So you want to be a forensic analyst?

From Wikibooks, open books for an open world
Jump to navigation Jump to search
Introduction to Digital Forensics
So you want to be a forensic analyst?

Forensic analysis of computers is a discipline growing in popularity amongst both the forensic science and computer security fields. Several university courses now teach the basics and professional qualifications are on offer from the forensic software developers. Although the cost of entry into the field can sometimes be prohibitive the market for forensic analysts is still strong, and as time goes by the free software available to hobbyists is becoming more advanced.

Becoming an analyst probably, still, does not require a formal degree in the field. Most of the skills can be learned through training and simple experience. Being an analyst requires two main skillsets:

Attention to detail
Often investigations culminate in legal proceedings, either of the civil or criminal nature. To satisfy the, reasonably strict, rules of courts around the world digital evidence needs to be audited and carefully tracked. As detailed later in the book, digital media is easily altered and courts are still resisting evidence without a full audit log.
Unlike other areas of forensic science, digital investigations tend to be much more free form. They often require investigators to have a deep grounding in both the technical aspects of computers and the psychology of the computer criminal. Much of the latter is learned over time and practice.

Why read this book?[edit | edit source]

This book won't leave you a qualified forensic analyst though, hopefully, it will be a start in the right direction. Any reader, aspiring analyst or not, should find the book of interest. It can be a surprise how much information is stored, tracked and retained by your digital devices, and the sorts of activity that can be reconstructed from it.

Many of the techniques in this book translate directly to data recovery - so if you have deleted a file and need it back there may be some useful advice for you.

This book is for you if:

  • You fancy being a forensic analyst and want a lightweight introduction to the topic
  • You have a background in forensics, data recovery or computer security and want to expand your knowledge
  • You're a manager facing the daunting task of commissioning a digital investigation in your workplace (there is even a chapter just for you!)
  • You are an enthusiastic amateur with an interest in digital forensics

In short; if you have an interest and an inquisitive mind, this is a book for you.

Introduction to Digital Forensics
Introduction So you want to be a forensic analyst Requirements