There is no question that cyber forensics is a hot topic. Cell phone forensics, PC forensics, and other device forensics is a hot topic. Not only are more and more law enforcement agencies getting their own forensics detectives and labs, but more private firms are involved in forensics now. And there are some amazing tools. I have used Encase, FTK, OSForensics, Oxygen, and others. Every year each tool seems more packed with features, and many are remarkably easy to use.

But there is a problem, and one I am seeing in both my training and my forensics practice. That problem can best be described by considering other aspects of forensics. If I introduced you to a person, lets call him John Smith, and told you he was a forensic accountant, I bet you would assume he was a CPA, had an accounting degree, and several years of accounting experience before concentrating on forensic accounting. And you would be correct.   If instead I informed you that Mr. Smith performed blood and DNA forensic analysis, you would naturally suppose he had a background in biology and chemistry. And you would be right. If I suggested to you that we take someone with no biology or chemistry background, give them a couple of weeks of training and have them perform DNA and blood forensics, you would laugh at me. If I told you we should take someone who had never even had basic accounting courses and give them a few weeks crash course and they could be forensic accountants, you would think I had gone mad.

However that is exactly what is happening in cyber forensics. In both law enforcement and private sector. Frequently people with no computer science background, not one year of experience in any IT discipline, go and get training in basic procedures and one of the popular tools, and are now performing cyber forensic investigations. Without any solid foundation in basic computer science. I have seen this in private sector forensics in everything from small private investigation firms up to some of the larger forensic firms. I have seen it in law enforcement from small local departments, to major agencies. And it is a major problem.

I am not suggesting you absolutely must have a computer science degree to do cyber forensics. I am suggesting your background should include a thorough understanding of basic hardware, operating systems, and networking technology. Something equivalent to a minor in computer science, or perhaps the CompTIA A+ and Network+ certifications. And I consider this just the basic requirements. By no means ideal.   Now if you find yourself already practicing forensics, either in the private sector or in law enforcement, my advice is that you now go back and correct the gaps in your knowledge. Learn basic hardware, networking, and operating systems.


See this article on LinkedIn