What is a Computer Forensics Investigator?
A computer forensics investigator spends their day analyzing data on computers and other electronic devices and systems. This is often done as part of criminal investigations, though many computer forensics investigators also work for private companies to secure their networks.
Computer forensics investigators have special training with regard to preventing hacking, information security, and encryption tactics, to name a few. They also often take the lead on retrieving information from devices or systems that have been damaged by a virus or from hacking.
What Does a Computer Forensics Investigator Do?
A computer forensics investigator has a long list of job duties. By and large, though, these duties can be classified as recovering and examining data. Let’s take a closer look at some of the primary tasks a computer forensics investigator is asked to do.
One of the most exciting job duties for a computer forensics investigator is to assist law enforcement in locating suspects. This is done by using the suspects’ digital footprint. For example, a computer forensics investigator might use logical data acquisition and analysis techniques to extract location data from apps on a suspect’s Android phone.
One of the most common jobs for a computer forensics investigator is to recover lost data. In many cases, data is lost because of things like viruses or malware. In these instances, computer hardware and systems must be rebuilt in order to recover the lost information. In other cases, data is purposefully wiped or hidden because of criminal activity. In this case, data recovery focuses not just on retrieving lost data, but also on trying to identify the person that corrupted
the data in the first place.
For example, if a hacker penetrated a company’s secure network, stole proprietary information, and then covered their tracks, a computer forensics investigator would be tasked with recovering the stolen data and working to identify the person responsible for stealing it.
After investigating a case, computer forensics investigators must outline their findings. This might be in the form of a written report to a company’s board of directors or as testimony in a criminal hearing.
For example, in a criminal hearing, a computer forensics investigator would be asked to detail the steps they took, the tools they used, and the methods they used to discover and retrieve evidence against the accused.
Some computer forensics investigators are responsible for testing network security by purposefully trying to hack into systems. These penetration tests are used by companies to determine the level of vulnerability their systems have to actual hackers.
Many workers in this field are responsible for training others in computer forensic techniques. For example, an investigator might teach a class to law enforcement personnel on tools and techniques that are used to retrieve lost data from a damaged hard drive. The skills they teach in these trainings allow law enforcement to take the right steps in pursuing evidence of digital crimes.
Computer forensics investigators often advise others on current threats to information security. For example, a computer forensics investigator might contract with a private company to advise them on how malware is changing and what kinds of attacks for which they should be prepared.
What are the Requirements to Become a Computer Forensics Investigator?
By and large, computer forensics investigators have a bachelor’s degree in computer science or related field. This is a four-year degree that includes about two years of general education courses (i.e., math, science, and humanities) and two years of major studies that deal specifically with computer forensics.
Usually, computer forensics degrees require courses like:
- Computer systems design
- Computer ethics
- Computer forensics
In most cases, about 120 credit hours are required to complete a bachelor’s degree. Although this kind of program can usually be completed in four years, some students complete bachelor’s studies in three years while others need a little more time to finish up.
Typical admissions requirements for bachelor’s degree programs include:
- A satisfactory GPA (i.e., 2.5 on a 4.0 scale)
- Satisfactory scores on the SAT or ACT
- Letters of recommendation from high school teachers or college professors
In some cases, employers might look favorably on an applicant that has a master’s degree in computer forensics. However, for most positions, a bachelor’s degree is more than sufficient.
There are many different certifications you can pursue. Though voluntary in most cases, some employers might require you to get one or more certifications upon getting hired. Two of the most common certifications are:
- Certified Forensic Computer Examiner (CFCE) – This certification requires a peer review and a certification phase during which you’re presented with various problems you must solve. There’s also an exam.
- Certified Computer Examiner (CCE) – The purpose of this certification is to ensure investigators have the knowledge and practical skills required to practice computer forensics.
What Do You Learn in a Computer Forensics Investigator Degree Program?
Most computer forensics investigator degree programs focus student learning on an accepted set of learning targets. Though it’s not possible to list everything you might learn, you can look forward to these common benchmarks:
- Federal rules of evidence – Most degree programs have a legal issues component that focuses on understanding federal guidelines for evidence admissibility in court.
- Chain of custody – Evidence must be accounted for from the moment it is discovered to the moment it is entered into law enforcement’s evidence locker.
- Locard’s Principle – Forensics investigations rely on this principle, which states that the person committing a crime will likely leave something behind, be it a fingerprint, DNA, or a digital marker.
- File systems – Computer forensics investigators must be familiar with different file systems types, including NTFS, FAT, HFS+, and Ext2/3/4, to name a few.
- Conducting email investigations – You will learn how to conduct an effective forensic investigation using data from email files and email headers.
- Network forensics – You must understand how different types of networks are constructed. This includes wired and wireless networks, firewalls, routers, and proxies.
- Network security – Courses on this topic focus on methods to secure computer networks from hacking, viruses, malware, and so forth.
- Mobile forensics – There is an increasing importance for forensics investigators to be well-versed in mobile forensics. This includes learning how to examine data on different types of devices, getting information from cellular providers, and using data like GPS to further your understanding of the problem.
- Computer ethics – This course helps you understand what is and is not acceptable for investigators to do in the course of their investigation.
What Skills are Needed to be a Computer Forensics Investigator?
Computer forensics investigators must draw on a wide range of skills in order to do their jobs effectively. These skills are a mix of hard skills, or job-specific abilities, soft skills that you possess that make you a good worker, such as being punctual, and things like personality types and traits. Below is a short list of some of the top skills needed for this type of job. This is not a comprehensive list, but it will give you a good idea of the skills you need to develop:
- Understanding of cybersecurity – Computer forensics is very closely related to cybersecurity. As such, workers in this line of work greatly benefit from having skills related to information security, penetration testing, and methods used for hacking into systems.
- Understanding of criminal law – Though not all computer forensics investigators are involved in criminal investigations, many are. Knowing applicable criminal laws, procedures for investigations, white-collar crimes, and so forth can help you advance your career.
- Math skills – Many computer science-related careers require workers to have a solid understanding of math. This career is no different. You should possess excellent mathematical skills and have completed at least trigonometry or calculus in college.
- Technical aptitude – To be successful in this field, you must be technology-savvy and understand how to work on a wide range of devices, from servers to laptops to mobile devices.
- Knowledge of operating systems – This work necessitates that you have the ability to work in a variety of operating systems, from MacOS to Unix, Linux to Windows. What’s more, you should be familiar with mobile operating systems as well.
- Analytical skills – Computer forensics investigators rely on their analytical skills to identify problems and solutions to those problems. Being able to break down complex problems, examine data, and draw logical conclusions are must-have skills for this kind of job.
- Communication skills – Doing investigative work requires that you possess the ability to summarize your findings in both written and verbal form. Having excellent communication skills allows you to report on your findings in a manner that is informative and succinct.
- Ability to work under pressure – Conducting investigations is a high-stress job in which time is of the essence. You should relish the opportunity to work towards many different deadlines and goals simultaneously.
What Tools and Techniques are Used by a Computer Forensics Investigator?
In this line of work, there are many tools and techniques needed to undertake forensic investigations. Below is a partial list of some of the most common tools and techniques you’ll need as a computer forensics investigator:
- Laptop – This is the most basic tool for a computer forensics investigator. Since investigations might be done in the office or in the field, having a portable laptop is a must.
- X-Ways Forensics – Computer forensics investigators might use this advanced suite of forensics tools when examining Windows-based systems. It can be used for many forensics tasks, from automating activity logs to disk imaging and cloning to generating automated registry reports.
- WindowsSCOPE – This program is designed to allow computer forensics investigators to reverse engineer malware. Doing to gives you the opportunity to analyze virtual and physical memory, drivers, Windows kernels, and more.
- Mandiant RedLine – This computer forensics tool enables the analysis of files and memory. It can collect information regarding processes that are running on hosts. It will gather and analyze things like registry data, network information, metadata, and internet history.
- Forensic Toolkit (FTK) – This tool is often used by law enforcement to scan hard drives for information. It can scan hard disks for text strings that can be used to crack encryption. It can also locate deleted emails.
- Live Forensics – Live forensics is a technique in which investigators pursue cyber threats on a running system. This is done in real-time to find, control, and eliminate cyber threats.
- Timeline Analysis – This technique involves analyzing the timeline of events that let up to or followed the primary issue that’s under investigation. For example, a computer forensics investigator might put together a timeline that shows how a hacker was able to breach the security of a company’s network.
- File Carving – File carving is a technique used to recover files using their contents. This is possible because deleting a file doesn’t always mean that it has been eliminated from the computer’s drive. So, by file carving, you can extract data from the unallocated part of the drive and recover deleted or corrupt files.
What are the Benefits of Being a Computer Forensics Investigator?
If you’re interested in building a career for yourself as a computer forensics investigator, you can enjoy many benefits. These include:
- Excellent income potential – Workers in this field enjoy top wages, particularly workers with experience and advanced educations. In addition, many companies offer valuable benefits as part of the salary package, so computer forensics investigators might enjoy things like health insurance, medical, dental, and vision insurance, contributions to retirement, and more.
- Employability – Because computer forensics investigators are in such high demand, the chances are very good that you can get a job right out of college with little or no real-world experience.
- Great job outlook – This is an occupation that is predicted to have explosive growth over the coming years. Not only is this good news for recent graduates, but it’s also good news for experienced computer forensics investigators that wish to move and get a new job in this field.
- High job satisfaction – Computer forensics investigators report having good job satisfaction, citing the ability to help people as one of the top benefits of the job.
- Varied job opportunities – With training in computer forensics, you can pursue any number of IT-related jobs. And since many IT positions are in high demand, having varied job opportunities also means you will likely have a very good employment outlook as well.
- Varied job locations – Jobs in this field are in demand in virtually all areas of the world. Likewise, many different industries, from finance to law enforcement, have a need for skilled computer forensics investigators.
- Relatively low educational threshold – Most computer forensics investigator positions require just a bachelor’s degree. This means you can get a four-year degree and be highly employable.
What are the Disadvantages of Being a Computer Forensics Investigator?
As with any job, there are some disadvantages of which you should be aware. For computer forensics investigators, the following are often cited as less-than-desirable features:
- High-pressure work – This job is not one for the faint of heart. There is often intense pressure involved, particularly in instances in which the investigative work focuses on cybercrimes that have been or are currently being committed.
- Constant need for continuing education – Technology systems rapidly evolve, as do the needs of companies to protect their data. Likewise, hackers are constantly changing how they try to penetrate secure systems. As such, computer forensics investigators must continually learn and develop new skills to meet emerging needs of their clients and threats from hackers.
- Work environment – Workers in this field don’t enjoy many hours each day away from their desks. Constantly being in a chair, at a desk, indoors can wear on one’s physical and mental health.
- Long work hours – Computer forensic investigators typically work long hours, including nights, weekends, and holidays, especially when they are working to combat security breaches or investigating crimes.
What is the Job Outlook for Computer Forensics Investigators?
The job outlook for computer forensics investigators is very robust. According to the Bureau of Labor Statistics, employment in this career area is expected to grow by 32 percent through 2028. For comparison’s sake, average job growth is expected to occur at a rate of about 5 percent over the same time span.
The rapid growth of this occupation is due in large part to the increasing importance of technology in our lives. With so much valuable information online and in digital form, it’s critical for companies to secure that data and prevent it from falling into the wrong hands.
Given that cyber attacks are becoming more frequent and more sophisticated, companies aren’t just looking for computer forensics investigators to find and fix security problems, but they’re also relying on these workers to research hacking methods and devise security measures against them. It’s no wonder, then, that the Bureau of Labor Statistics projects that computer systems design will grow by 55 percent through the end of the decade.
How Much Does a Computer Forensics Investigator Make?
As of May 2019, according to the Bureau of Labor Statistics, information security analysts, of which computer forensics investigators are a part, make an average annual salary of $99,730 per year. This works out to around $50 per hour.
The pay range for this career is quite wide, with the lowest ten percent of workers earning less than $58,000 per year and the highest ten percent of workers earning nearly $159,000 per year. Workers at the low end of the pay scale can expect to earn about $29 per hour while workers at the high end of the pay scale can make in excess of $79 per hour.
The primary reasons for this wide pay range are level of education and years of experience. For example, a worker with a bachelor’s degree and no work experience will likely start out toward the bottom of the pay scale. By contrast, a veteran computer forensics investigator that has a master’s degree with 10 or more years of experience would likely earn a salary toward the higher end of the pay scale.
The location where you work can also influence how much money is made. For example, according to PayScale, computer forensics investigators in Washington, D.C., earn about 32 percent more per year than the average. Close by, workers in this field in Arlington, Virginia earn 10 percent more than average. Computer forensics investigators in Boston also earn 10 percent above average for this type of work.
What Professions are Similar to Computer Forensics Investigator?
If you have a background in computer forensics, you can explore numerous careers related to computer forensics investigations. Some of the most popular careers include:
Information Security Analyst
Information security analysts specialize in cybersecurity and monitor networks for security breaches. Typically, they install and maintain security software like encryption programs, build firewalls, and research best practices in cybersecurity as well. Some IT security analysts might specialize in certain areas, such as penetration testing or security software development.
Information Technology Auditor
These IT professionals are responsible for carrying out audits on computer networks to detect security vulnerabilities. Likewise, they are often asked to look for fraud or mismanagement in an organization by examining the company’s systems of digital files. Essentially, they are computer investigators that gather data, analyze it, and make recommendations based on their findings.
Malware analysts are responsible for researching the latest types of malware and hunting them down on computer systems. Whether they’re Trojan horses, worms, bots, viruses, or some other kind of malware, it’s the job of a malware analyst to prevent damage to systems and digital information. Because hackers develop new malware so quickly, malware analysts must do continuous research and training to remain competent in their field.
Computer Systems Analyst
Computer systems analysts evaluate a company’s computer system and IT protocols, then designs solutions that help the company operate more smoothly and efficiently. So, rather than focusing solely on cybersecurity, these workers look at the big picture, examine the needs of their clients, and develop an IT system to fit those needs.