“Digital forensics” is a broad term referring to the search for and detection, recovery and preservation of evidence found on digital systems, often for criminal or civil legal purposes.
Digital forensics can sometimes involve the acquisition of evidence concerning events in the physical world — for example, recovering deleted emails that link a suspect to a murder or other crime.
It can also involve the acquisition of evidence concerning actions conducted within digital and online worlds, such as detecting how hackers broke into a confidential database.
One example of the important role digital forensics plays in criminal investigations is the Canadian murder case of Kim Proctor. Digital forensics investigators were able to follow a trail of digital evidence, including Wikipedia searches, instant messages, a confession in a World of Warcraft chat, Global Positioning System (GPS) data associated with an “alibi” text message sent from the scene of the murder and Google map searches for places to dump the body to the two teenage boys responsible.
What’s the Difference Between Forensic Security Jobs and Cyber Security?
As a sub-domain of the cyber security field, the difference between the duties of professionals working in digital forensics and those working in more traditional cyber security roles can be compared to the difference between a detective and a patrol officer in real-world policing.
The patrol officer’s task is largely to prevent offenses from occurring, or notice and take action when they’re happening. The detective’s job is to investigate offenses after the event, determine how they occurred and identify the party or parties responsible.
While there may be quite a bit of overlap in duties with other cyber security occupations, digital forensic experts focus on past events rather than the prevention of current or future happenings.
A digital forensic investigator will gather evidence from a particular computing device so that it can be presented in court, conducting a thorough digital investigation and building a documented chain of evidence.
TechTarget states that digital forensic investigators generally follow a standard set of procedures when investigating a crime. “After physically isolating the device in question to make sure it cannot be accidentally contaminated, investigators make a digital copy of the device’s storage media. Once the original media has been copied, it is locked in a safe or another secure facility to maintain its pristine condition. All investigation is done on the digital copy.”
“Investigators use a variety of techniques and proprietary software forensic applications to examine the copy, searching hidden folders and unallocated disk space for copies of deleted, encrypted, or damaged files.”
This evidence is then verified against the original device and collated in a finding report, which is leveraged in any subsequent legal proceedings.
Forensic Security Jobs: Is This Your Next Career Move?
Digital forensic experts are commonly employed by national, state or federal law enforcement agencies, but they can also operate in the private sector.
Among other possible employers are private investigation agencies, consulting firms or the security and IT wings of private corporations.
Computer forensics experts will generally need to be skilled in the use of specialized procedures, software and hardware.
Digital forensics experts generally have at least a bachelor’s degree in computer science or a related field. Additional certifications may be necessary, depending on the role in question, and are easily obtained through a variety of online courses.
To find out more about the benefits of earning your cyber security degree online, read our article: Why Smart Cyber Professionals Earn Their Degree Online.
The Rise of Digital Forensics
The federal Bureau of Labor Statistics (BLS) doesn’t publish employment numbers for digital forensic examiners or digital forensic analysts as a separate group.
However, as computers, mobile devices and other digital systems continue to play a larger role in virtually every aspect of society, the demand for digital forensic experts is likely to rise, much as it has with cyber security experts generally.
To provide a bit of context; the BLS estimates that job growth for information security analysts, a cyber security role that shares some duties with digital forensic analysts, is likely to increase 18 percent by 2024 – much higher than most other occupations.
As of 2015, the median salary for an information security analyst was $90,120 per year.
It’s clearly a lucrative market for those willing to seize the opportunity. To find out more about the different cyber security career paths you could take, explore popular jobs in cyber security.