How to Become a Digital Forensics Professional in 2019
In this article we’ll discuss how to enter the Digital Forensics field and we’ll explore the wide variety of employment options available. There are lot of practitioners in the Digital Forensics field with a wide range of skill sets and responsibilities.
These positions often have slightly different titles such as:
- Digital Forensics Investigator
- Digital Forensics Analysts
- Digital Forensics Examiner
- Digital Forensics Professional
In law enforcement the distinction between a Digital Forensic Investigator and a Digital Forensics Analyst is often whether they are a sworn officer or a civilian in their organization.
In the private sector, you are likely to find even more variety of job titles such as:
- Digital Forensics Consultant
- Digital Forensics Engineer
- Digital Forensics Technician
- Digital Forensics Specialist
You may also see other terms such as “Computer Forensics” used in place of “Digital Forensics”.
Lastly, if you’ve spent any time reading about computer forensics, you’ve likely come across the acronym DFIR, which stands for Digital Forensics, Incident Response. Though it’s a popular term, “Digital Forensics” and “Incident Response” are, generally speaking, two separate and unique positions.
Therefore, in this article we’ll be focusing on the Digital Forensics perspective of DFIR.
Digital Forensics – a Career Path for you?
Before deciding if this career path is for you, it’s important to consider:
- The type of work to expect in the field of computer forensics
- The abilities and skills required to be successful
- Education requirements
- Starting salary
- and more.
Though there is a lot to think about, there is no one “right” way of entering this field.
For example, you will likely benefit from having a degree in computer-related fields (there are also some dedicated computer forensic programs out there) and obtaining certifications. However, this is not a requirement.
Having a degree in criminal justice, psychology, engineering, biology or any other field with no certificates does not mean you’ll never get a job. It just means that you may need be a tenacious and motivated self-learner.
And, as with most things, there is a lot of value to simply having a variety of life and work experiences.
Possessing (and developing) the following abilities will also be essential:
- Documenting evidence, following processes, and writing reports
- Strong investigation and personal interviewing skills
- Strong written, verbal, and interpersonal skills
- Attention to detail and ability to follow rules, guidelines, and processes
- Presentation skills to communicate technical information to a non-technical audience
- Sound knowledge of domestic, local, and international laws
There is always a need for computer forensic professionals who can examine digital media to identify, recover, analyze, and present facts in a sound manner. Your verbal and written skills will be essential, as there is always a chance that you will need to present your evidence in a court of law, in front of a judge and jury.
Digital Forensics is growing 28% over next 7 years!
There is no time like the present to start preparing yourself for a career in the exciting world of digital forensics.
The exciting news is that according to US Bureau of Labor Statistics the Information Security field (which Digital Forensics falls under) is expected to grow 28% by 2026.
There are great opportunities available if you are willing to put the time and effort in.
Read on to find out more…
Computer forensics is a branch of forensic science.
It involves applying investigative and analysis techniques to gather evidence found in computers and most often mobile devices to analyze what happened and figure out who was responsible for it or as one highly respected DF investigator has said, “Placing the Suspect Behind the Keyboard”
Interested in learning “How to Place the Suspect Behind the Keyboard” ?
Then we recommend you sign up for DFIR Training.
The goal of computer forensics is to gather, examine, and preserve evidence from digital media in a way that’s suitable for presenting in court.
Some typical job duties involve the following:
- Investigating breaches of policy, hacks, leaks, and corporate compliance
- Investigating sexual assaults, murders and violent acts (if law enforcement)
- Documenting evidence, prepare reports, and prepare briefings of findings
- Communicating findings of the investigation with case managers and supervisors
- Performing forensic analysis of evidence gathered and come to a conclusion about what happened
- Conducting witness interviews and testify in court (if necessary)
- Providing technical guidance and policy recommendations
Digital media that might be examined includes:
- Personal & Workd computers
- Smartphones & mobile devices
- Flash drives
- the cloud
In today’s environment, critical evidence is often found on mobile devices.
Mobile devices can contain:
- Chat conversations
- GPS Locations
- Phone calls logs
The challenge with mobile devices is being able to view and access the data forensically.
Mobile devices often use sophisticated encryption that prevents or greatly limits the examiners’ access to the data. This is even true if you have the password for the device, as this password may only allow you to view the data, but not actually extract the data in a forensically sound manner.
As technology, security, and laws around privacy are constantly changing, you must be willing to be constantly learning and researching as a computer forensics professional.
For example, in many regions, attempting to coerce the suspect into providing the passwords could render the resulting information to be declared non-admissible during the trial. In other regions, the suspect may be required to provide a password or face additional criminal charges.
Tech-savvy suspects might comply with a court order by providing a password to one encrypted container while the actual container containing the illicit material is unlocked by a different password and remains hidden to law enforcement.
In these circumstances, your knowledge of technology, encryption, and abilities and limits of the forensic software tools will be vitally important.
When it comes to most criminal investigations today, the work of a computer forensic professional is crucial to helping solve the case.
Whether the crime is a murder, sexual assault, child abduction, fraud or even a motor vehicle accident, digital forensics plays a vital role in helping find clues about how the crime happened, those involved, and even the motivation behind the offence.
The evidence might be a:
- File on a computer
- Message from a phone chat app
- Geo-location data from a cloud account
- Logs from the vehicle’s infotainment system.
Courses taken for a forensic degree will teach skills and processes needed to perform job duties. Additionally, forensic certifications will go into even further detail on utilizing forensic software to its fullest.
Forensic certifications are often recognized within the courts and add credibility to the Computer Forensic Examiners testimony.
In many circumstances, the prosecution or defense may wish to have the Computer Forensic Examiner deemed an “expert witness” to allow the individual to provide opinion evidence that goes beyond simply stating facts. In these situations, it is vital that you as a professional in the digital forensics world are not only knowledgeable and accurate, but also understand the limits of your knowledge.
Public Sector Employers
There is a wide variety of positions in digital forensics in both the public and private sectors.
Probably the largest employer and highest profile work in the public sector for digital forensic examiners is law enforcement.
This not only includes your local, state, or federal police services, but also other enforcement agencies such as customs, tax enforcement agencies and of course the military.
Law enforcement positions are often filled be sworn police officers, however, depending on the organization they may also hire civilians to conduct digital forensic analysis.
Where sworn officers take on the role, they receive extensive training to become a digital forensic examiner for criminal investigations.
Although it is a large investment by the organization to provide the training, having experience as an investigator is invaluable when preparing forensic reports for court purposes.
In addition, officers and military personnel are often paid at a much lower rate than civilians which leads to further savings for those agencies.
Looking to Make the Transition from Government to Private Sector?
Private Sector Employers
Not all computer forensic professionals work directly with military or law enforcement.
It’s becoming increasingly common for large and small corporations to hire computer forensic experts to investigate various issues. This could include allegations that an employee or contractor has stolen or leaked critical information such as customer data (sometimes known as corporate espionage).
Also, as is common today in the news, digital forensics experts might be called in to help investigate a cyber breach or ransomware attack. In these situations, the digital forensics experts will be part of the Incident Response (IR) team.
In large corporations, computer forensic experts might be paid higher salaries to ensure loyalty to the company. In this type of setting, a forensic examiner with limited experience working in the private sector may find themselves making significantly more money than an experienced computer forensic expert working for the government.
Regardless of the job circumstance, the main role of a computer forensics professional is to perform a structured investigation utilizing skills and techniques learned from their forensic training while documenting their work in a manner that will be admissible in court.
The ability to write and speak clearly about your work is a crucial part of a computer forensic examiners job.
Often your audience, being your supervisor, an investigator, or judge and jury, will have limited computer knowledge.
However, they will be making important decisions based on your work and more importantly, on your ability to describe your actions. Without the ability to explain your work clearly, you may find your degree and certifications won’t take you far in your career or will lead to lost civil and criminal cases.
Education & Schooling
Pursuing education and having a degree in computer forensics is almost always a good thing. Some sources indicate that computer forensics professionals who have a degree earn almost twice as much than those with just forensics certifications and no degree.
Most employers will prefer you to have a bachelor’s degree in forensic science, computer science, criminal justice, or another related field.
The benefit of having a bachelor’s degree and certifications is that it can help you stand out from competitors and be more desirable to hire.
But don’t fret, there are plenty of jobs in the forensics field for those who just possess a forensics certification (particularly if you are in law enforcement).
If your interested in pursuing a post-secondary degree or certificate, the following digital forensic programs may help you on your journey:
[We’re updating this section for 2019 – more details coming soon…]
Some well-known forensic certifications include the following:
- CISA – Certified Information Systems Auditor
- CISSP – Certified Information Systems Security Professional
- CCE – Certified Computer Examiner
- CFCE – Certified Forensic Computer Examiner
- GIAC – Global Information Assurance Certification
- GIAC Certified Forensic Analyst (GCFA)
- GIAC Advanced Smartphone Forensics (GASF)
- GIAC Certified Forensic Examiner (GCFE)
- GIAC Network Forensic Analyst (GNFA)
- GIAC Reverse Engineering Malware (GREM)
- GIAC Security Essentials (GSEC)
Forensic Software Vendor Training and Certificates can also be beneficial. Some examples include:
- ACE – AccessData Certified Examiner
- EnCE – EnCase Certified Engineer
- Cellebrite Certified Operator (CCO)
- Cellebrite Certified Physical Analyst (CCPA)
- Cellebrite Certified Mobile Examiner (CCME)
- XRY – XRY Certification
- X-PERT – X-Ways Professional in Evidence Recovery Techniques
- BlackBag Technologies
- Certified Blacklight Examiner (CBE)
- Certified Mobilyze Operator (CMO)
- Mac and iOS Certified Forensic Examiner (MICFE)
Other certificates you may also consider, that provide a more general computer foundation are:
Certification courses are typically short courses, often less than 10 classes.
Each certification course has their own requirements and can include professional time spent in a forensics related field.
It’s best to research each certification you’re planning to take to ensure you meet the requirements before deciding to take it.
Expected Starting Salary & Benefits
The starting salary for a computer forensics worker depends on many factors, including whether you’re working in the public or private sector.
Having an associated degree can increase your forensics salary and make finding jobs easier.
Having both a forensics degree and at least one forensics certification makes you more desirable to employers and competitive with other computer forensic professionals.
While getting certifications may seem like a lot of work, in the end, it helps to ensure greater job security and potentially a higher salary.
Public Sector – Forensic Salary
In the public sector the starting salary for forensic employees working for state and local law enforcement is around $50 to $70k a year. The main reason why the starting salary varies so much is because a forensic salary is determined by experience, your degree, forensics certifications obtained, and level of security clearance.
Brand new professionals with very little experience and a low security clearance often start earning around $50 to $60k a year.
One benefit of public sector (especially within a union environment) is often a better work/life balance.
Law Enforcement often has more vacation and better job-related benefits (medical / dental / disability coverage). In comparison, the private sector may involve being on call 24/7 and expected to travel across the country (or world) to assist clients. This is especially true if involved in Incident Response (IR).
Military personnel and sworn law enforcement officers are paid based on union wages or pay scales instead of market rates so their forensic salary may be lower than other public sector and private sector employees.
Private Sector – Forensic Salary
In the private sector, the starting salary is dependent on similar factors as seen in the public sector but tends towards higher levels of pay. One factor that may affect your salary significantly is your geographical location.
Cities such as Los Angeles, Chicago, New York, and Washington, are known for paying higher forensic salaries.
The average nationwide forensic salary for experienced computer forensics professionals with 2-5 years of experience is $95,000 a year which is 65% higher than the average salary for all job postings nationwide.
The forensics salary depends on factors such as security clearances, experience, forensic certifications and degrees.
With the right forensic degree, experience, and security clearance some computer forensics professionals can earn a salary in the six figures.
A senior manager salary in this job category often falls in between $100 to $200k a year.
Other benefits (which you might not find in the public sector) are bonuses, travel (if you like that), and ability to move up the corporate ladder in this area of expertise.
If the world of digital forensic interests you, if you want to help solve crimes or find compromised computer systems, or catch rogue employees, then there is no time like the present to start preparing.
There are many job opportunities and the salaries are generally very competitive with other types of work.
Start learning on your own, take some courses, get some certificates, and start applying for a position.
It is an exciting and challenging field, but it will require time and effort.
Check out our forums to learn more from people already working in the field and don’t be afraid to ask questions.