IT Forensics: The Lowdown Part II
A diverse strain of the InfoSec industry, those wishing to pursue a career in IT Forensics should be aware that it is a closely-knit and difficult business to break into, not least because it demands a level of practical experience from those wishing to work in it, more so than academic qualifications.
“Government or law enforcement offer the best grounding and breadth of case exposure for dealing with complex technical issues for aspiring ‘forensicators’,” says Cameron Brown, Independent Cyber Defence Advisor, Digital Forensic Investigator and Information Security Strategist (@AnalyticalCyber), noting that the public sector usually offers more job flexibility and access to training. However, while law enforcement and crime fighting institutions provide a lucrative launch pad for talented digital forensics professionals, Brown warns that this kind of “deep end therapy” that brings one into contact with unsavoury individuals and situations may not suit everyone’s personalities or sensitivities. “Alternatively, going down the commercial route, there is a greater orientation towards client needs straight off the bat,” says Brown, “it demands a stronger awareness of work ethic and budget in order to meet the needs of the client.” There is also the option to go in-house, for example, working for a bank or company intent on protecting their own interests, which establishes a firm expectation of approaching the job with a view to protecting the needs of your employer.
Where the corporate world and public sector most differentiate from each other in relation to jobs in IT Forensics has to do with the outcome of a case. The corporate sphere expects less investment by analysts in terms of the use to which the evidence is put, rather requiring its digital investigators to dig up their findings and present them clearly, allowing the company’s legal team or similar to follow through with the decisions and eventual conclusion. The public sector often enables greater finality, elevating its practitioners quickly through the ranks to be on the ground from the start all the way through to concluding the case. “It’s important before you make your choice to understand the demands of the different sectors,” says Brown.
Looking ahead to the next five years with regard to changes in technology, data and the law, the notion of push-button forensics, and the automation of the systems supporting forensic enquiry, the industry is set to be one of the key drivers in how the job is and will continue to be done. “As developments in technology gain speed it is only going to empower and improve the efficiency of the job,” says Brown, though he adds that the need for SMEs to interpret the results from fancy black boxes and explain the findings will remain intact. For those coming in at greenhorn level to IT Forensics jobs, they will be able to utilise the technology to do a lot of the time-consuming digging and information gathering, allowing them to focus instead on interpreting results and explaining findings.
Brown also asserts that rather than companies nurturing an internal capability for digital forensics, the function will instead be outsourced to specialist InfoSec companies qualified to shoulder the risk that comes with increased scrutiny from regulators. “The law is driving the industry,” says Brown, adding that the increase in the volume of data is equally key in how the industry will continue to develop. “It calls for an increasing need for rapid forensics,” says Brown, explaining that with a tremendous amount of data to interrogate, candidates looking to take on IT Forensics jobs would be wise to demonstrate their ability to make sense of that data quickly as this is what will drive the industry forward. “Mobile devices and the cloud computing will be a critical part of that evolution because these technologies are increasingly replacing the computer terminals that we have traditionally used when accessing our digital lives,” adds Brown.
The changing face of data privacy, too, fuelled by the Europeans and Americans in addition to data encryption pose, in Brown’s opinion, the biggest risk to IT Forensics “because if you can’t get at the raw data then you can’t make sense of it or find the evidence.” In a society continually under threat from extremism, “we’re going to see the eroding of privacy for normal consumers,” says Brown, something he says could lend power to the industry in creating enhanced visibility for law enforcement who are essentially the protectors of society. “The question is where that balance is to be struck; whether to extend privacy safeguards to consumers or to create greater transparency for nation-states to facilitate forensic inquires and gather evidence,” says Brown. “This is the great challenge of our time.”