-
Notifications
You must be signed in to change notification settings - Fork 0
Ops 401 Class 34
A data breach, identity theft, security issues, illegal activity, corruption. In the world today there is an increasing amount of technology, which means there is an increasing amount of security and privacy issues that surround technology as well. As an individual you are worried about identity theft and privacy invasion. Businesses are worried about data breaches and hackers. And sometimes criminals use computers to commit crimes. As technology evolves, so do the cyber criminals around us.
As cyber criminals get more sophisticated, so do our ways to fight them. Forensic computer or cyber experts are key in the battle against cyber threats. Similar to cybersecurity, cyber forensic specialists are charged with helping increase security, fight crime, and create a better, safer future.
Computer forensic specialists investigate security issues, data breaches, and other cyber crimes. Law enforcement, criminal justice, forensics, and cybersecurity all come together inside this field. That is why many computer forensic specialists work for law enforcement agencies. These experts recover documents, photos, emails, and other files from computer systems, hard drives, and other devices. They often work on “cyber crime” and digital cases and examine computer systems to help find digital evidence of illegal activity.
Computer forensics is also focused on helping organizations deal with network breaches. Forensic specialists will help determine how a breach happened in a computer system—the main focus of these experts is to look at digital breaches and hacks that have already happened, and learn from them for the future.
While they sound similar, computer forensics and cybersecurity are actually quite different. At the root, cybersecurity is focused on prevention while computer forensics is more reactionary in nature. Cybersecurity experts work to keep hackers out, while computer forensics experts focus on how to move forward once a hacker has gotten in.
These two fields work directly together in keeping cyber criminals at bay. A cybersecurity team will specifically create security systems to keep data and information secure. In the event that their efforts fail, a computer forensics team finds how the breach happened and works to recover the data.
While both career avenues have similar educational options, there are different job responsibilities and titles associated with the different career paths. Cybersecurity analysts, penetration testers, ethical hackers, cybersecurity engineers, and cybersecurity architects are just a few of the job titles you can pursue in the cybersecurity realm.
While different in responsibility, a degree in computer science or cybersecurity can be key in helping you be prepared for either one of these IT roles.
In the first half of 2019 alone there were over 3,800 publicly disclosed security breaches, with over 4 million records exposed. There is a new hacker attack every 39 seconds, and 300,000 new malware programs are created every day. These statistics simply don’t lie. It’s clear to see that security breaches are a huge issue in our technology-fueled world. That makes cyber forensics an increasingly important element of our protection. Cyber forensics is focused on helping us recover and learn from past hacking to propel a more secure future.
There are many job titles associated with cyber forensic work including:
-
Information security crime investigator. An information security crime investigator often works specifically with lawyers and law enforcement to find evidence that may be on computers, phones, or other technology as part of a criminal investigation.
-
Computer forensics engineer. A computer forensics engineer focuses on evaluating software and architecture to help learn what happened in a breach or threat.
-
Digital forensics. Digital forensics is another term for cyber or computer forensics, which is the basic idea of analyzing data and software to learn how a breach occurred, or look for evidence.
-
Computer forensics. Computer forensics is another term for cyber or digital forensics, which is the basic idea of analyzing data and software to learn how a breach occurred, or look for evidence.
-
Cyber forensics. Cyber forensics is another term for cyber or digital forensics, which is the basic idea of analyzing data and software to learn how a breach occurred, or look for evidence.
-
Computer forensics specialist. A computer forensics specialist is a more entry-level position in the field, focusing on scans and research into a breach.
-
Computer forensics analyst. A computer forensics analyst focuses on analyzing data and information to help provide as evidence in a cyber crime, or in understanding a data breach.
-
Computer forensics investigator or examiner. A computer forensics investigator or examiner is similar to a forensics analyst—they are responsible to dive deep into programs and software to learn about a digital breach or a hack, and help recover data.
-
Computer forensics technician. Computer forensics technicians are responsible for the more detailed, technical work of forensics systems. They may be in charge of data recovery, logging information about a breach or attack, or pulling specific data as evidence for law enforcement.
In the world of computer forensics, there are important responsibilities involved with correctly conducting an investigation and gaining knowledge about a breach or hack. There are six stages of a computer forensics examination looking for information or evidence involving cyber crime. Those six stages are:
-
Readiness. This stage helps the investigator make sure they are ready to take on investigation at any time. They ensure everyone has been trained correctly, ensure they understand legal ramifications of investigations, plan ahead for technical and non-technical issues, and make sure their equipment is ready anytime.
-
Evaluation. This happens when a team is given information about an investigation. They assign roles and resources to the team, get details on facts and particulars about the case, and identify risks of the investigation.
-
Collection. This involves the collection of evidence and learning about the cyber attack or cyber crime. Many tools and techniques are used to obtain this data, and can involve conducting interviews, obtaining the hard drives and other devices, and more. Devices are sealed in evidence bags to be further evaluated at the forensics lab.
-
Analysis. This part of the investigation is vital to success. Evidence and data collected are analyzed to get as much information as possible about the breach or crime. This can involve who performed the crime, when it happened, what data was lost, digital evidence, and more. The analysis must be accurate, must be documented and recorded, it must be unbiased, and it must meet correct deadlines.
-
Presentation. After analysis, the team presents a summary of its findings. They offer strategies to companies to help them increase their security and prevent issues in the future. A presentation will also be given to a court of law that needs details about the forensics evidence.
-
Review. After the process is completed, the forensics team will do a review of how their investigation went, talk about things to improve in the future, and evaluate how to better serve in the next investigation.
There are many duties a cyber forensics expert may have in their day including:
-
Conduct data breach investigations
-
Recover and examine data from computers or electronics
-
Identify additional systems or networks that may have been compromised
-
Compile evidence for legal cases
-
Draft technical reports and write declarations to prepare evidence for trial.
There are many specific skills that a computer forensic expert will need to be successful at their job. Those include both hard skills and soft skills.
-
Computer hardware and software
-
Operating systems
-
Networks
-
Programming languages
-
ISO standards
-
COBIT and ITIL frameworks
-
Cybersecurity systems and standards
-
Organization
-
Analysis
-
Communication
-
Presentation
-
Time management
-
A cool head under pressure
There are many types of programs that a computer forensic specialist will need to be familiar with in order to be successful at their job. Some of the most popular options include:
-
EnCase
-
SANS SIFT
-
ProDiscover Forensic
-
Volatility Framework
-
The Sleuth Kit (+Autopsy)
-
CAINE
-
Xplico
-
X-Ways Forensics
When it comes to salary, there is usually a progression path for cyber forensic analysts. Many begin as a junior forensic analyst or specialist, move up to a senior forensic analyst, and then move to management positions. There is a wide range of job opportunities within the field. The average salary for cyber forensic analysts is over $90,000 per year. The location where you work, the years of experience you have, and your education can all greatly impact your earning potential in this field.
[ all data cited from WGU ]
This material is relevant to our course content because we are studying cyber forensics, forensic tools, and forensic techniques this week in class, and for those that find it particularly interesting, this article gives a thorough rundown of the job roles, the tools used, the salary expectations, and the prerequisite education expected of a cyber forensics professional.