Cybersecurity and information technology are two of the fastest growing industries in the technology space. It is expected that with the growing adoption of technology and subsequent cyber attacks the need for cybersecurity professionals will continue to rise for decades. One of the most interesting fields of cybersecurity is digital forensics which is a discipline that focuses on the acquisition, recovery and analysis of digital artifacts and computer data for various law enforcement, government and business purposes.
Starting a career in digital forensics can be an exciting path and having a strong understanding in this field of study will form a solid foundation for your cybersecurity career. Whether your goal is to work as a security analyst, offensive penetration tester or rise to the level of management, understanding digital forensics will serve you throughout your career.
The first area of knowledge to learn is broad spectrum information technology. This is the basic stuff that you would learn in a CompTIA A+ certification such as how a computer works, computer hardware components, computer languages, networking basics and other essential elements of information technology. From here if you want to dive into a speciality such as networking to sharpen your skills as it will all be relevant when conducting digital forensics. The four main categories of digital forensics are computer forensics, mobile forensics, network forensics and cloud forensics. With this being said, understanding any one of these fields in advance is going to set you up for success.
The second area of focus you want to be familiar with is general cybersecurity. This is the type of knowledge you would gain from a Security+ certification or a university level program. Contrary to what many believe, you do not need to be an expert in cybersecurity and computer science to get into this industry although these will help. You will want to have a strong understanding of cybersecurity fundamentals such as the types of threats & attacks, common vulnerabilities, malware analysis, information system security fundamentals, cybersecurity jobs & functions, file systems and network protocols.
The third area of study are the various methodologies surrounding intelligence analysis, threat analysis and data analysis. This ranges from everything to the MITRE ATT&CK Framework, intrusion analysis and the Cyber Kill Chain to the use of advanced data analytics and Security Information and Event Management tools like Splunk. Also learning general analytic tools, techniques and concepts will also will assist you when conducting digital forensics. In a law enforcement environment digital forensics examiners will work with detectives to generate assessments and draw conclusions from computer data. If you can speak their language then you will be an invaluable asset to your department.
The fourth knowledge base to acquire when starting in digital forensics is an understanding of digital forensics tools, what they do and how to use them. There are many advanced tools that you can download off the internet for free such as Autopsy or FTK Imager. (Here is a list of free tools) You will stand out from the crowd by learning how to use one or two digital forensics tools before you start your career. Many of these tools are not intuitive or easy to learn and they take time to become familiar with. By mastering digital forensics toolkits before you start your career you will stand out from others who lack this experience.
The fifth category of study are general writing and research abilities. These abilities will generally be gained through the attainment of a university degree. If you don’t have a degree or experience with this type of work then you will need to develop the ability to conduct research and produce technical reports some other way. In any kind of professional cybersecurity environment whether it is law enforcement, government or business you will need to be able to clearly communicate your findings mostly in written form. In some cases you may also need to demonstrate the ability to verbally present forensic evidence whether it is in a court case, government briefing or corporate boardroom.
By educating yourself in these five areas of study you will create a strong foundation of knowledge and skills that will better prepare you for job interviews and real world experience once you get hired. Starting a career in cybersecurity can be extremely intimidating, especially if you are transferring from another industry. However, don’t let this stop you from pursuing your goals as the path is often not as difficult as one would believe. The industry is growing rapidly and professionals with these skills are in high demand. With these skills and a few professional certifications you will be well on your way to starting a career in digital forensics.