Search
Generic filters
Search
Generic filters

FORENSICS

Computer forensics (also known as cyber forensics or digital forensics) in the simplest words means investigating, gathering, and analyzing information from a computer device in support of network vulnerability mitigation and/or criminal, fraud, counterintelligence, or law enforcement investigations.

Frequently Asked Questions

  • Forensics
  • What job can you get in digital forensics?
    • Digital forensic investigator
    • Computer expertise technician
    • Information security analyst
    • Digital forensics analyst
    • Digital/computer forensics engineer
    • Information systems security analyst
    • Forensic computer analyst
    • Cybersecurity consultant
    • Computer/digital forensic technician.
  • What does a digital forensics analyst do?
    Computer forensics analysts assist in the investigation of crimes and cybersecurity incidents. In many cases, they work to recover hidden, encrypted, or deleted information related to the case. They also safeguard the integrity of data by following a chain of custody that ensures its admissibility in court.
  • Where does a digital forensics expert work?
    Digital forensics experts commonly work in the criminal justice system. Many private industries also employ them, including companies in financial services, information technology, computing, network security, and defense sectors. Privately employed digital forensics analysts help buttress an organization’s internal cybersecurity team and provide an added safeguard in the event of a hack or cybercrime.
  • How does digital forensics work?

    Forensic investigators typically follow standard procedures, which vary depending on the context of the forensic investigation, the device being investigated or the information investigators are looking for. In general, these procedures include the following three steps:

    • Data collection: Electronically stored information must be collected in a way that maintains its integrity. This often involves physically isolating the device under investigation to ensure it cannot be accidentally contaminated or tampered with. Examiners make a digital copy, also called a forensic image, of the device's storage media, and then they lock the original device in a safe or other secure facility to maintain its pristine condition. The investigation is conducted on the digital copy. In other cases, publicly available information may be used for forensic purposes, such as Facebook posts or public Venmo charges for purchasing illegal products or services displayed on the Vicemo website.
    • Analysis: Investigators analyze digital copies of storage media in a sterile environment to gather the information for a case. Various tools are used to assist in this process, including Basis Technology's Autopsy for hard drive investigations and the Wireshark network protocol analyzer. A mouse jiggler is useful when examining a computer to keep it from falling asleep and losing volatile memory data that is lost when the computer goes to sleep or loses power.
    • Presentation: The forensic investigators present their findings in a legal proceeding, where a judge or jury uses them to help determine the result of a lawsuit. In a data recovery situation, forensic investigators present what they were able to recover from a compromised system.
  • Do digital forensics analysts need certifications?

    Candidates do not need a formally issued license to become a computer forensics analyst, but employers often prefer candidates who hold one or more of the following:

    • Global Information Assurance Certifications: GIAC certifications focus on incident response capabilities, and include seven unique programs as of 2020.
    • Computer Hacking Forensic Investigator: Offered by the world-renowned EC-Council, the CHFI designation appeals to professionals interested in investigating cybercrime.
    • Certified Forensic Computer Examiner: Delivered by the IACIS, the CFCE program includes two phases: a peer review phase and a certification phase. Candidates must recertify every three years to maintain valid standing.
    • Access Data Forensics Certifications: Access Data offers numerous specialized certifications for professionals who aspire to work in law enforcement settings.
  • How much does a digital forensics analyst make?
    According to the Bureau of Labor Statistics (BLS May 2019), the median salary for information security analysts was $99,730 in 2019. Those in the lowest 10 percent earned $57,810 or less, while those in the highest 10 percent earned $158,860 annually or more.
  • What job can you get in Digital Forensics?
    Digital forensic investigator Computer expertise technician Information security analyst Digital forensics analyst Digital/computer forensics engineer Information systems security analyst Forensic computer analyst Cybersecurity consultant Computer/digital forensic technician.
  • What does a Digital Forensics Analyst Do?

    Computer forensics analysts assist in the investigation of crimes and cybersecurity incidents. In many cases, they work to recover hidden, encrypted, or deleted information related to the case. They also safeguard the integrity of data by following a chain of custody that ensures its admissibility in court.

  • How does Digital Forensics work?

    Forensic investigators typically follow standard procedures, which vary depending on the context of the forensic investigation, the device being investigated or the information investigators are looking for.

    In general, these procedures include the following three steps:

    Data collection: Electronically stored information must be collected in a way that maintains its integrity. This often involves physically isolating the device under investigation to ensure it cannot be accidentally contaminated or tampered with. Examiners make a digital copy, also called a forensic image, of the device's storage media, and then they lock the original device in a safe or other secure facility to maintain its pristine condition. The investigation is conducted on the digital copy. In other cases, publicly available information may be used for forensic purposes, such as Facebook posts or public Venmo charges for purchasing illegal products or services displayed on the Vicemo website.

    Analysis: Investigators analyze digital copies of storage media in a sterile environment to gather the information for a case. Various tools are used to assist in this process, including Basis Technology's Autopsy for hard drive investigations and the Wireshark network protocol analyzer. A mouse jiggler is useful when examining a computer to keep it from falling asleep and losing volatile memory data that is lost when the computer goes to sleep or loses power.

    Presentation: The forensic investigators present their findings in a legal proceeding, where a judge or jury uses them to help determine the result of a lawsuit. In a data recovery situation, forensic investigators present what they were able to recover from a compromised system.

  • Where does a Digital Forensics expert work?

    Digital forensics experts commonly work in the criminal justice system. Many private industries also employ them, including companies in financial services, information technology, computing, network security, and defense sectors. Privately employed digital forensics analysts help buttress an organization’s internal cybersecurity team and provide an added safeguard in the event of a hack or cybercrime.

  • ADVERTISEMENT

    BOOKS

    Practical Guide to Digital Forensics Investigations

    THE DEFINITIVE GUIDE TO DIGITAL FORENSICS―NOW THOROUGHLY UPDATED WITH NEW TECHNIQUES, TOOLS, AND SOLUTIONS Complete, practical coverage of both technical and investigative skills. Thoroughly covers modern devices, networks, and the Internet. Addresses online and lab investigations, documentation, admissibility, and more. Aligns closely with the NSA Knowledge Units and the NICE...

    Read more
    ADVERTISEMENT

    COURSES & EDUCATION

    Certified Digital Forensics Examiner (CDFE)

    The course teaches the advanced concepts such as investigation of digital forensic incidents, usual ways to identify and discover anomalies in the stored data, data acquisition, forensic examination methods and smart devices investigation techniques. The course is ideal for the candidates willing to appear for the CDFE certification exam.

    Read more
    ADVERTISEMENT

    DEFINITIONS

    TOR  – Definition

    Stands for “The Onion Router. TOR is US Government-created (through the US Naval Research Lab) software designed to allow anonymous or semi-anonymous communication.

    Read more
    ADVERTISEMENT

    DOCUMENTS

    ADVERTISEMENT

    ENTERTAINMENT

    ADVERTISEMENT

    QUOTES

    ADVERTISEMENT

    TOOLS

    Welcome Back!

    Login to your account below

    Retrieve your password

    Please enter your username or email address to reset your password.

    Add New Playlist