Investigating the Ins and Outs of Computer Forensics

By Brianna Flavin on 05/27/2019

computer-forensics

                                                                                                                                                                  There’s something innately cool about the field of forensics. To the outside observer, the process of digging into evidence to help solve crimes or bring proof to a courtroom seems like something out of a Sherlock Holmes story.

And if we’re talking computer forensics, the plot definitely thickens! The complexity of digital tools makes digital forensics pretty specialized work—bringing the legal system and the electronic world together to investigate crimes and solve problems.

If that kind of pairing gets your brain whirring, keep reading! We asked experts in computer forensics to share about this fascinating career.

What is computer forensics?

Computer forensics (also known as digital forensics) is the practice of collecting, analyzing and reporting on data in a way that meets the standards of our legal system. So basically, anytime you need evidence from a digital device to use in court or any legal proceeding—computer forensics will be involved.

So when does this come into play? Situations like intellectual property theft, fraud investigations, employment disputes and bankruptcy investigations are common territory for computer forensic analysts—but that barely scratches the surface of what these professionals get into.

This career can also vary widely depending on the employer. For example, some forensic analysts work in law enforcement, and must meet their state’s requirements to work as law enforcement officers.

Certified forensic analyst and investigator Ryan Massfeller explains that police forensic examiners must be sworn law officers in most states. “Many of the cases we work on deal with sexually exploitive images of children and cannot be processed by anyone outside of law enforcement.”

Another side of computer forensics is in the private sector. Greg Kelley, chief technology officer of Vestige Digital Investigations, deals with cases that clients bring in—such as data theft or evidence surrounding viruses and compromised data.

“Every case is different,” Kelley says. “Even if we are examining 10 computers for evidence of employee theft of data, the circumstances and results are different. Whether it is a forensic analysis of an ESXi server or encountering a yet-unheard-of virus, there is always something different.”

While deeply in the realm of technology, computer forensics also merges with legal and law enforcement territory. There are plenty of rules to follow if you want a piece of evidence to be legally admissible.

 “What takes the most of my time are typically acquisition and handling requirements,” says Dennis Chow, chief information security officer of SCIS Security. He explains that these often-tedious requirements exist so that the data used in legal proceedings is airtight and cannot be challenged or rejected as tampered with.

How do you become a digital forensic analyst?

According to the Bureau of Labor Statistics (BLS), professionals in digital forensic science often need at least a bachelor’s degree.1 More specialized training offered by the employer, a credentialing organization or a police academy may come later, depending on where you hope to work.

Kelley’s career began in IT with a computer engineering background. “Some of our clients were smaller law firms who started asking us if we could recover deleted files or examine a hard drive.” Kelley says looking into this demand led to specializing in computer forensics.

IT led to SOC (security operations center) analyst work for Chow, which in turn led to investigating malware. “With my written and verbal skills, I discovered working with legal teams was quite easy for me,” Chow says.

In law enforcement, digital forensic analysts usually need to graduate a police academy or state-approved training program for police officers. But the background in technology is important, too. Massfeller had a decade of IT administration experience before applying to work in law enforcement.

“Most forensic examiners working in law enforcement have worked through the ranks as a police officer, to detectives, to eventually working in forensics,” Massfeller says. “I on the other hand was hired directly into the lab given my experience and skills and turned into a cop.”

What does a digital forensic analyst do?

It’s helpful to get the bird’s-eye view, but what does being a digital forensic analyst really look like? We asked our experts to share some of the work they do most often, to help you see the inside of this career.

1. Proactive scanning

As a detective, Massfeller doesn’t simply deal with devices brought to the precinct. The LEO digital forensic analysts hunt for criminal activity. “Routinely we proactively scan peer to peer networks looking for torrents that are known to contain sexually exploitive images of children,” Massfeller says. When they find something—the process of obtaining warrants and evidence begins.

2. Filling out legal documentation

Whether the paperwork is to satisfy acquisition requirements, request information or get a warrant signed by a judge—computer forensic analysts spend lots of time dotting their ‘i’s.

Massfeller says he writes court orders and search warrants in the process of obtaining evidence. “We also write a full forensic report documenting the steps we took to find the evidence,” Massfeller says. Digital forensic analysts might need to present their findings in court—in which case documenting and adhering to restrictions is of utmost importance.

3. Physical investigation

“We examiners suit up in full body armor and execute a search of the property for electronic devices,” Massfeller says. “We also typically interview the suspect to find out about any passwords or browsing behaviors. Once the seized evidence is secured at the computer forensics lab we begin processing it in a forensically sound manner.

4. Using digital forensic tools to find data on devices

This is where the digital forensic magic happens. “With computers we make a forensic image of the suspect’s hard drive behind a write blocker or with a cellphone using software and sometimes hardware exploits to download the information from the device,” Massfeller explains. When the information is obtained, digital forensic analysts search it for evidence.

“The most challenging aspect about the job is that you need to really find efficiencies in how you investigate each case,” Chow says. “You’re shifting and sleuthing against tons of data trying to find IOC’s or other mission objectives, and you typically don’t have much time.”

Digital forensic analysts will need to stay sharp in their critical thinking, as well as current technology and useful digital forensic tools to keep this process efficient, legally admissible and effective.

5. Presenting computer forensic evidence in a trial

If the digital forensic evidence is involved in a legal proceeding, analysts might need to present their findings to a judge.

“At trial we are qualified as expert witnesses,” Massfeller says of law enforcement officers who are digital forensic analysts. “We present our findings to a jury and a verdict is reached. It’s a lengthy process to give everyone due process.”

6. Staying up to date with technology

“There are two very challenging aspects of the job,” Kelley says. “The first is staying up to date with the latest technologies.” Kelley says that includes operating systems, updates to programs running, forensic applications and new viruses and vulnerabilities.

When it comes to evidence or risk of a breach or theft—companies, individuals and entities of all kinds want their answers in a hurry. Digital forensic analysts need to be at the top of their technological game to stay competitive and effective in the job.

That’s not to say you can make everyone happy. Kelley says the other most challenging part of the job is satisfying clients who don’t understand the technology.

“Client demands for getting answers sometimes test the capabilities of our tools, skills and even the laws of physics when it comes to the speed of the computers we use,” Kelley says.

Computer forensics on the horizon

Computer and digital forensics have every likeliness of becoming even more critical as technological capabilities and access grow. Digital forensic analysts engage in the critical work of digital accountability, and employers as well as law enforcement organizations rely on their skills—and the evidence they find.

“It is complex and challenging work in high demand,” Chow says. If that’s something that appeals to you, check out some of the precursors to computer forensics by reading our article “8 Signs You’re Wired for Working in a Cyber Security Career.”

1Bureau of Labor Statistics, U.S. Department of Labor, Occupational Outlook Handbook, [information accessed May 8, 2019] www.bls.gov/ooh/. Information represents national, averaged data for the occupations listed and include workers at all levels of education and experience. Employment conditions in your area may vary.

About the author

Brianna Flavin

Brianna is a senior content manager who writes student-focused articles for Rasmussen University. She holds an MFA in poetry and worked as an English Professor before diving into the world of online content. 

Posted in General Technology

Related Content

Related Content

Pixelated map of the continents with scattered dots and hearts connected by lines
Why Is Computer Science Important? 7 Surprising Ways Computer Science Benefits Society

Brianna Flavin | 05.16.2023

illustration of software career professionals
Software Careers: 6 Critical Roles You Should Know

Brianna Flavin | 06.06.2022

illustration of phone with data science symbols on a web page representing data science blogs
12 of the Best Data Science Blogs Data Pros Should Be Tracking

Brianna Flavin | 05.30.2022

What Is a Database Administrator? Exploring This Data-Driven Career
What Is a Database Administrator? Exploring This Data-Driven Career

Patrick Flavin | 03.21.2022

This piece of ad content was created by Rasmussen University to support its educational programs. Rasmussen University may not prepare students for all positions featured within this content. Please visit www.rasmussen.edu/degrees for a list of programs offered. External links provided on rasmussen.edu are for reference only. Rasmussen University does not guarantee, approve, control, or specifically endorse the information or products available on websites linked to, and is not endorsed by website owners, authors and/or organizations referenced. Rasmussen University is accredited by the Higher Learning Commission, an institutional accreditation agency recognized by the U.S. Department of Education.

logo-accreditation-acen logo-accreditation-ccne chart-credential-laddering-associates-bachelors-masters 0 Credits 90 Credits 180 Credits 48 Credits Start Here HIGH SCHOOL GRADS Start Here TRANSFER STUDENTS Start Here SECOND DEGREE PURSUERS End Here ASSOCIATE'S DEGREE Start Here MASTER'S DEGREE PURSUERS End Here BACHELOR'S DEGREE End Here MASTER'S DEGREE chart-credential-laddering-associates-bachelors 0 Credits Start Here HIGH SCHOOL GRADS Start Here TRANSFER STUDENTS 90 Credits Start Here SECOND DEGREE PURSUERS End Here ASSOCIATE'S DEGREE 180 Credits End Here BACHELOR'S DEGREE chart-credential-laddering-msn chart-credential-laddering-nursing-programs chart-credential-laddering-nursing DNP MSN RN to BSN LPN to RN Bridge Accelerated BSN Professional Nursing ADN Practical Nursing Diploma Pre-Licensure Post-Licensure icon-colored-outline-bank icon-colored-outline-certificate icon-colored-outline-circle-dollar-sign icon-colored-outline-folder-search icon-colored-outline-hand-heart icon-colored-outline-head-blocks icon-colored-outline-head-cog icon-colored-outline-head-heart icon-colored-outline-health-plus-leaves icon-colored-outline-hospital icon-colored-outline-lifelong-learning icon-colored-outline-light-bulb-analytics icon-colored-outline-location-pin icon-colored-outline-magnifying-glass icon-colored-outline-monitor-healthcare icon-colored-outline-monitor-paper-search icon-colored-outline-nurse-rays icon-colored-outline-padlock-shield icon-colored-outline-person-presenter-screen icon-colored-outline-scales ras-logo-flame ras-logo-horizontal ras-logo-stacked icon-colored-advance icon-colored-arrows-cross-curve icon-colored-briefcase-star icon-colored-build icon-colored-bulb-analytics icon-colored-certificate icon-colored-continual-development icon-colored-duo-chatbox icon-colored-folder-mortarboard icon-colored-forward-ribbon icon-colored-gears-clock icon-colored-globe-pen icon-colored-growth icon-colored-hand-bubble icon-colored-hand-stars icon-colored-hands-gear icon-colored-head-blocks icon-colored-head-cog icon-colored-health-plus-leaves icon-colored-hospital-building icon-colored-laptop-cbe-skyscraper icon-colored-laptop-checkmark icon-colored-laptop-webpage icon-colored-location-map icon-colored-location-pin icon-colored-monitor-paper-scan icon-colored-mortarboard-dollar icon-colored-national icon-colored-people-chat-bubbles icon-colored-person-cheer-star icon-colored-person-laptop-checkboxes icon-colored-person-screen-instructor icon-colored-person-whiteboard icon-colored-phone-chatbox icon-colored-police-light icon-colored-prep icon-colored-presenter icon-colored-regional icon-colored-save-time icon-colored-shirt-hat icon-colored-skyscraper icon-colored-state icon-colored-student-centered icon-colored-support icon-colored-world-experience icon-triangle-arrow-up-plant icon-triangle-calendar-pencil icon-triangle-clock-rotating-arrows icon-triangle-display-gears icon-triangle-hand-right-speech-bubble icon-triangle-laptop-coding-brackets icon-triangle-mortarboard icon-triangle-paper-ribbon icon-triangle-person-cheer-star icon-triangle-person-juggle icon-triangle-triple-people-chat-bubble icon-modality-campus icon-modality-field icon-modality-online icon-modality-residential icon-arrow icon-bank icon-camera icon-filter icon-general-chart icon-general-connect icon-general-degree icon-general-discuss icon-general-email icon-general-find icon-general-hat icon-general-heart icon-general-laptop-building icon-general-laptop icon-general-leader icon-general-map icon-general-money icon-general-paperwork icon-general-people icon-general-phone icon-general-speak-out icon-head-heart icon-info-circle icon-mail-forward icon-mglass icon-play-solid icon-quote-mark-left icon-quote-mark-right icon-scales icon-share-square-o icon-simple-chat icon-simple-desktop icon-simple-find icon-simple-hamburger icon-simple-phone icon-spinner icon-tag icon-testimonial-quotes icon-util-checkbox-white icon-util-checkbox icon-util-checked-white icon-util-checked icon-util-chevron-down icon-util-chevron-left icon-util-chevron-right icon-util-chevron-up icon-util-circle-arrow-down icon-util-circle-dot icon-util-language-switch icon-util-loading icon-util-open-window-link icon-util-pdf-link icon-util-refresh icon-util-x rebrand-arrows icon-social-facebook-colored icon-social-facebook-square-colored icon-social-facebook-square icon-social-facebook icon-social-google-plus-square icon-social-google-plus icon-social-instagram-colored icon-social-instagram icon-social-linkedin-square-colored icon-social-linkedin-square icon-social-linkedin icon-social-pinterest-p-colored icon-social-pinterest-p icon-social-twitter-colored icon-social-twitter-square icon-social-twitter icon-social-youtube-play-colored icon-social-youtube-play graduate-cap-star-coin hand-coin hand-heart nurse-stethoscope-rays card-send-smile person-yoga-pose suitcase-star