What Does a Forensics Expert Do?
The Short Version
A Forensics Expert is a digital detective, harvesting and analyzing evidence from computers, networks and other forms of data storage devices.
In your role as Sherlock Holmes, you will pit your wits against the bad guys, investigating traces of complex cyber crimes. Your quarry may be a white collar embezzler, a cyber terrorist or a malware attacker.
Forensics Expert Responsibilities
The life of a Forensics Expert is consumed with electronic evidence. During the course of your day, you may be required to:
- Conduct data breach and security incident investigations
- Recover and examine data from computers and electronic storage devices
- Dismantle and rebuild damaged systems to retrieve lost data
- Identify additional systems/networks compromised by cyber attacks
- Compile evidence for legal cases
- Draft technical reports, write declarations and prepare evidence for trial
- Give expert counsel to attorneys about electronic evidence in a case
- Advise law enforcement on the credibility of acquired data
- Provide expert testimony at court proceedings
- Train law enforcement officers on computer evidence procedures
- Keep abreast of emerging technologies, software and methodologies
- Stay proficient in forensic, response and reverse engineering skills
Forensics Experts currently work for large corporations, law enforcement, legal firms and private consulting firms. Global firms have their own computer forensics units.
Surprise, surprise, the government (local, state and federal) is a significant employer. For example, the FBI’s Computer Analysis and Response Team (CART) consists of 500 agents throughout the nation.
Forensics Expert Career Paths
Forensics Experts tend to specialize early. Here is a typical career progression in a large corporation or consultancy firm:
- Junior Forensics Analyst
- Senior Forensics Analyst
- Senior Forensics Manager
The term “Forensics Expert” has a host of pseudonyms, including:
- Information Security Crime Investigator
- Computer Forensics Engineer
- Digital/Computer Crime Specialist
- Computer Forensics Investigator
- Computer Forensics Specialist
- Computer Forensics Analyst
- Computer Forensics Examiner
- Computer Forensics Technician
Forensics Expert Salaries
According to Payscale, the median salary for a Computer Forensic Analyst is $71,000 (2019 figures). Overall, you can expect to take home a total pay of $43,952 – $116,046. This includes your base annual salary, bonuses, profit sharing, tips, commissions, overtime pay and other forms of cash earnings, as applicable.
Forensics Expert Job Requirements
Because this is a technical role, newbies are expected to have a bachelor’s degree in Computer Science or Engineering with a focus on Cyber Security, Digital Forensics or a related field. It’s not enough to know about computer systems; you must understand cyber crime techniques as well.
To increase your job prospects, you could choose to pursue a master’s degree in Computer Forensics (plenty of universities offer them). Specialized training and professional certifications will further aid your cause.
Requirements will vary with the job. Entry-level analysts may only need 1-2 years of forensics experience and/or internships, though 2-3 years is the norm. Senior positions are in the realm of 5+ years.
In our survey of job descriptions, we have seen employers call for technical skills such as:
- Network skills, including TCP/IP-based network communications (much of modern forensics involves reading network traces)
- Windows, UNIX and Linux operating systems
- C, C++, C#, Java and similar programming languages
- Computer hardware and software systems
- Operating system installation, patching and configuration
- Backup and archiving technologies
- Cryptography principles
- eDiscovery tools (NUIX, Relativity, Clearwell, etc.)
- Forensic software applications (e.g. EnCase, FTK, Helix, Cellebrite, XRY, etc.)
- Data processing skills in electronic disclosure environments
- Evidence handling procedures and ACPO guidelines
- Cloud computing
To catch a criminal, you must be able to think like a criminal. As Eric Robi notes in his interview, “a computer forensic analyst has to be incredibly curious about how computers work and how people behave.”
In addition to curiosity and insight, you will be expected to have exceptional oral and communication skills. A sizeable chunk of an expert’s job is devoted to writing reports and explaining evidence.
Would you be able to present your findings to a non-technical jury and judge? Could you defend those findings when cross-examined by opposing counsel? Even if you are only speaking to lawyers and clients, you will need to be crystal clear.
Certifications for Forensics Experts
Shake a tree and a computer forensics certification is guaranteed to fall out. If this list is overwhelming, do a quick survey of job descriptions and talk to your colleagues/mentors. Most employers (e.g. Homeland Security) will specify their preferred accreditations.
- CCE: Certified Computer Examiner
- CEH: Certified Ethical Hacker
- EnCE: EnCase Certified Examiner
- GCFE: GIAC Certified Forensic Examiner
- GCFA: GIAC Certified Forensic Analyst
- GCIH: GIAC Certified Incident Handler
- CCFE: Certified Computer Forensics Examiner
- CPT: Certified Penetration Tester
- CREA: Certified Reverse Engineering Analyst
Computer Forensics Associations
Questions? These forensics associations provide career support, training and credentialing programs: