If you are looking for an interesting and intriguing way to expand your tech skills, the field of computer forensics may be for you. Computer forensics technicians are starting to become in demand and the need for qualified security professionals continues to increase Computer forensic technicians are the techs who handle the computer hardware or software that may be used for evidence in a court of law. In this [article] I explained what the small business owner/tech should know regarding the forensic process. Now I will explain what it takes to become an actual computer forensic technician should you want to take your tech skills to a new level.
What is a Computer Forensics Technician?
Computer forensics is still a relatively new field, so defining what a forensic technician does can be difficult. Basically the technician applies reliable investigation and analysis techniques in order to discover potential evidence for legal purposes. Normally the forensic technicians will inspect storage media such as hard drives, flash drives, and cd’s/dvd’s. Mobile devices and their components are important as well. The basic responsibilities are:
- To acquire the digital evidence by carefully extracting the data.
- Preserve the data/evidence
- Analyze the data/evidence using proper protocol and specialized tools
- Present and report on the findings
Forensic investigations involve two separate scenarios,
1. The computer was used to commit a crime or involved in inappropriate use.
2. The computer was the target of a crime, such as being hacked for information, or used as a zombie in a botnet.
Forensic technicians are responsible for extracting and preserving three types of data from these computers:
1. Active data is the information clearly visible. Files, folders, programs, etc.
2. Archival data is data that has been backed up and/or stored. This could consist of backup tapes, CD/DVD’s, floppies, or hard drives.
3. Latent data is the data that has been deleted or overwritten, usually requiring specialized software tools.
Skills and Knowledge
The key aspect to being a forensic technician in any field is being able to protect evidence from intentional or accidental modification. In the IT world, this means protecting and preserving data. The forensics field has its own set of software and hardware tools for this specific purpose. The aspiring tech will need to be familiar with these tools. The following is not an exhaustive list but should cover the basic skills that a computer forensic technician should acquire. The skills sets and requirements will also differ according to type of employment situation and environment.
- Hardware duplication systems such as solo-3/solo-4 duplication systems.
- Solid computer technician skills-hardware and software
- legal concepts of criminology and criminal evidence and procedure
- IT Security Concepts
- Advanced knowledge of the Windows registry
- Using the Forensic Toolkit (Created by AccessData)
- Using Encase forensic software and e-discovery
- Incident response skills
- In some fields- Malware Analysis expertise
Certifications and courses
These are some of the more well known computer forensics certifications, though there are others on the market. Take a look at the requirements and target audience to decide which one would be best in your situation.
- GCFA- GIAC Certified Forensic Analyst
- EnCE Certification- EnCase Certified Examiner
- CCE- Certified Computer Examiner
- CCFE- Certified Computer Forensics Examiner
Many colleges are offering courses and degrees in computer forensics. Even pursuing a degree in criminal justice can open the door to becoming a computer forensic tech with just a few extra courses.