Computer Forensics Roles and Responsibilities
These days cops might be trolling for bad guys online in a chat room as often—maybe even more often—than chasing them down a back alley. Although there’s still plenty of crime that requires a police force on our streets, the internet neighborhood has created another crime arena that grows larger every day. And that’s where computer forensics comes in, a field where e-forensic experts spend their time chasing bad guys through file recovery of every kind. To do the job, a computer forensics expert needs lots of training, plenty of hands on experience with data and file recovery, and the psychological stamina to wade through sometimes pretty dark data bits. It’s not a career for everyone.
Career paths: public or private, instincts matter
Career paths can take practitioners into public or private employment, working with law enforcement, private corporations or as a private consultant. Forensic investigators and other practitioners search for destroyed, hidden, and deleted information on computers and mobile phones ranging from photographic materials, financial materials, email correspondence and other electronic data that often form part of a legal case. As such, an eye for detail and the ability to maintain careful and complete records of the steps and processes undertaken to extract and recover data is critical. The ability to piece together disparate bits of data and follow a hunch that could lead to data recovery are important. In this field, practitioners may be forced to view and/or read potentially difficult material including child pornography to gather clues about where more data might be found. The reward for such difficult work is the satisfaction of putting criminals behind bars.
Learn Digital Forensics
Cross-training is becoming more common
More and more often, police officers and other investigators are cross-training in computer forensics as electronic devices become integral to our daily lives and a source of increased levels of crime. For the forensics investigator, then, top-notch e-recovery skills is one of the skills imperative for the job—but that’s only the beginning. A computer forensics specialist will also need to know how to communicate to any number of professionals in related fields including the police, the legal profession and the courts as well as company officials, among others. Communication will also include report writing and extensive documentation so the ability to write is an important aspect to consider. If sitting lengthy periods of time in front of a computer screen and then generating detailed reports does not appeal to you, this field may not be a good fit.
A real-life forensic investigation
When Hillary Clinton was found to be using a private home server to send classified correspondence as US Secretary of State (2009 to 2013), forensic specialists were sent in to find out what had been sent, where, and to whom. They were also searching to learn if Clinton had violated federal regulations around both the protection and disclosure of government information. It was an issue of recordkeeping, and Clinton was cleared. This incident wasn’t the first time that a government official was found to be using a private server: Colin Powell and Jeb Bush also used private email.[1] But Clinton sent out sensitive government information that could have been intercepted—and some still argue the Benghazi affair stemmed from correspondence originating with Clinton.
How did the FBI learn about the private server? They used forensic collection methods that allowed them to back track email correspondence sent out from the private home server to other government servers they could access. Specialists also recovered data from an old server that had been wiped clean. Why was this such an issue? In the USA, government information has to be available to the public unless it is classified—and that material needs to be protected from hackers and cyber attacks. A private server precludes that protection.
Clinton’s office eventually handed over its files, most mobile devices and backup drives to assist in the investigation. Out of an estimated 30,000 emails, more than 2000 contained classified material, and more than one hundred contained secret or top secret information.[2] FBI investigators determined that Clinton’s home server had not been compromised, although its security measures were poor. One account was found to have been hacked through the Tor anonymizer application.[3] No other breaches have been found in this case, and Hilary Clinton was cleared by the FBI of any wrong-doing, at least for now. The case has been re-opened with allegations of a cover up that allowed Clinton to avoid prosecution.[4]
If you're searching for technical computer forensics training, check out InfoSec Institute's course offerings by filling out the brief form below.
If you are considering a career in this field, you can expect to start with a decent salary in the $50,000 range, moving as you become more expert in the field to six figures.[5] Preparation, though, is broad and diverse and extensive experience and understanding is necessary for success. Not only will you need to develop the hard skills to extract data from computers or other similar devices to find information, but you will also have to interpret that data and write reports about it. You may also be called to testify in courts of law where your credibility will be closely scrutinized and even called in to question. Practitioners will sometimes work under pressure and possibly in tense conditions. Great communication ability, both orally and in writing, are paramount for success. Forensic investigator John Irvine, in a conversation with thebalance comments on the need for both soft and hard skills to do the job: “It’s as much an investigative function as it is a technical challenge. If either skill set is missing, one will have a much harder time working successfully in the field.”[6]
The nitty gritty of life as a forensics examiner
A practitioner might be tracking child pornography files or recovering financial data, among other things, and most of the work will be conducted in an office setting. So long hours in front of a computer screen are a big part of the job. Documentation, whether working in the public or private sector, also forms a significant part of the work. That’s why practitioners must have top-notch communication and written skills. Another part of the day might find practitioners in court, testifying before a judge and jury. Again, the ability to clearly and effectively communicate findings is imperative to be successful.
The work itself can take a toll, especially in the field of law enforcement. The forensic investigator has to uncover the e-information and catalogue it, often reviewing it for clues where other information might be found and so can have extensive exposure to difficult material. As such, some estimates are that about half the people who enter the profession leave within two years due to the stresses of the job.
Is forensic hide-and-seek the game for you? It takes a love of the technical and the human factor, the capacity to search out a hard drive for data bytes, but also the ability to read and interpret what you find and turn it into a compelling report. That report might take you to court where you will testify about what you have found and your own integrity and professionalism may be called in to question. These demands make the field one of diverse skills where both people and machines are part of the job.
[1] Zurcher, Anthony. 6 November 2018. Hillary Clinton Emails: What’s It All About? Retrieved from http://www.bbc.com/news/world-us-canada-31806907
[2] https://en.wikipedia.org/wiki/Hillary_Clinton_email_controversy#Server_security_and_hacking_attempts
[3] Groll, Elias. 2 September 2016. FBI: An Account on Clinton’s Private Email Server was Hacked. Retrieved on 25 January 2018 from http://foreignpolicy.com/2016/09/02/fbi-an-account-on-clintons-private-email-server-was-hacked/
[4] Goodwin, Michael. 23 January 2018. Evidence Suggests a Massive Scandal is Brewing at the FBI. Retrieved 24 January 2018 from https://nypost.com/2018/01/23/evidence-suggests-a-massive-scandal-is-brewing-at-the-fbi/
[5] Infosec Institute. 2017. Salary Projections. Downloaded on 12 January 2018 from https://www.infosecinstitute.com/career-profiles/computer-forensics-investigator#salaryProjections
Learn Digital Forensics
[6] Roufa, Timothy. 9 September 2016. What it’s like to work as a Digital Forensic Examiner. thebalance. Downloaded on 8 January 2018 from https://www.thebalance.com/what-it-s-like-to-work-as-a-digital-forensic-examiner-974889
Learn Digital Forensics
Build your digital forensics skills with hands-on training in Infosec Skills. What you'll learn- Forensics concepts
- Computer forensics
- Mobile forensics
- Network forensics
- And more
In this Series
- Computer Forensics Roles and Responsibilities
- Digital forensics and cybersecurity: Setting up a home lab
- Top 7 tools for intelligence-gathering purposes
- iOS forensics
- Kali Linux: Top 5 tools for digital forensics
- Snort demo: Finding SolarWinds Sunburst indicators of compromise
- Memory forensics demo: SolarWinds breach and Sunburst malware
- Digital forensics careers: Public vs private sector?
- Email forensics: desktop-based clients
- What is a Honey Pot? [updated 2021]
- Email forensics: Web-based clients
- Email analysis
- Investigating wireless attacks
- Wireless networking fundamentals for forensics
- Protocol analysis using Wireshark
- Wireless analysis
- Log analysis
- Network security tools (and their role in forensic investigations)
- Sources of network forensic evidence
- Network Security Technologies
- Network Forensics Tools
- The need for Network Forensics
- Network Forensics Concepts
- Networking Fundamentals for Forensic Analysts
- Popular computer forensics top 19 tools [updated 2021]
- 7 best computer forensics tools [updated 2021]
- Spoofing and Anonymization (Hiding Network Activity)
- Browser Forensics: Safari
- Browser Forensics: IE 11
- Browser Forensics: Firefox
- Browser forensics: Google chrome
- Webinar summary: Digital forensics and incident response — Is it the career for you?
- Web Traffic Analysis
- Network forensics overview
- Eyesight to the Blind – SSL Decryption for Network Monitoring [Updated 2019]
- Gentoo Hardening: Part 4: PaX, RBAC and ClamAV [Updated 2019]
- Computer forensics: FTK forensic toolkit overview [updated 2019]
- The mobile forensics process: steps and types
- Free & open source computer forensics tools
- An Introduction to Computer Forensics
- Common mobile forensics tools and techniques
- Computer forensics: Chain of custody [updated 2019]
- Computer forensics: Network forensics analysis and examination steps [updated 2019]
- Computer Forensics: Overview of Malware Forensics [Updated 2019]
- Incident Response and Computer Forensics
- Computer Forensics: Memory Forensics
- Comparison of popular computer forensics tools [updated 2019]
- Computer Forensics: Forensic Analysis and Examination Planning
- Computer forensics: Operating system forensics [updated 2019]
- Computer Forensics: Mobile Forensics [Updated 2019]
- Computer Forensics: Digital Evidence [Updated 2019]
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Digital forensics
Digital forensics
Digital forensics
Digital forensics