Computer Forensics Training
Computer forensics training is a vital part of advancing in the exciting digital forensics career space. It is not necessary to get hired, but more advanced training, certification, and experience are normally part of the job requirements for advancement in a cyber forensics career. There is different kinds of training from official degree programs from accredited universities to certifications for forensic specialties. Determining which of these training paths you take is both directed by your employers requirements as well as what job you want to ultimately have.
Why do I need Digital Forensics Training
Many times entry level computer forensic employees wonder why they need formal training. The excuse I often hear is “I know computer’s better than anyone here, why do I need training?” It’s a valid question, but ultimately reveals a lack of understanding on the beginner’s part.
A computer forensics expert definitely needs to understand computers, needs to have experience in solving data and cyber problems, and needs to have a love for technology. No argument about that! But, the other side of digital forensics is that this is in fact a science. It’s a career path that helps solve crimes, unravel difficult court cases, and determines the guilt or innocence of a suspect. Our findings and analysis have huge ramifications and impact on a persons life or the future of a business.
Just like a scientist working on a new medicine, there are very specific procedures and protocols we digital forensic experts have to follow to make sure our testing and analysis are valid in a court room.
Using the scientist example – let’s say Dr. Bob knows all about chemistry and has made a great new miracle drug in his garage that will cure cancer. He goes out to the hospitals and doctor offices and says “My medicine cures cancer – give it to everyone!” Any self respecting doctor or pharmacist would ask Dr. Bob where his medicine was made, what tests he had run on it, could he prove that it didn’t have side effects or if it did what were they, and just basic facts about the safety and health of the medicine he had made.
Would you want to take Dr. Bob’s pill without knowing if it gave you a 3rd arm? Or perhaps it did cure cancer, but because of the dirty working conditions you would also catch Ebola if you took it.
Of course, for something as important as a medicine you would want more facts, you would want it to be tested and tested and tested, and you would want to make sure the manufacturer was following certain health and safety procedures.
Well, it is no different with a digital forensic specialist. If your analysis is to be trusted and believed to be valid in a court room then you need to be able to demonstrate that you did not tamper with the evidence, that your working conditions are such that no mistakes would be made, and that ultimately your testimony and results are trustworthy and reliable. A judge or prosecutor will be sending someone to prison or leveling a huge fine on a company based on your research – so it needs to be 100% flawless.
It is this extra level of repeat ability, careful execution, and professionalism that is taught in digital forensics training. Unfortunately, these more scientific qualities are also what keeps some fantastic computer experts from reaching their ultimate digital forensics potential. All they need to go from entry or mid-level position to senior associate and expert status is some basic computer forensics training to improve their professionalism.
Different Paths for Computer Forensics Training
There are two basic paths for continuing your education in digital forensics. You can improve your knowledge through a formal education and acquiring a forensics degree. Or you can increase your experience through certification in a digital forensics training program. Which path you choose is not as difficult of a decision as it might seem.
First, you need to decide what your ultimate career goal is. If for instance you are looking to become a Director of Information Security and make over $215,000 a year then you will need both a formal education and certification along with several years of working experience. If however you do not want to work in the public sector but want to put your computer forensics training to good use in the government sector then a certification is not required, but you will need a diploma. For instance, the FBI required a degree from a U.S. accredited university.
If you already have a degree or are working towards graduating then you are already well underway in your digital forensics training. Once you have the formal degree training it makes perfect sense to compliment that college degree with a specialized cyber forensics certification. There are several different certifications available all having to do with different subsections and branches of digital forensics, but the 4 most respected and qualified programs are discussed below.
Computer Forensics Certification
For your career goals if you have decided that a digital forensics certification is the right next step then you’ve come to the right place. Because of the relative newness of the digital forensics job and career there are a multiplicity of certification programs available. However, through our research and interviews there are 4 certifications that have stood the test of time, are deemed reliable and respected within the cyber forensics industry, and ultimately will benefit you and your resume no matter where you are in your career.
- Certified Forensic Computer Examiner
- Certified Computer Examiner
- GIAC Certified Forensic Analyst and Forensics Examiner
- Certified Hacking Forensic Investigator
Each one of these computer forensics certification have different specialties associated with them. We’ll examine each in detail.
Certified Forensic Computer Examiner – CFCE
This was the first certification that proved an individuals proficiency in using Microsoft/Windows based computers. The International Association of Computer Investigative Specialists (IACIS) grants the certification and it is strictly for law enforcement officers. The key here is in order to qualify for this certified computer examiner course you must currently be part of a law enforcement body. So, this certification is a great first step for a current FBI or Police Officer that would like to move into the FBI CyberTask Force or into their divisions computer forensics or digital forensics department.
Certified Computer Examiner – CCE
Although this certification sounds very familiar to the Certified Forensic Computer Examiner, the CCE is in fact very different. The CCE is for anyone law enforcement or private sector employees. However, it demonstrates to a potential or current employer:
- You have experience in performing computer forensic tasks
- You have no criminal record
- You are aware of new technologies and processes because of your continued CCE education
- You are competent both in doing the work as well as the textbook/scientific reasons behind digital forensics
The major prerequisites for you to become a certified computer examiner is no criminal history and at least 18 months of documented professional experience or training relating to computer security. Assuming you have that experience there is no reason not to get this computer forensics certification. It proves that you are well versed in all aspects of digital forensics and take your profession seriously, it is a signal to employers that you are motivated to work hard and you want to learn and advance within the company.
GIAC Certified Forensic Analyst and Forensics Examiner
The GIAC provides information security certification that is platform agnostic. This essentially means that if you hold a certification from the Global Information Assurance Certification (GIAC) then you are well versed in multiple programs, multiple data formats, and multiple operating systems. Unlike the Certified Forensic Computer Examiner that is tied solely to Windows machines the GIAC certifications relates to Mac, Linux, and Windows platforms.
Within this certification body they offer two digital forensics certification programs. Both are valuable to someone interested in moving up in their cyber forensic career.
GIAC Certified Forensic Examiner – GCFE
This is for any individual – law enforcement, government, or private sector – that needs to gain a better understanding computer forensic analysis. Although all GIAC are platform agnostic the GCFE program does have a leaning to Windows because that is most beneficial in today’s legal proceedings. If you successfully complete the digital forensics training and receive your computer forensics certification from the GIAC you are demonstrating that you have the skills and abilities, as well as the knowledge, to conduct the typical examinations required in e-Discovery. These skills typically include:
- Digital Forensic Analysis
- Computer Forensic Reporting
- Cyber Evidence Acquisition
- Internet Browser Forensics – Multiple Platforms
- Tracking User Activities on Microsoft Systems
This digital forensics certification proves to your potential employer that you are well versed in the legal ramifications and requirements to properly examine digital evidence and report your findings.
GIAC Certified Forensic Analyst – GCFA
This computer forensics certification focuses on multiple operating systems and platforms and demonstrates your proficiency not on examining devices but instead on collecting and analyzing data recovered from Windows and Linux machines. This certification is specifically geared towards individuals in the private sector that will be analyzing server logs, network intrusions, and hacking attacks against a corporation’s infrastructure.
After getting this digital forensics certification you will have the knowledge and skill needed to:
- Collect and analyze data from Windows and Linux based machines
- Conduct formal digital forensics incident investigations
- Handle advanced cyber incidents
- Handle internal digital data breaches
- Analyze external data intrusions
- Find advanced persistent cyber threats
- Understand hackers anti-forensic techniques
- Research real world complex digital forensic cases
As you can see this is a specialized coputer forensics certification program that is targeted at a security consultant or corporation’s internal security analyst that finds threats and eliminates, tracks malicious users, and finds the criminals behind cyber attacks. This digital forensics certification is an excellent choice for someone looking to specialize in cyber security.
Certified Hacking Forensic Investigator – CHFI
This computer forensics certification is administered by the EC-Council. It is specifically targeted at preparing a – law, government, lega, or corporate – employee to wage war against cyber terrorists and cybercriminals. If you need to show your employer or clients that you are well versed in advanced cyber security and investigation then this is the digital forensics training for you. The CHFI specially demonstrates your mastery of:
- Identifying Cyberwarfare against your government or corporation
- Track the cyber terrorists movements and probes against your network
- Prosecuting cybercriminals once caught
- Digital Evidence Acquisition
- How to handle digital evidence
- Competent digital forensics analysis
- Handling Data Breaches in a legal manner
- Preparing court cases against Corporate Espionage
- Analyzing and defending against insider threats
This digital forensics certification is different from a certified computer examiner or forensic analyst because it is specifically targeted at cyberwarfare and cyber terrorism attacks. Although the courses and training around this digital forensics certification are expensive, the vast amount of knowledge that you will acquire will be well worth it for anyone looking to pursue a career in the security sub-sector of computer forensics.
Computer Forensics Degree
We covered the most popular computer forensics certification above, but for many advanced and senior positions in the private sector or for any FBI or government job in digital forensics you need a computer forensics degree to demonstrate that you have had sufficient computer forensics training. There are several schools that offer specific computer security degree programs. However, for most positions a base degree in computer sciences, computer programming, or network administration is typically sufficient in showing your mastery of the basics of computers and network infrastructure.
However, if you have not had any formal education or are in the middle of your schooling and you know you want a career in digital forensics, then it makes perfect sense to get a degree in forensic science with a specialization of a digital forensics degree. Through a recent U.S. News survey there were 2 top schools that have fantastic computer forensics degree and computer security degree programs.
- Champlain College
- Listed as the Best Cyber Security Degree for Higher Education in 2013. They have an online bachelor’s degree program that is fantastic. However, the school which is located in Burlington, Vermont was ranked the 17th best college by U.S. News. They have a Digital Forensics degree program that trains students on the proper way of handling digital evidence involving computer crimes and how to properly perform computer forensics.
- University of Central Florida in Orlando
- UCF has an interdisciplinary computer forensics degree program that combines education from the computer science, criminal justice, and engineering school devision to prepare it’s students with the education and experience necessary to prevent, analyze, and track digital criminals and crimes.
Because digital forensics is a rapidly evolving and relatively new discipline most institutions have elected to deliver their computer forensics degree programs through their online education platform. When choosing an online digital forensics degree there are several choices, but US News has also evaluated these education facilities, too. Their list of the top 5 online institutions for a computer forensic degree is listed below:
- University of Alabama at Birmingham
- This school hosts the Center for Information Assurance and Joint Forensics Research. They are a hub of collaboration between different forensic specialists and offer an online degree program targeted at the digital forensics discipline.
- University of Rhode Island
- The NSA (National Security Agency) and the DHS (Department of Homeland Security) both have recognized URI as a National Center of Academic Excellence in the Information Assurance Education specialty. They have a fantastic computer forensics degree program.
- University of Maryland – University College
- UM offer’s a master’s digital forensics degree program. This is a rare offering, and elevates your scholastic resume by granting you the prestigious Master’s qualification. This advanced degree in forensic science is designed for professionals that are already working in a computer forensics or security career that are looking to advance their career by obtaining higher education.
- Boston University
- They have both offline and online computer forensics degree programs. Both are Masters degree programs that target Computer Information Systems and graduate certificates for Digital Forensic programs.
- Champlain College
- The school the US News ranked as one of the best on-campus schools for a computer forensics degree also received top ratings for their online program. SC Magazine named the online bachelor’s digital forensics degree program the Best Cyber Security Higher Eduction Program in 2013. This great rating also applied to their digital investigations program.
As you can see there are lots of options to get a degree in forensic science and could possibly be the right route for you if you plan to work in law enforcement, work with the FBI, or want a senior level corporate position. Regardless of your long term plans, a digital forensics certification can be obtained by anyone and will certainly help your chances in landing your perfect job. Computer forensics training will help you not only better understand the technical side of forensics, but will also improve the skills necessary to perform scientific analysis that will be admissible in court.