RAM are usually enough. People can spend thousands on software, without necessarily understanding how it works -- of more value I find are courses such as the SANS FOR500 for entry-level, this will then get you experienced with, and open your eyes to, open source software for investigations that are just as, sometimes even more so, effective than commercial tools.

3. I have heard that working in the legal field in criminal recoveries that it wears on you mentally. (rape or murders) True or false
It can do -- for some police agencies, all a new examiner may do (from experience with the UK) is categorise child exploitation pictures which can be intense. I also know people who perform similar work at Facebook and it can wear you down. It's important to talk to people, have an outlet for stress such as the gym, yoga, meditation, etc.

6.What type of advancement opportunities are available for an entry-level worker in this career?
I work in one of the Big 4 consultancies so my experiences may be different - but there you typically start as an Analyst and will be performing collections, maybe some eDiscovery, and initial investigations and can progress up to Director or Partner where you may be responsible for managing more global investigations, setting investigation strategy, lots of BD work chatting with law firms, presenting at conferences, etc

7.What kind of hours do you work?
It depends - some weeks are the standard 42hrs, but if an investigation comes in that is time-critical I've been known to do 200-250hrs/month. It all depends on the client, sometimes regulatory deadlines, etc.

8.How does this career affect your lifestyle?
I was working for one of the Big 4 in Australia, before I moved to my current role in Switzerland. Being so far from everywhere, I was often sent out on global projects in Switzerland, Germany, Singapore, etc as well as interstate whenever the need arose. With only being able to fly home once every three (3) months, it had an impact on relationships as well as a "normal" life outside of work ... but it was quite rewarding also. Sometimes you may need to do "covert" collections in the middle of the night, so sleep schedule can be affected somewhat but these are usually the exception rather than the rule.

9.What type of tasks do you do in a typical day or week?
I work more in eDiscovery these days, although would prefer to be doing more CF work. My typical day is usually obtaining data from clients, cleaning and ingesting into our Relativity platform, creating user accounts, setting up questionnaires, managing the EDRM workflow, etc. Occasionally I'll get a chance to test some new tools and try to get innovative but it's usually fairly structured.

10.How do I best prepare myself for this career?
Learn as much as you can about some of the industry standard tools such as EnCase and FTK Imager, as well as the different techniques for data carving, timestamps, USB connection logs, Event logs, etc. Learning the core fundamentals so that you understand what the tools you are using are actually doing in the background will mean you are able to explain to people and also work out where there are mismatches or issues.

11. How did you get the job you have?
I was digging around in the back-end of banking systems doing defect testing, UAT of new patches and improvements then jumped into analytics which was more database and visualisation work. Then I kind of fell into it -- I took over the local forensic lab when one of the managers left due to my teen years as a nerd - sent myself on my, at the time, FOR408 (now FOR500) course and got my Relativity RCA cert for eDiscovery and slowly built my skills across investigations around Australia and globally.

12.What kind of job (titles) can I get with a Bachelor's in Criminal Justice Computer Forensics. What is your degree and exact title?
I don't have one -- my experience has come from building / troubleshooting computers in my teen years and then a series of CF and ED certifications since I started working daily in the industry.

13.How is the economy effecting this career?
Working for a consultancy, means my investigations are usually related to fraud, bullying/harrassment/IP theft, etc. Usually - but not always - it seems there is a cyclical effect with the economy ... when the economy is doing really well, fraud investigations are less; it's not that fraud isn't occurring, it's just that no one is looking for it because everyone's balance sheets are healthy. It usually ends up being that when a company is doing poorly and looking to cut costs, that they look at their accounts more closely and realise money is being taken out of the company or expenses are being exploited that they never usually worried about.

14. Do you ever take work home with you? If so on average how often?
Not usually -- given the sensitive nature of the investigations, all the work needs to take place in the lab with no remote access. However, this can mean working some weekends or late nights in the office / client site.

15.Is your work primarily individual or predominately in groups or teams?
When I was running my own lab, investigations were primarily solo -- but people were always a phone call away if I needed to talk through any issues or methodology / techniques. However I've been on some global projects with 100 other consultants - mainly ED work.

16.What courses have proved to be the most valuable to you in your work?
For sure the SANS FOR500 that I took to help get my GCFE certification was a real eye-opener ... I did it by distance as my employer wouldn't cover it, and I learned more in my first couple of weeks of self-study about industry best practice than I had learned in my previous two (2) years where I had been working in CF.

17. Is there a dress code where you work? Is it business or casual?
No tie, but usually dress pants, shirt and suit jacket ... I've been in some labs though where people have a much more casual dress code which I think is the way it's going. The tech guys, such as CF people, are usually seen as the stereotypical "hacker" portrayed on TV in jeans and a t-shirt.
 

About us

  • Our community began in 2004. Since this time, we have grown to have over 29,000+ members within the DFIR & Cyber Security community.

    We are happy to announce that this forum is now under new ownership with the goal to once again become the main Digital Forensics Forum on the internet for DFIR, OSINT and Cyber Security.

    If you can think of ways to help us improve, please let us know.

    We pride ourselves on offering unbiased, critical discussion among people of all different backgrounds.

    We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu