If you are interested in a career in cybersecurity, you might want to explore the world of computer or digital forensics. A computer forensics specialist, or investigator, is also referred to as a computer forensics analyst or digital forensics examiner. Their job involves gathering, analyzing and investigating all sorts of computer and digital evidence and data. They may work for government agencies, law enforcement agencies, accounting firms, law offices, banks and financial operations companies, software development companies, and companies in the private sector that conduct investigations. Some computer forensics investigators opt to start their own businesses, hiring out their investigative services to clients in need.
This specialization within cybersecurity, which is fairly new, is a very important job and one that requires education and training. Computer cybercrimes are increasing, making the need for trained and qualified computer forensics investigators even more acute. Here, we will discuss what you need to do in order to become a computer forensics investigator.
Education Required to Become a Computer Forensics Investigator
Becoming a computer forensics investigator is highly dependent upon obtaining a minimum of a bachelor’s degree. The degree should be in cybersecurity with a computer forensics/digital forensics specialization, in computer forensics/digital forensics, or in a closely related area. Check out our guide to find an accredited Cybersecurity Bachelor’s Degree in your state. Examples of titles of degrees that would be applicable to becoming a computer forensics investigator include (but are not limited to):
- Bachelor of Science in Digital Forensics – University of Albany, New York
- Bachelor of Science in Criminal Justice, Concentration in Digital Forensics – ECPI University, Virginia and online
- Bachelor of Science in Cyber & Digital Forensics – Regent University, Virginia and online
- Bachelor of Science in Computer Forensics & Digital Investigations – Champlain College, online
In addition to earning a bachelor’s degree, you might also be required, by certain employers, to possess industry certifications. Some of the most common certifications for computer forensics investigators to have are:
- GIAC Certified Forensic Analyst (GCFA)– (SANS Global Information Assurance Certification)
- Certified Forensic Computer Examiner (CFCE) – International Association of Computer Investigative Specialists
- GIAC Certified Forensic Examiner (GCFE)-(SANS Global Information Assurance Certification)
- Computer Hacking Forensic Investigator (CHFI)-(EC-Council)
- EnCase Certified Examiner (EnCe)— (EnCase, Guidance Software)
- AccessData Certified Examiner (ACE) – AccessData
- CyberSecurity Forensic Analyst (CSFA) – CyberSecurity Institute
- Certified Computer Examiner (CCE)– International Society of Forensic Computer Examiners
- Certified Mobile Forensics Examiner (CMFE) – International Association of Computer Investigative Specialists
- Professional Certified Investigator (PCI) – ASIS International
- Certified Computer Forensic Technician – High Tech Crime Network
- Certified Computer Crime Investigator – High Tech Crime Network
The National Computer Forensics Institute (NCFI) holds online and in-person courses designed for specific training in computer forensics investigative areas. These courses are targeted to first responders, basic examiners who are new to computer forensic investigation, advanced examiners who are currently digital forensic examiners, and prosecutors and judges. Some examples of titles of courses they offer include:
- Basic Network Investigative Training
- Network Intrusion Response Program
- Basic Computer Evidence Recovery Training
- Memory Forensics & Malware Analysis
- Advanced Digital Evidence for Prosecutors
- Digital Evidence for Judges
Job Description & Skills Required for a Computer Forensics Investigator
Depending upon the employer, the job duties required for a computer forensics investigator may differ. The job requires technical skills that help investigators complete their investigations. Generally, however, the typical computer forensics investigator job description includes:
- Gathering digital information from computer systems
- Recovering deleted or encrypted files
- Recovering digital evidence onsite and in a lab
- Reviewing digital evidence
- Preparing computers and digital evidence to be used in court
- Interviewing suspects and witnesses about digital evidence
- Analyzing data found on disks
- Analyzing metadata in online posts
- Providing reports and testimony as required
- Advise law enforcement on reliability of digital evidence
- Train law enforcement in what to look for when handling digital evidence
- Work with law enforcement to find suspects using online data
- Coordinate with other forensic experts to ensure that current intelligence information is communicated in a timely manner
- Contribute to ongoing forensic system and network analysis to support daily vulnerability assessments, briefs, and general computer forensic operations
- Make sure that forensic investigation is done according to and in line with federal and local laws and standards
- Conduct forensic research on functional information systems, communication programs and foreign network systems
Skills that spell success as a computer forensics investigator include (but are not limited to):
- A keen interest in technology
- The desire to stay current with technological advances
- The ability to communicate effectively verbally and in writing
- Good analytical and problem-solving skills
- Excellent knowledge of computer networking concepts
- Knowledge of many different computer operating systems
- Knowledge of malware analysis
- Knowledge of encryption and decryption methods
- Ability to work well both individually and as part of a team
Computer Forensics Investigator Salary & Job Outlook
The U.S. Department of Labor’s Bureau of Labor Statistics (BLS) does not list salaries for computer forensic investigators, preferring to use the general term of information security analysts to encompass a wide variety of cybersecurity-related positions. However, Payscale.com does keep tabs on average salaries for forensic computer analysts, and, as of 2020, the average national salary for this occupation is $73,892. Additionally, Payscale.com has noted the top employers and salaries for forensic computer analysts as:
- Booz, Allen, Hamilton: $120,000
- Mantech International Corporation: $90,000
- Federal Bureau of Investigation: $77,000
- Transperfect: $77,000
- Sony Corporation of America: $71,000
Payscale.com also notes that the cities of Dallas, TX; Washington, D.C.; Arlington, VA; and Philadelphia, PA all pay forensic computer analysts higher than average salaries.
According to the BLS, the information security analyst field (including computer forensics investigators/analysts) is projected to grow much faster than the average expected growth for all other occupations. From 2019 to 2029, growth within this occupational classification is expected to be 31 percent. This means that if you get a degree with the intent of becoming a computer forensics investigator, you should be almost certain that you will be able to get a job in the near future.