Several people have asked me how I got started in computer forensics and security. I thought I would share my experiences.
How I got started:
Back in the late 1990s I indirectly participated in my first investigation. I was assisting in a corporate case. Essentially my job was to help the investigative team restore Exchange 5.5 backup tapes for examination in an offline lab. This took days of my time, often spending several late nights and weekends restoring the databases and preparing servers for the investigative team. Since everyone was working around the clock we needed to ensure that the investigative team always had evidence to examine. Once a particular set of evidence was gathered the master document, known as a chain of custody form was updated. The same form was updated once the evidence was check in or out. Storage containers were provided by the local police for each backup tape so the container numbers had to be updated on the chain of custody form, etc. This was a tedious process but it had to be maintained for the court. This process went on for several weeks, I learned a lot in the process. As it turned out I had a knack for investigative work. I really enjoy solving puzzles so this work was really interesting to me. It was not only a break from my day job to being an Exchange Administrator it was really cool stuff. I took pride in knowing that I was helping track down possible criminal activity.
Deciding to pursue a 2nd career in computer forensics:
Once I decided I would go into the world of computer forensics I headed to the library, the bookstore and the web. At this time (early 2000s) there was little published information compared to what is available to day. I picked up a book titled “Computer Forensics: Computer Crime Scene Investigation” by John Vacca. This book was very helpful because it included a CD with some tools, this was the first time I actually got to play with some real forensic tools such as Recover98, RecoverNT, and the Coroner’s Toolkit. After playing around with the tools in this book as well as any other tool I could find on the internet I decided that I needed a formal education. At this point I was making a good living as an IT Professional and had no degree under my belt. I started checking job listings on various forensic sites such as Forensic Focus (
http://forensicfocus.com) and Computer Forensics World (
http://www.computerforensicsworld.com) as well as listings on traditional job boards such as DICE and Monster. What employers were wanting at that time were people with law enforcement backgrounds and a minimum of a bachelors degree. Since I always wanted a degree I decided to pursue a Bachelor of Science in Computer Science degree. What I ended up getting was a Bachelor Degree in Computer Information Systems with a concentration in Computer Forensics. What this meant was I attended four to five computer forensics classes as electives for my BS CIS degree. In hindsight this was probably the best approach for me since I got my education, learned more about programming, and computer forensics in the process. I might have chosen differently had there been any degree programs in computer forensics at the time.
Landing the first official computer forensics gig:
Shortly after graduation with my newly printed diploma in hand I thought it would be easy to land a computer forensics job. I was counting on having my years of Microsoft and general networking skills to at least get me in the door. After several interviews I got several offers but there was one problem. They were either entry level or internship offers. This would have been great but there was one problem. I was making more than double than the highest offer I received. For a single person this would not have been as much of a burden but with kids to feed, mortgages, and not to mention cars to pay for I was not in the position to take any of these offers. A few years later I went to work for a large ISP with a sizable security department. After working for the company for a few years I decided to see about transferring over to the security division. After completing a few trial projects for the department I was able to complete the move. For a while I assisted in various projects but I did not get a solo project until I decided to take my education more seriously and pursue a Master’s Degree program in Digital Forensic Science.
The work can be very tedious and requires an attention to detail. Everything also needs to be documented, criminals have walked because of a documentation technicality. This is not a 9 to 5 job, there has been many times that I have accepted evidence after 5PM on a Friday or had to work weekends. I’m often working in cramped office spaces, cold labs, or in windowless conference rooms. I’m often at my computer for 12 to 18 hours a day. I do take short breaks, usually 10 minutes every hour to stretch or to take a short walk to get water or coffee. There is often a sense of urgency to the work and a lot of interaction with all kinds of people working with a case. Good communications skills are a must!
Master’s Degree in Digital Forensics:
After reviewing several college level programs I started the Master’s of Science in Digital Investigative Management program (MSDIM) at Champlain College, located in Burlington, Vermont. Although the degree program was 100% online there was a residency requirement to fulfill. I traveled to Burlington, VT to attend a long weekend session with dozens of other Master’s Degree students. The session was more management focused and we had to do various activities such as Myers Briggs Assessments and other exercises. I found out that I was an ISTP which breaks down to Introversion, Sensing, Thinking and Perceiving. More information can be found here
http://psychology.about.com/od/trait-theories-personality/a/istp.htm. Anyway, the program started with basic management concepts that I appreciate today. About a third into the program Champlain created another forensic degree program that was more technical in nature. This was called the Master’s of Science in Digital Forensics Science (MSDFS). I transferred into this program because it was more technical in nature and it did not require a forensic accounting class. ;-)
The MSDFS program was where the rubber met the road! Each class was harder than anything I had experienced in school thus far. After each eight week class period I needed a break! I only got a week between each class. There was several labs and papers due throughout each class, there was a written assignment due almost each week as well.
Closing Thoughts:
Earning a Master’s has been one of my greatest achievements and my kids are have taken notice. My son is already planning the colleges he wants to apply to and he is still in the 8th grade! The talk around the house has changed from “if” I will go to college to “when”. Working as an Incident Response/Computer Forensics professional has been rewarding and challenging. The work is often tedious and demanding. I can’t tell you how many family gatherings and social events I’ve missed because of work since I’ve lost count. However, it is also gratifying since I help make a difference in the lives of others. I prefer to work in the private sector but there are plenty of public sector jobs as well. I hope this helps anyone who is thinking of starting a career in computer forensics. It is not for the faint of heart but it is worth it!
Saturday, January 31, 2015 at 12:42PM 
