What Does a Forensics Expert Do?
What is a Forensics Expert?
A Forensics Expert is a digital detective, harvesting and analyzing evidence from computers, networks and other forms of data storage devices. In your role as a virtual Sherlock Holmes, you will pit your wits against the bad guys, investigating traces of complex cyber crimes. Your quarry may be a white collar embezzler, a cyber terrorist or a malware attacker.
It’s important to note that digital forensics experts usually deal with the aftermath of an incident—they’re not normally involved with countering a cyber attack or stopping an illegal act as it’s occurring. As such, your job may be consumed with investigations and electronic evidence. Along with the typical assortment of technical skills, you’ll need to know about evidence handling and the law. You may also be expected to present your findings in court.
Forensics Expert Job Responsibilities
During the course of your day, you may be required to:
- Conduct data breach and security incident investigations
- Recover and examine data from computers and electronic storage devices
- Dismantle and rebuild damaged systems to retrieve lost data
- Identify additional systems/networks compromised by cyber attacks
- Compile evidence for legal cases
- Draft technical reports, write declarations and prepare evidence for trial
- Give expert counsel to attorneys about electronic evidence in a case
- Advise law enforcement on the credibility of acquired data
- Provide expert testimony at court proceedings
- Train law enforcement officers on computer evidence procedures
- Keep abreast of emerging technologies, software and methodologies
- Stay proficient in forensic, response and reverse engineering skills
Forensics Experts currently work for large corporations, law enforcement, legal firms and private consulting firms. Global firms have their own computer forensics units.
Forensics Expert Careers
Forensics Expert Career Paths
Forensics Experts tend to specialize early. Here is a typical career progression in a large corporation or consultancy firm:
- Junior Forensics Analyst
- Senior Forensics Analyst
- Senior Forensics Manager
The term “Forensics Expert” has a host of pseudonyms, including:
- Information Security Crime Investigator
- Computer Forensics Engineer
- Digital/Computer Crime Specialist
- Computer Forensics Investigator
- Computer Forensics Specialist
- Computer Forensics Analyst
- Computer Forensics Examiner
- Computer Forensics Technician
Forensics Expert Salaries
According to Payscale, the median salary for a Computer Forensic Analyst is $71,000 (2019 figures). Overall, you can expect to take home a total pay of $42,767 – $117,799. This includes your base annual salary, bonuses, profit sharing, tips, commissions, overtime pay and other forms of cash earnings, as applicable.
Forensics Expert Job Requirements
Job descriptions for digital forensics experts can vary widely. Private corporations may be happy to look at BS graduates who have participated in internships, bootcamps, and the like. Law enforcement bodies may like to hire from within, promoting folks who have undergone specific training programs. Happily, this is one field in cyber security where you can specialize early—there are plenty of undergraduate and graduate degrees that focus on computer/digital forensics.
In addition to a degree, employers will be looking for relevant skill sets (e.g. the ability to write technical reports for court proceedings), so we recommend you assess your résumé with a clinical eye. If you don’t have relevant forensic certifications, start working toward them. If you need to gain or hone specific skills, explore the training options offered by the IACIS or ISFCE. You can also connect with current forensic professionals (e.g. via LinkedIn or a conference) to discuss your career path. They’ll be able to provide you with insider advice.
Because this is a technical role, newbies are expected to have a bachelor’s degree in Computer Science or Engineering with a focus on Cyber Security, Digital Forensics or a related field. It’s not enough to know about computer systems; you must understand cyber crime techniques as well.
To increase your job prospects, you could choose to pursue a master’s degree in Computer Forensics—we profile the best distance learning options in our rankings of Top Online Computer Forensics Programs. Specialized training and professional certifications will further aid your cause.
Requirements will vary with the job. Entry-level analysts may only need 1-2 years of forensics experience and/or internships, though 2-3 years is the norm. Senior positions are in the realm of 5+ years.
In our survey of job descriptions, we have seen employers call for technical skills such as:
- Network skills, including TCP/IP-based network communications (much of modern forensics involves reading network traces)
- Windows, UNIX and Linux operating systems
- C, C++, C#, Java and similar programming languages
- Computer hardware and software systems
- Operating system installation, patching and configuration
- Backup and archiving technologies
- Cryptography principles
- eDiscovery tools (NUIX, Relativity, Clearwell, etc.)
- Forensic software applications (e.g. EnCase, FTK, Helix, Cellebrite, XRY, etc.)
- Data processing skills in electronic disclosure environments
- Evidence handling procedures and ACPO guidelines
- Cloud computing
To catch a criminal, you must be able to think like a criminal. As Eric Robi notes in his interview, “a computer forensic analyst has to be incredibly curious about how computers work and how people behave.” In addition to curiosity and insight, you will be expected to have exceptional oral and communication skills. A sizeable chunk of an expert’s job is devoted to writing reports and explaining evidence.
Would you be able to present your findings to a non-technical jury and judge? Could you defend those findings when cross-examined by opposing counsel? Even if you are only speaking to lawyers and clients, you will need to be crystal clear.
Certifications for Forensics Experts
Shake a tree and a computer forensics certification is guaranteed to fall out. If this list is overwhelming, do a quick survey of job descriptions and talk to your colleagues/mentors. Most employers (e.g. Department of Homeland Security) will specify their preferred accreditations.
- CCE: Certified Computer Examiner
- CEH: Certified Ethical Hacker
- EnCE: EnCase Certified Examiner
- GCFE: GIAC Certified Forensic Examiner
- GCFA: GIAC Certified Forensic Analyst
- GCIH: GIAC Certified Incident Handler
- CCFE: Certified Computer Forensics Examiner
- CPT: Certified Penetration Tester
- CREA: Certified Reverse Engineering Analyst
Computer Forensics Associations
Questions? These forensics associations provide career support, training and credentialing programs: