IT Forensics: The Lowdown Part I
Long gone are the days of storing an entire life’s worth of work on one single machine; now any one person may have an entire network of devices linking their data, evolving the way digital forensics experts must approach their investigations. “The Cloud is a major driver due to the way data is shared and synchronised across devices, particularly for investigations. While you may not be able to crack into one device, chances are the data you’re trying to obtain is synchronised with other devices,” says Cameron Brown, Independent Cyber Defence Advisor, Digital Forensic Investigator and Information Security Strategist (@AnalyticalCyber). “The increasing prevalence of mobile broadband has also changed the way we look at data and evaluate evidence. For example, GPS tracking and the geo tagging embedded within people’s photos can reveal movements and location. This information can be very useful to the law enforcement side of digital forensics.” However, while we revel in the heroic feats of modern technology, its antagonist grows equally as strong. Computer crime is keeping frightening pace with technological advancements and as more and more cyber-attacks are reported the need for more investigations and those qualified and experienced to execute them increases; thus creating a wealth of opportunities for those pursuing jobs in IT Forensics.
There is a distinct correlation between cyber security and IT Forensics, with both requiring a shared knowledge base and level of expertise to be properly executed. However, it’s important to bear in mind their respective individual roles in navigating cybercrime, with cyber security typically focused on prevention and IT Forensics dealing with the post-mortem aspects of an inquiry. “When it comes to cyber security you have to think like an adversary in as far as knowing WHERE the vulnerabilities lie,” says Brown. “Contrastingly, a forensic analyst focuses more on WHAT to look for and HOW to look for it. Ultimately, the skills are complimentary and really two sides of the same coin.” While the technical skills required to do the work can be learnt, it is more the soft skills that will set a high calibre candidate apart from the crowd. Skills such as clear communication, rational, analytical and quick-thinking, willingness to collaborate, intuition to know if something’s normal or abnormal, knowing what to prioritise and stay calm in a pressurised situation, punctuality, being fastidious as far as knowing how deep to go and not being afraid to ask for help are all traits that employers revere when hiring in the IT Forensics space.
Far from the glamour of forensic exploits seen in movies and on television (think CSI), the reality of a career in IT Forensics, otherwise known as computer or digital forensics, offers the excitement of uncovering evidence and data carving on a fractional ratio to the day to day paperwork and collaboration which makes up the majority of an IT Forensics role. The hard skills pertaining to the area certainly come down to research, in as much as tapping into the public domain in order to uncover the answers you need as quickly as possible. For computer/digital forensics, awareness is key and “this is not an area that will be sufficed by reading a few text books at university,” says Brown. “There is a constant need for learning.” Consistency and attention to detail are also crucial competencies, particularly in positions supporting law enforcement, where the chain of custody or evidence continuity must be maintained. However, the key technical skill that employers look for when hiring individuals for jobs in IT Forensics is the ability to write a report from an impartial viewpoint, presenting facts not opinions. “Make sure the facts are the facts,” says Brown, “if you’re stepping into territory that’s uncertain, don’t write it or seek clarification because people are relying on these reports to present their cases.”
Law enforcement can offer a good grounding for candidates wishing to join the ranks of digital forensics analysts. Serving as a practical platform from which to perfect many of the skills necessary to become a successful IT Forensics professional, law enforcement exposes individuals to court experience, from preparing evidence for trial to being called up as an expert witness during a case. This is where the ability to communicate effectively, both verbally and on paper, comes into play as one of the key skills employers are seeking. Being able to translate complex technological processes into a language comprehensible to both laymen and legal officials is as important to the role of IT Forensics as interrogating information systems in order to reveal evidence of a course of conduct.
Undoubtedly, in a field driven by new and emerging technologies, the demand for experienced IT Forensics professionals outweighs the preoccupation with education. Having said that, a degree in IT, particularly one focused on networks, would be a step in the right direction for those planning on a career in IT Forensics. There are some universities offering specialised forensics degrees, however it is not a prerequisite for progressing into the industry. “While an IT Forensics certification may act as a point of reference for a company at the hiring stage, it doesn’t ultimately mean you can do the job,” says Brown. “Individuals need to possess a broad base of foundational skills in both hardware and software, networking and scripting, as well as demonstrating extensive technical understanding, a keenness to learn, effective customer service and a solution-oriented work ethic.” IT Forensics is really an industry that requires its experts to learn on the job. “It’s one of those areas where the best skills you develop are the ones you develop through repetition,” asserts Brown.