Career Path for a Forensic Investigator

December 27, 2016 | Views: 12856

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Do you enjoy exploring how things work? Do you have a knack for interpreting the basic skeletal structure of any system with ease? Then digital forensics might be for you. So how do you develop the skills needed? You need to give yourself a great deal of theoretical and practical training before you are ready to step into the industry or into research. This article aims to present to you a study path, that would enable you to train yourself and be a skilled digital forensics expert.

First, you need to get a taste of what the field is all about. Two books that would assist for that are:
– The Basics of Digital Forensics by John Sammons
– Incident Response and Computer Forensics by Kevin Mandia

Collect information on the following topics:
– What is an incident?
– How to detect that an incident has occurred?
– What are the first response steps to be taken?
– How to contain the incident?
– When to call the Incident Response team?
– How to deal with the incident?
– How to resume normal operation after the incident?
– What are the measures to be taken to prevent an incident in the future?

Next, you need to understand Forensic Procedures. Certain rules and techniques should be followed when data has to be acquired from a target device.

Another book that has a great deal of information in addition to the two mentioned above is:
– Guide to Computer Forensics and Investigations by Bill Nelson, Amelia Philips, Chris Stuart (chapter 3)

Collect information on the following topics:
– How to acquire information from a target device?
– How to handle the device that is used to store the acquired data?

Concepts like data acquisition techniques, forensically clean media, forensic imaging, forensic duplicates, evidence integrity, forensic image restoration need to be studied.

Once data has been acquired, it needs to be analyzed for incriminating evidence. The brain of any electronic device is its operating system and file system working together because these are the two components responsible for organizing and storing the digital data. Once you have a generic idea for how a file system works, you would know where to look for evidence and how to get hold of that evidence. This calls to dedicate a reasonable amount of time towards understanding ‘File System Forensics’. Nowadays, the operating systems in use the most are Windows, Linux and Mac with New Technology File System, Ext File System and High-Performance File System respectively.
There is one book that goes by the name:
– File System Forensic Analysis by Brian Carrier
that is ‘THE’ book for ‘File System Forensics’. The author uses simple language and a solid number of practical examples to impart to the reader a considerable amount of knowledge about the inner working of file systems.

Also, you can dedicate a pen drive or a flash memory card for your forensic education. You can format it with any file system that you like, store any data in it and later forensically image it. Now you have your own evidence to practice with. You can view how files are stored, how deleted files are handled in the file system, etc. File System Forensics requires the usage of a good Hex editor. In short, it is surgery on the digital data.

In a crime scene, when you encounter a desktop or a laptop that is in powered on state, acknowledge that it holds a tremendous amount of information of evidential value. Collecting information from a system that is in powered on state is called ‘Live Forensic Investigation’. Train yourself to perform ‘Live Data Acquisition’ from systems running Windows, Linux, and Mac OS.

Now you have knowledge about forensic procedures and common file systems. Once you are satisfied with the skills that you have, you can migrate to step 2.

In today’s forward world, it is a common sight to see devices connected to the network. Data is always sent and received over the Internet. Footprints of all Internet-related activity is left on electronic devices. The next area to be explored is ‘Network Forensics’. Begin with unearthing network related data on Windows systems, then move towards Linux systems and Mac systems. You would encounter web browsing related activity and email related activity. However, there are more arenas like gaming sites, shopping sites, deep web, etc. So train yourself to acquire evidence proving such activities.

Other domains of interest to a forensic investigator are as follows:
– Memory Forensics
– Malware Analysis
– Database Forensics
– Cloud Based Forensics
– Mobile Device Forensics
– Smart TV Forensics
and more…

Learn a scripting language like Python or Bash. Scripts greatly assist a forensic investigator to automate large repetitive tasks.

For your practice, it may not always to possible to get hold of proprietary tools. You can practice with Open Source Tools. Many Linux distributions are available that come with tools for forensics. Eg: Kali, Caine, Deft, Sift, Santoku
The following book would guide you in this venture:
– Digital Forensics with Open Source Tools by Cory Altheide, Harlan Carvey
Be open to exploring new tools, writing your own tools and sharing them with the Open Source Community. It is the best way to put your knowledge to good use and also gain some in the process.

Keep yourself informed of recent happenings in the forensics world. Some magazines and forums to assist you for that are as follows:

Follow research trends and share your knowledge on platforms like this one:

Good luck to you!


Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. i really liked your article well organized, and informative.

Page 3 of 3«123
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?