Digital Forensic Analyst - How do I get there?

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Ok I have a science degree and I am currently doing a admin/internet orders job. I am studying A+ and I really want to aim being a digital Forensic analyst.

Thing is should I not bother with all these security certs and do a masters in forensic computer (uni westminister) or is there a way I can work my way up through doing the certs. And in what order of certs do I do?
What kind of entry level security jobs can i do? Or even volunteering in that sector? Cause if i do a masters I want to do it part-time (I suck at studying) and work somewhere relevant.

Also, what places am I likely to get this job? The met police? I am guessing trying at private agencies are much more difficult.

Thanks!

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Well from what I have seen Security jobs are even harder to get than networking jobs and no one walks into a networking job without any experience in networking or progressing from a support role.

As for forensic science I would think you should do the masters degree or try and get some sort of placement during a gap year.

 

I too, am afraid that you will have to work your way up. Even with Masters I don't think there are any shortcuts.

 

Er not really. Judging from all your responses, I was going a bit over my head

What would be entry standard security jobs?
If doing the certs was a good way of securing a security job then I'd go for it but masters always sounds better. In an ideal sense, I'd like to do some relevant security certs to get an entry job. With the job, I can do part time masters. But I really have no idea where to go to for entry jobs. Is being an IT desk support tech considered relevant in security?
And is there by any chance anyone here who works in IT within the NHS?

Thanks guys for the replies.

 

You'll probably have to start at help desk like everyone else, try looking at taking the Security+ after the A+ and N+. I'd guess getting some experience in ethical hacking would help you out as well.

 

There isnt really any entry level security positions - or if there are, they are incredibly rare. Just think on it - would you trust the security all of your corporate data/systems to someone without the experience to manage it effectively?

Most people will start out in an entry level role - helpdesk, etc - then slowly progress through roles/jobs that afford them a bit more in the way of experience/exposure to security related functions. You may start out by managing directory security on the filestructure, or have a bit of exposure to whitelisting/blacklisting of websites. Over time you will gradually gain experince that allows you to move further into the field.

There are a number of different paths into it to be honest (I considered pursuing that aspect once upon a time, lured mostly by the glitzy perception that I would be some sort of 1337 h4xx0r - but it wasnt really for me in the real world). Hopefully Zeb might pop in and detail his path (at least, I'm fairly sure zeb is in security at the moment)

 

Like I said No one walks into a networking job and getting a security job is even harder. These roles are usually got by working your way up to that level.

Unless you screw the boss and he/she likes it you will not get a security job until you have enough experience under your belt regardless of what certs or qualifications you have. In all seriousness you need to start at the bottom and work your way there.

 

Have a look at the criteria for the CISSP, that asks for a minimum of 5 years of on going Security Experience before you can even go for the exam. Now imagine what kind of experience you would need for a forensics position (you need to know all the back doors etc and the only way to know that is to have been doing it professionally for years).

Security is definitely not an entry level position and I wouldn't want to work for a company that expected the security of that companies network to be secured by someone with little to no commercial experience.

 

Just thought I’d give my two certs...I’m currently doing an Msc in Computer Forensics and could give you some ideas...

Computer forensics is a vast and growing field, which has some concerns with cloud computing but is very interesting and rewarding field to work within.

You can work with hard drives right through to mobile phones, GPS systems and other fun hardware looking to paint a picture of the owner(s) of some recovered device.

My university who does a lot of work with the London Metropolitan police force among other organizations states that Access Data FTK software package in the definitive package used within the UK, while guidance software’s Encase is the most popular state side.

Both Access Data’s FTK and Guidance Software’s Encase offer their own certification.
Access Data offers four certifications Summation Certified Enduser (SCE), Summation Certified Case Manager (SCCM), Summation Certified Administrator (SCA) and finally AccessData Certified Examiner® (ACE®).
These certifications also come with recommended courses Summation Fundamentals, Summation Case Management, Summation Administration, Loading Data and Enterprise Differentials and finally Bootcamp and Windows Forensics – XP.

The following is what FTK has to say about each of the certifications.....

Summation Certified Enduser (SCE)
Your Summation Certified Enduser credential will demonstrate your Summation abilities to an employer. Summation Fundamentals is the recommended coursework to become a Summation Certified Enduser but is not a prerequisite. There is no cost for taking the SCE exam and the student has two attempts to pass. If the student is unable to pass the SCE exam after two attempts, they will be required to take the Summation Fundamentals course or wait one year before being eligible to retest.

Summation Certified Case Manager (SCCM) [STARTING JANUARY 19TH]
Your Summation Certified Case Manager credential will demonstrate your advanced Summation skills similar to a Case / Project Manager to an employer. Summation Case Management is the recommended coursework to become a Summation Certified Case Manager, but is not a prerequisite. There is no cost for taking the SCCM exam and the student has two attempts to pass. If the student is unable to pass the SCCM exam after two attempts, they will be required to take the Summation Case Management course or wait one year before being eligible to retest.

Summation Certified Administrator (SCA) [STARTING JANUARY 12TH]
Your Summation Certified Administrator credential will demonstrate your advanced administrative and back-end Summation skills to an employer. The recommended courses to become a Summation Certified Administrator are Summation Administration, Loading Data, and Enterprise Differentials. There is no cost for taking the SCA exam and the student has two attempts to pass. If the student is unable to pass the SCA exam after two attempts, they will be required to take each of the above-mentioned courses (Summation Administration, Loading Data, and Enterprise Differentials) or wait one year before being eligible to retest.

AccessData Certified Examiner® (ACE®)
The ACE credential demonstrates your proficiency with Forensic Toolkit technology. Although there are no prerequisites, ACE candidates will benefit from taking the AccessData BootCamp and Windows Forensics – XP courses as a foundation. In preparation for the process, candidates are encouraged to test their knowledge of the skills acquired in the AccessData BootCamp and Windows Forensics – XP courses by reviewing their course manuals for the above-mentioned courses.

Please note that the FTK software is not cheap and is around £1000+ a year. All forensic software works on a sort of rolling yearly license where you would have to pay around £1000+ a year just to have the software, which makes this field quite expensive. Add in Encase and any mobile forensics software and computer forensics starts to look very expensive.

There is a silver lining though, FTK Imager is free to use and is a nice little tool that allows you to image hard drives and view files. You can download it from the following link http://accessdata.com/support/adownloads
Like AccessData, Guidance Software offers certification. These include; The EnCase® Certified Examiner and the EnCase® Certified eDiscovery Practitioner.

The EnCase® Certified Examiner
The EnCase® Certified Examiner (EnCE®) program certifies both public and private sector professionals in the use of Guidance Software's EnCase computer forensic software. EnCE® certification acknowledges that professionals have mastered computer investigation methodology as well as the use of EnCase during complex computer examinations. Recognized by both the law enforcement and corporate communities as a symbol of in-depth computer forensics knowledge, EnCE® certification illustrates that an investigator is a skilled computer examiner.

The EnCase® Certified eDiscovery Practitioner
The EnCase® Certified eDiscovery Practitioner (EnCEP™) program certifies private and public sector professionals in the use of Guidance Software's EnCase eDiscovery software, as well as their proficiency in eDiscovery planning, project management and best practices spanning legal hold to load file creation. EnCase eDiscovery is the leading eDiscovery solution for the search, collection, preservation, and processing of electronically stored information (ESI). Earning the EnCEP certification illustrates that a practitioner is skilled in the application of the solution to manage and successfully complete all sizes of eDiscovery matters in accordance with the Federal Rules of Civil Procedure.

Hope that helps you understand the two main players of forensic software, You will need to know networking, hardware and have some knowledge of computer law. So other certs such as A+, Network+ or any other networking certs for that matter would be good. Security + as well as other security certs will also help and any law background will be a major advantage.

Any other stuff let me know and ill try and help!

 

So... you've got a lot of classroom experience, but no real-world IT security experience, am I right?

What the others have already said is true: you're about as likely to walk out of college right into an IT security job as you are to get struck by a car and killed while on campus. You can collect all the degrees and certifications you want, but it's not gonna make much of a difference without having real-world IT experience.

 

Hi dood,
If I were you I'd do both, but be mindful of the age old problem of over certifying without experience.

Get your degree, get entry level certs A+, N+ and most likely a MCTS Windows 7 related cert and then start applying, if you can't get in anywhere (which with the current state of the job market and 900 people going for the same job, you most likely won't) then try volunteering with an NVQ IT placement.

I'm not sure there are any 'entry level' jobs in security, you'll need vast experience I'd expect, though a placement on your Uni course should make your options more clear.

Generally Police Constabularies contract out forensic work, so private agencies, though tough to get into, would possibly be your only option. I believe they have their own CCTV and video departments but that obviously is much more media orientated and the IP / CCTV cams are always setup by external companies.

I did see a job ad for a digital forensic analyst but it wasn't entry level and that was the only one I had seen in about 5 years. I think you'd be best getting your degree and applying for the police as you will sometimes be called into court to give evidence on your findings.

P.S If 'you suck' at studying why on earth are you wanting to do another degree AND how did you manage to pass the first one?!

Anyway good luck with what ever path you take, I think a visit to the careers advisor is needed here...

Phil.

 

I think you miss understood me, Im not looking to go down the security route, I just fancied studing a masters in a subject that interested me and offered some advice on what C.F certs are out there to the guy who asked about the subject, Im fully aware that I have no chance of landing a job in Computer Forensics without real world experience therefore, my personal plan is with some luck get onto a graduate scheme or entry level support role and pay my dues.

As for computer forensic certs Access Data's FTK are free but the cost of the yearly rolling software cost puts it out of alot of peoples budgets....

Out of curiosity would 3 years working on a PHD that looks at a real world issue such as taking a random amount of devices from ebay and other sources and looking at what personal data can be recovered to build a profile on the owners, count as real world experience?

As for entry level security aren’t penetration testers considered entry level security jobs? The only reason I ask is because my university offers a security master’s that includes tiger certification built within the degree and they keep bleating on about how it can get you an entry level pen tester job...

Just wanted some idea if they are talking complete bull or not lol

 

Sounds like grade A bull to me Wayne.

 

Thought so...The only entry security grads I've ever heard of are those lucky enough to get snapped up by GHCQ...

Uni's if only they told the truth...then again if they did no one would go

 

Having thought on it a little more, I suppose it's possible ... but I certainly haven't seen the like myself. Also if you are relying on people with little or no experience to do such a job, the mind boggles.

 

The only thing to 'count' as real world experience is real world experience...

 

Cheers for the advice Wagnerk, I must admit I've enjoyed my masters in Computer Forensics so far only criticism I have with it was the long lectures and the fact only one module actually involves doing computer forensics work..

Gutted about the job prospects for the future though...Been told Australia is great for IT jobs atm but not sure if I want to emigrate...Looks like grad schemes could be an option but completion is fierce.. Oh well gotta keep trying

For anyone interested in Computer Forensic courses in the UK I am currently doing my degree in University of Glamorgan...Here is a mini review of my course so far if anyone is interested

* Security Management
Really enjoyed this module as it covered a broad range of security issues...Topics taught included the following Technical Security Controls, Legal aspects of Security Management, Computer Misuse, Security Policies, Security Standards, Incident Management: Formal Aspects, Incident Investigation: Technical Aspects, The Information Security Officer, Security of Social Networks, Management of Risk and Threat, CI and Physical Security, Business in Context, Security Models for Technical Specification of Information Systems Security, Security of Mobile Devices, Security Challenges of Cloud Computing. We also had 2 guest lecturers one from the uni’s Information Compliance Officer and one from Bristol uni on financial fraud.

Module also included alot of group work discussions on different issues and a fun excerise where we were given a map of the uni and had to find the best route without being detected by security cameras etc...

* Network Security
Interesting but tough module especially since my undergrad degree only covered networking in the first year briefly...My undergrad degree mainly focused on databases, business and programming...The tutorials focused on using a WM image and running backtrack and lynx server and basically messing around with it...Good fun
Topics looked at included; Introduction to network security, networking and the local area network, networking and IPV4/IPV6, Networking and TCP, TCP port scanning, Networking and UDP, Creating Custom Packets, Routing IP Packets, Practical Internet Security, Network Security and Operating Systems, The Common Internet File Systems and the Server Message Block, Practical Network Security, Firewalls and Cisco PIX/ASA, IP Security and finally Embedded Systems.


* Independent Study in Computing
Basically produce your own journal article...Enough Said

* Computer Forensics
Currently our assignment is to find criminal evidence within an Iphone 3GS which is very interesting as well as perform a full investigation from start to finish on a external hard drive and give our finding in a mini court room on campus.

Topics covered included; Introduction to Computer Crime, Cybercrime, Before Arriving at the Crime Scene, ACPO & DoJ Guidelines, Evidential Integrity, Evidence Logs, Digital Crime Scene Considerations, Tool Testing and OSS Tools, Malware Forensics, iPhone Forensics, File Systems – Linux, File Systems – Mac, Analysis - Windows Artifacts III – Exif, Challenges: HDD & Damaged media, Analysis - CD and DVD, Witness in Court, Challenges – Malware, Analysis - Windows Artifacts IV – Applications, Mobile Forensics, Data Carving, Challenges - Future devices...

* Project Management & Research Methodology
Not covered this yet will probably involve the usual project management and research methodology stuff.


* Computer Law
Not covered as yet either, will probably focus on UK law

*Project
Usual individual project work...

Overall pleased with the course just wish they could have removed the independent study and added another forensic module..Been told that next year you will have the choice of either independent study or advanced forensics...bugger