Digital forensics and incident response: Is it the career for you?
When many of us think of detective work, we conjure up images of trench-coated detectives chasing bad guys down darkened alleyways or poring over black-and-white crime scene photos. While there’s no rule against wearing a trench coat or smoking a briar pipe, the nature of detective work has evolved dramatically in recent decades.
Crimes are taking place more and more often in the digital realm, which requires a totally different skill set — magnifying glasses are swapped for forensics tools used to extract evidence from hard drives and SIM cards. The need for those skills is on the rise, according to PwC’s Global Economic Crime and Fraud Survey 2020:
- 31% of companies experienced losses as a result of cybercrime — that makes cybercrime the second most common kind of economic crime.
- 34% of all fraud cases in the US were committed by hackers
- Only 50% of companies conducted a fraud investigation
With the rate of cybercrimes on the rise, the world needs people who can investigate these crimes more than ever.
Cindy Murphy, president of Gillware Digital Forensics (now Tetra Defense), is one of those people. She started her career in the US Army as a military police officer, and she’s taken part in digital investigations for both law enforcement agencies and private companies. Her well-rounded background means she has a ton of insights and advice to share with anyone considering a career in this exciting niche of cybersecurity.
Murphy recently appeared in an Infosec webinar to share what it’s like to be in the digital forensics field and how newcomers can get started.
What is digital forensics and incident response?
Part digital Sherlock Holmes and part mad scientist, a career in digital forensics is ever-changing and never-boring, according to Murphy. Professionals in the digital forensics field are responsible for collecting and analyzing evidence from the scenes of crimes. These could be criminal, civil or financial crimes, as long as they left behind some kind of digital footprint for investigators to follow.
The job itself varies depending on which career path you take: public sector, private sector or incident response. We’ll do a deeper dive into those in the next section.
What are some of the career paths for digital forensics and incident response?
Careers in DFIR typically follow one of three pathways:
Public sector forensics
Police departments and federal agencies like the FBI all fall into public sector forensics. Digital forensics experts at police departments gather digital evidence for investigations. A big part of the job is looking at individual machines, devices and SIM cards for evidence of criminal activity.
Murphy started her cybersecurity career at a police department in Madison, Wisconsin, where she established the city’s Digital Forensics Unit. She notes that starting out in this tract can be a little challenging since most police departments hire based on seniority; that means you’ll have to become a police officer before working your way into crime scene forensics and detective work.
Private sector forensics
Financial crimes are the bread-and-butter of digital forensics specialists in the private sector. These experts handle everything from data breach investigations and malware investigations to internal theft. Much of their work is done in support of civil litigation as opposed to criminal investigations, although some firms partner with law enforcement agencies from time to time.
Incident responders are responsible for investigating incidents that happen both on networks and individual computers or devices. They’ll analyze data related to a breach or cyberattack to figure out what happened. The goal of incident response is to help companies and individuals understand how a breach took place so that they can better secure their networks and devices in the future.
How can you get started in digital forensics and incident response?
Murphy has done a lot of hiring throughout her career, and she says people skills are in huge demand. If you want to stand out from the crowd, do your best to showcase your people skills during the interview process. That means sending a thank-you email after the interview and connecting with the people you hope to work with in a meaningful way. Although your technical skills are also important, it’s your people skills that will keep your resume at the top of the pile.
Murphy also points out that your resume shouldn’t read like a laundry list of technical skills, tools and programs you’ve worked with. Set yourself apart by including experiences that are unique to you and you alone: for example, volunteering to help secure a network or an internship at a police department forensics lab.
What skills do you need for digital forensics and incident response?
Digital forensics experts need to master a unique combination of hard skills and soft skills. Strong people skills are an absolute must. You need to be able to clearly express technical ideas using simple language so non-technical people can understand them. For example, you may need to teach employees about social engineering and good cyber hygiene habits to shore up human vulnerabilities.
Flexibility and curiosity are also two traits that go a long way, since you’ll have to master new skills and tools as the field evolves. Webinar host Jeff Peters mentions that up to 90% of infosec pros learn new skills every single month. For that reason, Murphy says that people who love to read are great fits for digital forensics!
In terms of how to gain those skills, Murphy says having a combination of formal education and training is really helpful. Most digital forensic experts have to appear in court from time to time, and building credibility with the jury, judge and attorneys starts with having some degrees and certifications to your name.
Skills training for digital forensics and incident response
The best way to start your career in digital forensics off on the right foot is by getting certified. Not only do certifications validate that you’ve mastered the skills you need to investigate cybercrimes, but it also builds your credibility in the courtroom. And when 96% of hiring managers look for certifications while screening candidates, it’s also the best way to get your foot in the door at a new job.
Some of the top certifications for incident responders and digital forensics analysts are the CompTIA Security+, Certified Information Systems Security Professional (CISSP and EnCase Certified Examiner (EnCE).