The career of a computer Forensics Investigator is that of a specially trained professional who works with various law enforcement agencies as well as private firms to retrieve information from computers and other types of data storage devices. Computers and equipment can often be damaged externally as well as internally corrupted by hacking or viruses. The Computer Forensics Investigator is most well-known for working within the law enforcement industry. They can also be tasked to test the security of a private company’s information systems.
The Investigator should have an excellent knowledge of all aspects of the computer including hard drives, networking, and encryption. The Computer Forensics Investigator recovers and examines data from computers and other electronic storage devices in order to use the data as evidence in criminal prosecutions. Following data retrieval, the Investigator writes up technical reports detailing how the computer evidence was discovered and all of the steps taken during the retrieval process. Patience and willingness to work long hours are qualities that are well suited for this profession.
Common Certifications for a Computer Forensics Investigator
Some common Certifications for a Computer Forensics Investigator are the Certifications of Ethical Hacker, Penetration Tester, Computer Forensics Examiner and Reverse Engineering Analyst. The Certification of Ethical Hacker is achieved after completing a program involved with popular information security and hacking training. Investigators are taught techniques that are used by malicious, black hat hackers.
The Certification of Penetration Tester is achieved after taking a course that is designed to certify that candidates have expert level knowledge and skills in relation to penetration testing. An expert penetration tester is a person who is highly skilled in methods of evaluating the security of computer systems, networks and software by simulating attacks by a malicious user.
An Investigator can earn the Certified Computer Forensics Examiner Certificate by taking a course that tests a candidate’s fundamental knowledge of the computer forensics evidence recovery and analysis process.
The Certified Reverse Engineering Analyst Certification is gained by taking a multiple part exam. The first portion consists of multiple choice style questions. Candidates have 2 hours to complete the exam and must achieve a 70% score or higher in order to pass this part of the exam. Candidates that pass the first portion of the exam can receive the practical portion part of the exam. The practical examination consists of an encrypted archived zip file which contains a live malware sample collected in the wild. The password for the file is infected. Investigators must solve the issues to pass the second part of the exam. Links to all these certifications are listed below:
* Certified Ethical Hacker (CEH) * Certified Penetration Tester (CPT) * Certified Computer Forensics Examiner (CCFE) * Certified Reverse Engineering Analyst (CREA)
Associations that Support Computer Forensics
Some associations that support this career are the IACIS, the ISFCE and the National Center for Forensic Science. The IACIS is The International Association of Computer Investigative Specialists. IACIS is an international volunteer nonprofit corporation composed of law enforcement professionals dedicated to education in the field of forensic computer science.
The ISFCE is The International Society of Forensic Computer Examiners. The ISFCE’s members conduct research and produce developments of new and emerging technologies and methods used in the science of computer forensics. This development is reflected in the certifications that are offered by this organization at a minimal fee to Computer Forensics Investigators.
The third association that supports Computer Forensics is the National Center for Forensic Science. This association provides innovative solutions to forensic science problems through high quality research. This association’s members are dedicated to pushing back the frontiers of forensic science by integrating high level research, technology, and scientific working groups. Certification testing is offered to Computer Forensics Investigators at a minimal fee by this association.