How to Become a Computer Forensics Techncian

Computer Forensics

If you are looking for an interesting and intriguing way to expand your tech skills, the field of computer forensics may be for you. Computer forensics technicians are starting to become in demand and the need for qualified security professionals continues to increase Computer forensic technicians are the techs who handle the computer hardware or software that may be used for evidence in a court of law. In this [article] I explained what the small business owner/tech should know regarding the forensic process. Now I will explain what it takes to become an actual computer forensic technician should you want to take your tech skills to a new level.

What is a Computer Forensics Technician?

Computer forensics is still a relatively new field, so defining what a forensic technician does can be difficult. Basically the technician applies reliable investigation and analysis techniques in order to discover potential evidence for legal purposes. Normally the forensic technicians will inspect storage media such as hard drives, flash drives, and cd’s/dvd’s. Mobile devices and their components are important as well. The basic responsibilities are:

  • To acquire the digital evidence by carefully extracting the data.
  • Preserve the data/evidence
  • Analyze the data/evidence using proper protocol and specialized tools
  • Present and report on the findings

Forensic investigations involve two separate scenarios,

    1. The computer was used to commit a crime or involved in inappropriate use.
    2. The computer was the target of a crime, such as being hacked for information, or used as a zombie in a botnet.

Forensic technicians are responsible for extracting and preserving three types of data from these computers:

    1. Active data is the information clearly visible. Files, folders, programs, etc.
    2. Archival data is data that has been backed up and/or stored. This could consist of backup tapes, CD/DVD’s, floppies, or hard drives.
    3. Latent data is the data that has been deleted or overwritten, usually requiring specialized software tools.

Skills and Knowledge

The key aspect to being a forensic technician in any field is being able to protect evidence from intentional or accidental modification. In the IT world, this means protecting and preserving data. The forensics field has its own set of software and hardware tools for this specific purpose. The aspiring tech will need to be familiar with these tools. The following is not an exhaustive list but should cover the basic skills that a computer forensic technician should acquire. The skills sets and requirements will also differ according to type of employment situation and environment.

  • Hardware duplication systems such as solo-3/solo-4 duplication systems.
  • Solid computer technician skills-hardware and software
  • legal concepts of criminology and criminal evidence and procedure
  • IT Security Concepts
  • Advanced knowledge of the Windows registry
  • Using the Forensic Toolkit (Created by AccessData)
  • Using Encase forensic software and e-discovery
  • Incident response skills
  • In some fields- Malware Analysis expertise

Certifications and courses

These are some of the more well known computer forensics certifications, though there are others on the market. Take a look at the requirements and target audience to decide which one would be best in your situation.

Many colleges are offering courses and degrees in computer forensics. Even pursuing a degree in criminal justice can open the door to becoming a computer forensic tech with just a few extra courses.



Chuck Romano

About the Author

Chuck Romano
More articles by me...
Chuck Romano is a business and technology professional with over 9 years experience in document imaging and 11 years in computer repair. Chuck provides results driven expertise in fields such as Healthcare IT, document imaging/workflow systems, marketing, and management.

Comments (0)

Comments are closed.