Computer Forensics Expert: Doug
Q: In what ways do you feel your degree adequately prepared you for your computer forensics career?
A: My bachelor’s degree prepared me for the investigative nature of computer forensics. The courses towards my master’s degree have given me the in-depth knowledge of computers including hardware and software technology.
Q: Why did you choose to go into computer forensics?
A: I went into forensics because I was very interested in the law enforcement aspect of the field. I was unable to be a law enforcement officer due to a medical condition and I wanted a careerthat would allow me to work alongside law enforcement and to be involved in some of the same cases as my law enforcement counterparts.
A: I am very organized and detail orientated. I am observant and have the investigative mind. I also tend to think outside the box which helps in most of the cases I work.
Q: What steps does someone go through to get a job in computer forensics?
A: I think it is important to take forensic classes to have a baseline knowledge in the field. I also think it is important to practice at home with forensic tools and open source tools. Once someone is comfortable with the tools, they should begin to study for a vendor specific certification (EnCE or ACE) or a general certification (CCE).
Q: What are ways to advance in your field?
A: I believe that to advance in this field you need to have experience. An advanced degree and certifications show that a person is able to read and study and pass tests, but there is nothing stronger than experience. Experience in different aspects of computer forensics is highly regarded.
Q: What is the most enjoyable thing about your job?
A: I love the fact that every computer examination is different. Every case is different from the acquisition to the scope of the investigation/examination. I enjoy working with clients to determine a scope of the investigation.
Q: What is the biggest challenge regarding your job?
A: The biggest challenge of my job is that the computer forensic field is changing every day. A person must have the time and dedication to research the new software/hardware technologies.
Q: What are your daily tasks like?
A: I usually start the day reading computer forensic boards (guidancesoftware.com, forensicfocus.com and computerforensicworld.com). I then prioritize the cases for the day and start acquiring the new cases in the lab. While the computer is acquiring, I fill out the case folder forms and the chain of custody forms. Once the acquisition is complete, I begin pre-processing the hard drive. While that is going, I will move on to other tasks for other cases (parse out emails, review keywords hits, etc.). Once the pre-processing is complete, I begin work on the hard drive as per the scope of the case. At the end of the day, I record my notes electronically for all cases worked on and contact my clients to update them on the status of their case.
Q: What skills do you use at work?
A: I use communication skills when working with clients (usually lawyers or CEOs of major companies) and investigative skills while analyzing a hard drive. Being detail oriented is also extremely important in this field.
Q: What is one thing you didn’t know about computer forensics before going into the field that you wish you had known?
A: The one thing I wish I had known that testifying in court was required in the computer forensic field. I also wish I had formal training or conducted research into the techniques associated with testifying.
Q: What types of individuals end up being successful in this field?
A: People who are detailed orientated, have an investigative nature, enjoy dealing with people, and enjoy a challenging work environment will typically be success in this field.
Q: What would you tell incoming college students regarding the field?
A: Computer forensic is an up and coming field that has not yet scratched the surface yet. There are so many opportunities and specializations within the computer forensic field. It is a great field to be a part of.