Remember all those bespeckled forensics men and women on shows like BONES, COLD CASE FILES, and literally everything on Brit Box? The ones who solve complex crimes by piecing together bits and pieces of physical evidence? Well, while those geniuses are still out there, a new position is evolving that values the same puzzle-solving abilities but applies them in cyberspace. Introducing the Digital Forensics Examiner.
What they do
Unlike their Holmes-ian counterparts, digital forensics (DF) examiners find most of their clues in computers, digital devices, and the cloud. They uncover who had access to data, how they accessed it, and what they did with it—even when it seems that everything has been erased. And, like “real world” investigators, they must adhere closely to legal guidelines like maintaining chain of custody to ensure that whatever evidence they discover can be used without objection in court.
How they can help
With over $12 billion being lost to cybercrime in 2023, it’s clear that we need the skills and expertise DF examiners bring to the table more than ever. Not only can they help companies discover vulnerabilities when a cybercrime has been committed, but they can provide law enforcement with unimpeachable data they can use in court; many even serve as expert witnesses, providing testimony on the stand in a way that juries and judges can understand and make sound judgments about.
What tools they can use
DF examiners use an array of eDiscovery software and hardware designed to extract, analyze, and present digital evidence in ways lay people (and law enforcement) can understand. “Autopsy” is a DF platform that allows an examiner to plot a timeline of use for phones or computers, recovering deleted files, flagging phone numbers, and conducting keyword searches. “DumpZilla” allows the examiner to perform in-depth browser analysis from extracting cookies to recalling bookmarks and deleted caches.
How they got there
While 144 colleges in the U.S. offer a Bachelor’s degree in Digital Forensics (and another 78 offer Masters degrees), you can become such an examiner with on-the-job training as well. Those in this role often start in IT support or as a risk analyst. Likewise, those who study computer science, engineering, or applied mathematics tend to be uniquely suited (and equipped) for this line of work. In addition to standard education, the following certifications will help build your resume in this field: GIAC Certified Forensic Analyst, EnCase Certified Examiner (EnCE), and AccessData Certified Examiner (ACE).
Where you can start
Think this career field might be for you? Dip your toe into Digital Forensics Essentials to see if this is right for you. You’ll learn the foundations of this career field and get to work on hands-on projects to help you gain the skills necessary to land a job.