Computer Forensics Investigator

Computer Forensics Investigator

Computer forensics investigators often meld skills in criminal justice and info sec. In this growing field of information technology, they may play a key role in cyber sec and criminal investigations. If you enjoy detective work, this is a high growth field. About 31% more jobs are in store for skilled computer forensic analysts by 2029 according to the BLS. And a computer forensics degree may set you up to succeed.

What do Computer Forensic Analysts Do?

A computer forensic analyst typically looks for and describes digital artifacts. These artifacts may be evidence like deleted emails, SMS, MMS and JPEG images. And may be on computer systems, hard drives, CDs, and other devices.

Computer forensics investigators (CFIs) and analysts often work with law enforcement. They may also play a key role in bringing cyber crimes to light. When they work in the legal system, they could also analyze data, file reports and testify in court.

Digital forensics usually specialists work with firewalls, networks, data bases and mobile phones too. As such, they may also provide many services that relate to data recovery. One example is to find out how an unauthorized user hacked into a system. CFIs may also protect computer system, restore deleted and encrypted data.

Why is the area of Computer Forensics Important?

There are many reasons computer forensics could be important. This may be especially true if you manage info systems and networks. For one, it makes sure of the integrity and strength of the networks. As such, it is part of a “defense in depth” tactic and is key to security.

Computer forensics could play a role after a cyber attack, too. Knowing the legal and tech aspects could be useful. Having skills may ensure proper access of data. If data is damaged it may be ruled inadmissible. Knowing how to capture vital info on the network might be a key skill. It may help you preserve and analyze the data. It may help prosecute the case if you find the intruder.

Computer Forensics Investigator Degrees

There are CFI degrees at all levels including bachelor’s, master’s, and PhD. Bachelor’s in cyber sec and related fields are entry points to many careers. In fact, most info sec analysts (that includes forensic analysts) may need at least a bachelor’s according to the BLS. This could be in comp sci, info assurance, or a related area.

Take a look at several possible learning paths.

Bachelors:

A bachelor’s degree is often the starting point for this field. Students may learn to gather evidence. They may also learn about cyber thieves. Students may learn how to recover data from a variety of areas. They may also learn the laws related to the field. This type of education could also include looking for encrypted or destroyed data. Students could concentrate in this degree in a way that is important to them, such as in forensics for court systems.

This degree often takes about four years to complete. Much of it may involve learning computer system basics. Students may also learn about hardware, writing software, and setting up data processing systems.  Students who complete this program may work as a computer digital forensic investigator. They may also work as a computer programmer.

Some classes may include:

  • Operating System Forensics: This course often uses X-Ways forensics to aid and learn how to track the internet activities of a user. The students may learn to create timelines and learn about memory dumps.
  • Digital Forensics Analysis: In this course, students may learn how to examine digital evidence. Topics covered may include file systems forensics and mobile systems forensics.
  • Cybercrime: This class may show the students methods for investigating crimes. Topics covered may include analyzing devices as well as applying for and receiving warrants. The course aims to lead students through the entire process of dealing with cybercrime.
  • Mobile Forensics: In this course, students may learn to analyze mobile devices. This includes smartphones and drones. The students may use multiple tools and applications to conduct research and investigations throughout the course.

Masters:

Master’s degrees in digital forensics are grad degree programs. These often add an element of management. Aside from tech courses, you may learn how to lead teams and plan defenses. Some employers may prefer those who have an MBA in info systems too. MBA programs often look at the admin side of info sec. Things like how to budget, hire staff, and make data driven decisions may be taught.

Master’s students may learn to develop deeper problem solving skills. They also may learn how to analyze more complex scenarios. They may learn new methods of identifying, preserving, and analyzing evidence. Many work to manage the business side of forensics. Some may even develop skills to manage their own business in the field.

A master’s degree may be desirable for those who want to lead. This type of degree program tends to take 18 to 24 months to complete. Options might exist for speeding up that process, too.

Classes include:

  • Cyberspace and Cybersecurity Foundations: In this course, students may get the basic knowledge and foundation of cyber architectures, services, and protocols. Also covered may be components, programming languages, and security management.
  • Advanced Forensics: In this course, the student may work as a digital forensics investigator. They may learn how to collect and analyze data in a number of methods. This may include the cloud as well as servers. The students may also cover how to gather the evidence and what avenues legally to take to do so.
  • Digital Forensic Response and Analysis: In this class, students may learn the forensic tools of a digital forensics investigation. The students may also learn how to recover and reconstruct data from a number of different operating systems.

PhD:

PhD in digital forensics are research degrees. As the highest level of degree in the field, you may learn how to direct policy. Students at this level may also problem solve and test theory.

There could be a lot of flexibility in this type of program. Students may pursue areas that fit their career goals. They may choose a focus point. Others may choose to research and develop new theories. Advanced research is often a big component of this degree path.

This may also be a good place to advance skills. Having modern skills is important. That may include, for example, topics in virtual or cloud technology. It may also include new laws and industry trends.

This advanced degree could take 18 months to two years to complete. The length depends on what you wish to learn.

Classes include:

  • File System Forensics: In this course, the students may learn about the boot process and storage of digital data on computers. Students may also learn how to analyze file systems.
  • Cyber Forensics Principles: In this course, the students could learn how to understand the concepts of digital forensics and digital information. Students may look at software and hardware principles as well as techniques to analyze the data.
  • DF Research Methods: Students could learn how to perform research projects and how to present them. Analysis of case studies is performed as well.
  • Law and Forensic Sciences: In this course, students may get an understanding of how law and digital forensics work together. The class may cover all aspects of how the two work together and the proper methods for obtaining information and investigating.

What Skills Do You Need to Become a Computer Forensics Analyst?

The main goal of computer forensics experts is often to identify, collect, preserve, and analyze data. And do this in a way that preserves the integrity of the evidence collected. Especially so it stands up in a legal case. To do this, a Computer Forensics Analyst may need to be able to use and know industry software. Then also, solve complex problems with a systems mindset.

how to start a career as a computer forensics investigator

Computer Forensics Investigator Salary

Computer forensics investigators and analysts could earn above average salaries. In 2019 for instance, info sec analysts earned a yearly average salary of $74,216 according to PayScale. Since this is the midpoint, some earned more than this. And some earned less.

Salaries could vary based on experience as well as location. Other factors for this may include whether working in the private sector or public sector. There may also be varying salaries dependent on the industry in which the trade is applied. There are a number of other factors that could determine the overall compensation, not including a salary that is earned and awarded.

Experience Level and Salary Info for Computer Forensics Investigators & Analysts

The level of experience you have as a computer forensics investigator may impact salary too. Again, this may vary based on location as well as skill level when entering the field.

Experience LevelYears of ExperienceMedian Salary
Entry LevelLess than 1$63,000
Early Career1-4 years$70,000
Mid Career5-9 years$86,000
Late Career10-19 years$101,000
Experiencedover 20 years$99,000

Top Paying Cities

Another factor that could impact your salary in the field of computer forensics is the location in the United States. Some cities, like D.C. and Dallas, pay more than the national average at 24%. But on the flip side, some cities, like Chicago, pay 32% lower than the national average.

CityCompared to National AverageMedian Salary
Arlington, VA7%$80,000
Atlanta, GA-10%$67,500
Austin, TX1%$75,000
Baltimore, MD-4%$71,216
Boston, MA16%$88,437
Chicago, IL-32%$56,382
Dallas, TX24%$97,591
Detroit, MI-18%$62,738
Fairfax, VA15%$87,500
Green Bay, WI-45%$51,438
Herndon, VA-6%$69,764
Houston, TX-17%$63,434
Los Angeles, CA-8%$69,000
McLean, VA-3%$72,328
Nashville, TN-62%$46,000
New York, NY-4%$71,216
Philadelphia, PA3%$77,028
Pittsburgh, PA-16%$63,871
Racine, WI-43%$47,362
Reston, VA45%$134,815
San Antonio, TX16%$87,500
San Francisco, CA16%$88,000
Seattle, WA7%$80,000
Washington, DC24%$96,453

Computer Forensic Investigator Job Titles to Look For

As a growing career field, many job titles for computer forensic investigators exist. Some are computer forensic analysts, specialists, or techs. And others may go by these job titles. These positions may be with Homeland Security and in most cases are full time.

  • Digital Forensics Specialist
  • Forensic Computer Examiner
  • Information Security Analyst
  • Computer Forensics Technician
  • Security Consultant

Professional Resources for Computer Forensics Certifications

There are a number of groups and organizations to join and participate with as a computer forensics professional. Many of these groups work with law enforcement agencies as well as those working in the private industry.

National White Collar Crime Center

This organization works with law enforcement pros to educate on investigating, prosecuting, and prevention of cyber crimes. In place for over 40 years, it aims to provide significant training in high tech crime. A key component is teaching prevention methods. Individuals who wish to be a part of this organization gain access to ongoing information and training. Webinars and investigative resources are available.

Digital Forensics Association

This organization works to aid and educate pros in the digital forensics field. The group works to network and provide research for these professionals. It also is a research organization. That means they work to help to improve the industry as a whole. This is a strong community in the field. It provides education as well as forensic tools and resources for members to use. It is a modern organization with innovative resources.

High Tech Crime Consortium

This organization works with police and investigators to have the ability to help each other. They have been around since 1998. This is a specific focus. Its mission is not just to train. It also works to analyze digital evidence in a forensically sound manner. This can then be used for administrative needs. It may also be used for criminal and civil legal matters. It has a focus on digital, cyber, and online crimes.

Center for Internet Security

This organization works to be a resource for cyber security professionals. Currently, this organization has a no cost policy to join and be a member. It was founded in 2000. This organization’s goal is simple. It wants to make the connected world safer. It does that through providing insight and investigation services. The organization also offers tools to help with emerging threats. It aims to be a global industry leader in the field. That includes cyber threat prevention and protection. It works with many organizations.

National Cyber-Forensics and Training Alliance

This is a group founded in 2002 that works to combine the efforts of schools, industry, and law enforcement to collaborate to prevent cyber crimes. They work with professionals and students to share ideas and prevent these crimes.

COMPUTER FORENSICS CERTIFICATIONS 

Computer forensics certifications may help boost your resume. Some employers may only want to Certified Forensic Computer Examiners (CFCE). Choosing these may aid in securing jobs requiring more skill. Certifications help ensure a person knows key information in that specific field. There are a few ways to get the CFE Certification. Consider each as a valuable investment.

International Society of Forensic Computer Examiners (ISFCE)

Analysts who pass the ISFCE exam earn this credential. This is a private organization recognized globally. The organization is research focused. It works to ensure emerging technologies are always a part of their certification. Its certification represents professionalism in the industry. This high level of competency is critical in the field. Some organizations make it a prerequisite for careers.

International Association of Computer Investigative Specialists (IACIS)

This cert is for people with board approved training, who also pass the exam. Once you get it, you also need to renew it every three years. The organization works to certified professionals in the industry. It aims to ensure each forensic specialist is well trained in the latest skills in the field. That is one key reason it is necessary to continue training.

Advanced Computer System Security (ACSS) or Advanced Computer Forensics (ACF)

Another route that has fewer requirements is the ACFCE. These are ACSS or ACF credentials for analysts. If this is your goal, you have to provide proof of adequate work experience / training. It is then necessary to complete an exam. Several educational bodies offer these certifications.