How to get a career in forensic computing.
December 11, 2007 8:01 AM   Subscribe

Any one working in forensic computing here? Looking for career advice.

After 12 years in IT, working from support to sysadmin and now management, all in corporate, I've been thinking long and hard about a direction shift. Having investigated several completely different fields, I've realised I'm actually very good with computers and IT in general. I'm not great at being an Deputy IT manager in a rather boring recruitment company. I spend 80% of my time talking and arguing with suppliers. Its dull.

My area of specialism is security. Although never as a formal job title, i spend all of my hands on work in security related work. My bedtime reading is usually in this arena - yes i'm that dull.

I'm fascinated by law, i'm applying to become a magistrate (UK) and I read law books when i can.

I like CSI.

Everything I've read about Forensic Computing interests me - like in a way that says "this is precisely the kind of thing I should do, it looks fantastically interesting to me"

When it comes down to it, I'm a good and thorough problem solver especially when it comes to computers.

I have up to date experience in many modern, and older computing technologies, from PC's up to SAN's via TCP/IP and some programming on the way. I like firewall logs.

I've enrolled on an OU course called 'Forensic Computing'.

I'm good with people. I'm not a reclusive tech in a basement eating pizza and drinking diet coke hax0ring into teh p3tagon lol. I work with senior managers, and the cisco guys, and the helpdesk guys daily in fairly equal amounts, I'm balanced!

Its pretty obvious isnt it?

However, how do I get a career in FC? I've read stuff on line, i'm still not sure. Do i need to start off working within law enforcement, get some real world experience and then consult privately? Does my 12 years working, and 20 years computing interest and knowledge help me get a job in an industry I dont work in. Does it count?

Looking for some advice from those who have done it or fallen in to it.
posted by daveyt to Computers & Internet (7 answers total) 8 users marked this as a favorite
I don't work in computing, but I am in the forensics field. Law enforcement experience helps tremendously when getting a forensics position. This does not necessarily mean you need to be a cop -- but working in some aspect within law enforcement will help you. It also doesn't mean you can't do computer forensics without it. There are plenty of private forensic computing consultants to consider.

The private side of computer forensics will probably pay better than a law enforcement agency.

Also, have you considered getting a certificate or degree in computer or high technology forensics? There are some programs out there and that can only help with getting into this field. In particular, The George Washington University has a Master's in Forensic Science with a concentration in High Technology Crime Investigation.

Other than that I'd advise you to keep an eye on the job page at the American Academy of Forensic Sciences for any openings you may find applicable.
posted by fallenposters at 8:32 AM on December 11, 2007

Whoops, here's the correct AAFS link.
posted by fallenposters at 8:34 AM on December 11, 2007

thanks, but I probably forgot to include the fact that I'm British and in the UK. But thanks for the comments though.
posted by daveyt at 8:47 AM on December 11, 2007

I'm curious about this field myself, and I'm looking to enroll at a nearby university to take some courses.

Maybe look into taking a couple of SANS courses, and networking with people you meet. Here are some upcoming training sessions in the UK. They have courses in intrusion detection, incident handling, system forensics, system security, and others. It looks like they also have a master's degree program, but I don't know if that's really necessary in order to get into the field.

I'm really not sure how to break in to the field -- either private or government.
posted by indigo4963 at 9:22 AM on December 11, 2007

Sorry I didn't have any UK info for you.

Just as an aside, a lot of work in computer forensics may deal with child porn cases. Be prepared for dealing with that if you want to enter this field.
posted by fallenposters at 9:27 AM on December 11, 2007

Perhaps you can contact OFCOM, and they can suggest a direction for you? Yes, I'm a 'Merkin, but to my credit, I read El Reg daily.
posted by Fferret at 11:37 AM on December 11, 2007

I regularly hire computer forensics guys (and know enough about the tech to be credible when talking to them).

This might be too US-centric, but you should keep in mind that when people talk about "computer forensics" they often mean different things.

Security and intrusion detection and analysis of compromised systems is what a lot of folks in IT think when they talk forensics. SANS, CISSP, etc. fall squarely into this bucket.

The law enforcement (and legal) side of the aisle usually thinks of forensics in terms of data acquisition and searches (to acquire and present evidence for use in court). On the law enforcement side, much of this is kiddie porn hunting (writing reports regarding how much kiddie porn is found on a suspect's computer); most examiners have a huge backlog of cases.

On the civil (non-criminal) side of things, there is a lot of data acquisition work. Pretty much using specialized tools to acquire sector-by-sector copies of hard drives (i.e. dd). The eDiscovery side of things involves searching / processing that data, but often does not result in real "forensics".

I have had "forensics" guys testify about exactly what is in a web browser cache or browser history file. Big geeks don't think of that as CSI-level stuff, but you really do need someone with specialized skill and knowledge to explain this stuff to judges and juries. Some more "exciting" tasks might involve talking about the Windows registry entries that are created when a portable storage device gets plugged in (i.e., evidence of data theft). These events are the exception rather than the rule, though -- most of their time is spent doing data acquisition and fairly routine searches. If you have a low tolerance for boredom, then you might not find this stuff enjoyable.

Remember, CSI is not reality.

If you're interested in learning more, the HTCIA (High Technology Crime Investigation Association) is a pretty good networking group that has international chapters.

If you're just thinking about entering the field, it is probably premature to take training classes. Both of the leading manufacturers of forensic investigation tools offer training courses. Some are certification programs. Guidance Software's Encase is known and used by most law-enforcement -- here's the Guidance training schedule. The other well-known forensic tool is Access Data's FTK -- I found the Access Data schedule here. Both Guidance and AccessData do appear to offer courses in the UK. Browsing through the course syllabi will probably give you a good feel for what "real world" forensics is like, though.
posted by QuantumMeruit at 9:33 AM on December 12, 2007 [1 favorite]

« Older Who Do I Have To Pay To Get Some Kids On A Boat?   |   P.U. It's a little whiffy in here. Newer »
This thread is closed to new comments.