What Does it Mean to Study Computer Forensics?
Computer forensics is a form of investigative technique in which a forensic specialist gathers data that has been electronically stored or encrypted on digital media. Typically, this digital media resides in a personal or work computer, but it could also include flash memory cards or portable media players. The data retrieved often is used as evidence in a court case or as information to help law enforcement further an investigation.
Computer forensics has a wide range of applications. Law enforcement agencies, both local and federal, use computer forensics to gather evidence and obtain more information about a suspect or known criminal. Large corporations may employ a computer forensics professional to monitor employees’ computer activities. Computer forensics specialists can help prevent rogue employees or contractors from leaking critical information, such as company plans or sensitive customer data.
Computer forensics professionals are referred to by many titles, including computer forensics investigators, digital media analysts, and digital forensics detectives. Though the names are different, they each describe the same career. Each of these positions is concerned with the investigation of digital media.
Education and Computer Forensics
The most common career path for a computer forensics professional begins with experience in law enforcement or computer security. Many computer forensic specialists start their careers as security guards or law enforcement officers that want to put their skills to use in a different (or slightly less risky) position. Computer forensics certificate programs can help to bolster career knowledge with information on computer forensics techniques and tools.
Computer forensics programs are also available for those with no law enforcement or computer security background. These programs typically result in associate’s degrees or bachelor’s degrees, and instruct the students on legal issues, computer skills and forensics tools relevant to the computer forensics workplace.
Computer forensics professionals who possess a bachelor’s degree and seek continued education in their field often decide to earn a master’s degree in computer forensics, which can lead to a position as a forensic team leader or a bureau supervisor. A graduate degree can also be a good source of credibility when trying to attract large corporate clients as a freelance computer forensics specialist.
No matter which path they choose, computer forensics professionals must possess a solid comprehension of the law. They understand how to properly and legally handle evidence. They also employ a variety of methods for evidence discovery and retrieval. Computer forensics specialists have extensive knowledge of computer systems and programs, and the ability to retrieve information from them.
Degree programs in computer forensics often stress the importance of this legal and computer knowledge. Courses in business and criminal law are common, in addition to courses on computer systems and programs. Those programs that require general education courses usually stress technical writing, algebra, and public speaking. Each of these courses can help the computer forensics professional in his or her daily work, especially since part of the job involves testifying in criminal investigations.
Most computer forensics degree programs require students to complete internships with local professionals, bureaus, or agencies. The experience gained from these internships can be invaluable to computer forensics majors who are seeking an entry-level position after graduation. Interns also have the opportunity to start making connections in their industry, the importance of which cannot be overstated. Internships can range in length from several weeks to over a year. Requirements often vary with the degree programs.
Computer forensics is expected to continue to expand rapidly. As the number of computers in homes and businesses grows, so will the need for computer forensics professionals. Eventually, the FBI expects nearly fifty percent of its cases to require a computer forensics professional. Law enforcement agencies, prosecutor’s offices, and large corporations are expected to hire more computer forensics professionals in coming years to handle their increasing investigative needs.
Degree Programs in Computer Forensics
In the past, computer forensics programs were largely certificate programs designed for law enforcement and computer security professionals. In the last five years, degree programs in computer forensics have expanded to include associate degrees, bachelor’s, and master’s degrees for both the working professional and the traditional undergraduate student. Students can choose which of these law enforcement & technology degree programs best suits their needs and lifestyle.
For students seeking their education online, computer forensics offers some terrific opportunities. Today, many colleges and universities offer online degree and certification programs in computer. Since most of the work involves mastering computer-based tools, instructors can review student work using innovating screen capture tools. Other programs offer students the chance to review new technology up close during short residency programs.
Associate Degrees in Computer Forensics
The associate degree in computer forensics is a two-year course of study that typically requires the completion of general education courses and courses specific to a career in computer forensics. Courses in cybercrime, intrusion detection systems and legal basics are common. General education requirements typically include technical writing, algebra, and public speaking. Even students with no law enforcement or computer securities background can benefit from an associate’s degree in computer forensics. Law enforcement professionals and computer professionals interested in expanding their knowledge of computer forensics may find an associate’s degree in computer forensics useful as well.
Associate degrees in computer forensics frequently require the completion of an internship for graduation. Completion of an internship may also meet the experience requirements set forth by many computer forensics associations.
Bachelor’s Degrees in Computer Forensics
Bachelor’s degree programs in computer forensics are rare, but they do exist, and may be more prevalent as time goes on. These are four-year degree programs that focus on general education courses and skills specific to computer forensics. These programs often require courses in criminal law, computer operating systems and intrusion detection systems. Technical writing, statistics and economics courses are usually relevant as well.
As with an associate degree program, students obtaining a bachelor’s degree in computer forensics often are required to complete an internship before graduation.
Professional Certificates in Computer Forensics
Professional certificates are a common method of earning education in computer forensics. Law enforcement or computer securities professionals typically undertake certificate programs. These students have an existing computer or legal background, but require additional education to become skilled computer forensics professionals. The curriculum in a computer forensics certificate program is created to expand on this existing knowledge base.
Certificate programs are usually short courses of study requiring less than ten courses. Prerequisites for entering a certificate program in computer forensics vary, but many require some professional experience in a related field. Common courses for a certificate program in computer forensics include introduction to technology, analysis of digital median, and telecommunications.
What Can You Do With a Computer Forensics Degree?
Computer Forensics Investigator
A computer forensics investigator is responsible for collecting and evaluating data encrypted or stored on digital media. Often, they are called to recover data that has been deleted from the device. Most computer users, especially criminals, do not realize that most data can still be recovered from a hard drive long after a file has been dragged to the “recycle bin.” The computer forensics investigator uses a variety of methods to retrieve this data.
Computer forensics investigators typically are called to retrieve information from a computer to be used as evidence in a trial. For example, if a computer is used in the commission of fraud, computer forensics techniques may be used to extract encrypted or deleted files from the computer. Investigators can also examine local network connections to gather evidence about data transmissions or uploads of illicit files. The information gathered may be used in the case against the suspect.
In other cases, computer forensics may be used to obtain information from the personal computer of a suspect in a crime. A computer forensics specialist may be able to find a personal address book, e-mail, or other information that can be used to advance the case against the suspect. By sifting through e-mail records on a user’s local machine and on an ISP’s servers, investigators can often make the link between a suspect and a crime victim. Investigators can also identify accomplices and motives, even when criminals believe they have covered their tracks.
A computer forensics investigator has other duties in addition to the retrieval of evidence. He or she typically is responsible for securing the computer and ensuring that it is not accidentally damaged during an investigation. Copies are made of all information, including the entire hard drive. Once the examination of the unit is complete, the computer forensics investigator writes detailed reports documenting the work that was done and the information located.
Because the computer forensics investigator usually works with evidence involved in a criminal or civil case, he or she must be diligent about documenting all work done to the computer and any information found. This information may be used in a court case, so it must be clearly written and explained. An investigator that uses faulty procedure may invalidate all the evidence produced by a piece of equipment.
Computer forensics investigators work in a variety of locations. Most investigators work with law enforcement agencies. Many are employed with prosecutor’s offices, large corporations, or consulting firms.
Small companies may not have the budget to retain a computer forensics professional full-time. However, they can still hire consultants or freelancers for unusual data recover situations. These consultants are usually paid by the hour, and they perform the same services as an in-house computer forensics specialist does. Because consultants work on a case-by-case basis, there is much variety in their work.
Computer forensics investigators often begin their career in law enforcement or computer security. They learn computer forensics techniques either on-the-job or through training and certification programs. As computer forensics investigators become more sought after, educational requirements are expected to increase. An associate’s degree or bachelor’s degree in computer forensics is expected to become the more common minimum educational requirement.
It is important that computer forensics professionals keep working on their skills even after earning a position. There are many methods for doing so, including certification and continuing education programs. Many computer forensics professionals are part of forensic associations and organizations. Participation in these organizations can help in staying aware of trends in the field.
Certifications are available to computer forensics investigators through a variety of organizations. The two most common certifications are the Certified Information Systems Security Professional (CISSP) and the Certified Computer Examiner (CCE). These voluntary credentials may help in obtaining a career or advancement in computer forensics.
Computer forensics investigators are inquisitive and meticulous. They know a variety of methods for retrieving information from digital media, and work tirelessly towards this end. Computer forensics professionals have a solid knowledge of legal issues and the handling of evidence.
Computer Forensics Director
A computer forensics director typically is a skilled computer forensics investigator. He or she is responsible for directing a team of computer forensics investigators. A computer forensics director may work for law enforcement, a large corporation, or may work for a computer forensics consulting firm.
Computer forensics directors have good management skills. They often are responsible for the hiring, firing, and training of staff. They complete reports on the team’s activities, and may be involved in budget making decisions. The computer forensics director often assigns cases to the team members, monitors their progress, and assists if needed. He or she ensures all legal procedures and company policies are followed carefully.
Directors in computer forensics departments and organizations typically hold a bachelor’s degree, though not always in computer forensics. Degrees in management, computer security, and criminal justice are common.
Many have obtained their computer forensics education on-the-job and through certification programs. In the future, directors and other high-level computer forensics professionals will likely be required to hold a bachelor’s degree in computer forensics. Computer forensics directors often advance to become heads of departments and consulting firm owners.
Computer Forensics Certification, Licensure and Associations
Because computer forensics is such a comparatively new field, no licensure requirements exist as of yet. However, voluntary credentials can still be important to employers.
The most widely recognized voluntary credentials available to a computer forensics professional are the Certified Information Systems Security Professional (CISSP) and the Certified Computer Examiner (CCE).
The CISSP is offered by the International Information Systems Security Certification Consortium, Inc., or ISC. One of the goals of the ISC is to set an international standard in the computer forensics industry with its CISSP examination.
The ISC requires that candidates for the CISSP examination have at least four years of professional experience in information security or a college degree and three years of experience. Candidates must adhere to the ISC code of ethics and allow criminal background inquiries.
Six hours are given to complete the 250-question CISSP examination. The Certified Information Systems Security Professional credential is awarded upon successful completion of the CISSP examination. In addition, all CISSP’s are granted membership in the ISC.
To maintain the CISSP certification, computer forensics professionals must Continuing Professional Education credits every three years. These credits can be earned in a number of ways, including participating in computer forensics associations and completing training courses.
As with the CISSP, the Certified Computer Examiner (CCE) credential demonstrates competency in computer forensics. The CCE is offered by the International Society for Computer Examiners (ISFCE), an organization that hopes to create and maintain high standards for computer examiners worldwide.
Candidates for the CCE have no criminal record and adhere to the ISFCE code of ethics. He or she should have at least 18 months of professional experience or documented training, and pass an online examination. Aside from the online examination, the candidate must perform a forensic examination on at least three “test media.”
Once the candidate has successfully completed the requirements the ISFCE requirements, he or she is considered a Certified Computer Examiner and member of the ISFCE. This credential is widely recognized and can help for computer examiners seeking career advancement, a new position, or increased responsibility.
To maintain the credential of Certified Computer Examiner, fifty hours of education or training must be completed every two years. In addition, the candidate must work on at least three media during that period. An online examination is also required every two years for recertification.
Other Associations and Certification Bodies
- American Academy of Forensic Sciences (AAFS)
- American Board of Criminalistics (ABC)
- American College of Forensic Examiners
- American Society of Crime Lab Directors (ASCLD)
- ASIS International
- Association of Certified Fraud Examiners
- Association for Crime Scene Reconstruction
- Canadian Society of Forensic Sciences
- The Forensic Science Society UK
- High Technology Crime Investigation Association
- International Association of Computer Investigative Specialists
- International Association for Identification (IAI)
- International Information Systems Forensics Association
- National Academy of Forensic Engineers (NAFE)
- Society of Forensic Engineers and Scientists