±Forensic Focus Partners

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 0
New Yesterday: 4
Overall: 27389
Visitors: 39

±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

What should my major be? CS or Information Tech.?

Computer forensics training and education issues. If you are looking for topic suggestions for your project, thesis or dissertation please post here rather than the general discussion forum.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

What should my major be? CS or Information Tech.?

Post Posted: Tue Dec 31, 2013 9:53 pm

I am currently a sophomore in college, and I am really interested in a career in Computer/Digital Forensics, but I'm having issues deciding on a major. I can't find any school nearby that offers Computer Forensics specifically and it seems like most in the field hold a CS/IT degree. Now that it has evolved a bit I wanted to see if anyone had some recommendations.

I currently am a CS major, and I really want to stick with it, but what worries me is that it won't concentrate enough on security/network. After reading a few books on what the career entails, it seems like an IT degree would teach me more (not counting what I learn in my own time); please correct me if I'm wrong.

In regards to certificates, I am starting to prepare for them and learn as much as I can now, but when should I aim to actually obtain certs? Right after college grad? Or after I've gained some experience in the field?

Also, if anyone has any books they would recommend for beginners would be great appreciated.

Thanks again.  

mcarter52
Newbie
 
 
  

Re: What should my major be? CS or Information Tech.?

Post Posted: Wed Jan 01, 2014 1:44 am

- mcarter52
I currently am a CS major, and I really want to stick with it, but what worries me is that it won't concentrate enough on security/network.


IMO a CS degree is a good base for digital forensics. The advantage is the CS is broader than what I've seen so far from "Computer Forensics" educations (which are relatively new).

The downside might be that you're less familiar with handling evidence and other forensic procedures.

Also be aware that a large part of digital forensics (and IT security for that matter) is about "practical knowledge":
* knowing how the operating system/application works you are looking at
* knowing how the start of file format X or Y looks like in a hexviewer
* knowing how your digital device communicates with the Internet
* knowing how an operating system interacts with the file system (e.g file deletion)
* knowing what your operating system stores in memory
* knowing how your operating system interacts with an executable
* knowing how to write a simple script (being to automate simple tasks)
* etc.

It is unlikely that either a CS or Computer Forensics" education will teach to you this; to a practical usable extent that is.

A couple of things you could do first:
* do online forensic challenges
* try to get "practical knowledge" by e.g. being a system or network administrator for a while
* do some research, a lot of information is available on: www.forensicswiki.org/wiki/

Next you'll have to build up a "forensic analyst mindset"
* read up on your local law, what can and cannot do in the context of law (yes law is part of digital forensics)
* read up on local cases where digital forensic was applied
* experiment with different tools get a feeling of what goes wrong when representing information
* analyze a file format by "hand", maybe write your own parser/scraper for it
* read up on rethorics and related subjects: How do you approach an analysis? formulate the main question of your investigation? how do you hypothesize? (Thesis, antithesis, synthesis)
* etc.

Regarding books highly depends what specific knowledge you're after (even within the field of digital forensics).

I would opt that these are core reading material:
* Forensic Discovery [Dan Farmer, Wietse Venema]
* Real Digital Forensics: Computer Security and Incident Response [Keith J. Jones, Richard Bejtlich, Curtis W. Rose]
* File System Forensic Analysis [Brian Carrier]

Some in-depth information about operating systems:
* Windows Internals 6
* Mac OS X Internals: A Systems Approach

Some online resources:
* www.forensicswiki.org/wiki/
* en.wikibooks.org/wiki/..._Forensics  

Last edited by joachimm on Thu Jan 02, 2014 9:25 am; edited 1 time in total

joachimm
Senior Member
 
 
  

Re: What should my major be? CS or Information Tech.?

Post Posted: Wed Jan 01, 2014 5:55 am

- joachimm
- mcarter52
I currently am a CS major, and I really want to stick with it, but what worries me is that it won't concentrate enough on security/network.


IMO a CS degree is a good base for digital forensics. The advantage is the CS is broader than what I've seen so far from "Computer Forensics" educations (which are relatively new).

The downside might be that you're less familiar with handling evidence and other forensic procedures.

Also be aware that a large part of digital forensics (and IT security for that matter) is about "practical knowledge":
* knowing how the operating system/application works you are looking at
* knowing how the start of file format X or Y looks like in a hexviewer
* knowing how your digital device communicates with the Internet
* knowing how an operating system interacts with the file system (e.g file deletion)
* knowing what your operating system stores in memory
* knowing how your operating system interacts with an executable
* knowing how write a simple script (being to automate simple tasks)
* etc.

It is unlikely that either a CS or Computer Forensics" education will teach to you this; to a practical usable extent that is.

A couple of things you could do first:
* do online forensic challenges
* try to get "practical knowledge" by e.g. being a system or network administrator for a while
* do some research, a lot of information is available on: www.forensicswiki.org/wiki/

Next you'll have to build up a "forensic analyst mindset"
* read up on your local law, what can and cannot do in the context of law (yes law is part of digital forensics)
* read up on local cases where digital forensic was applied
* experiment with different tools get a feeling of what goes wrong when representing information
* analyze a file format by "hand", maybe write your own parser/scraper for it
* read up on rethorics and related subjects: How do you approach an analysis? formulate the main question of your investigation? how do you hypothesize? (Thesis, antithesis, synthesis)
* etc.

Regarding books highly depends what specific knowledge you're after (even within the field of digital forensics).

I would opt that these are core reading material:
* Forensic Discovery [Dan Farmer, Wietse Venema]
* Real Digital Forensics: Computer Security and Incident Response [Keith J. Jones, Richard Bejtlich, Curtis W. Rose]
* File System Forensic Analysis [Brian Carrier]

Some in-depth information about operating systems:
* Windows Internals 6
* Mac OS X Internals: A Systems Approach

Some online resources:
* www.forensicswiki.org/wiki/
* en.wikibooks.org/wiki/..._Forensics


Thank you so much, that is some great info Very Happy Very Happy Very Happy  

mcarter52
Newbie
 
 
  

Re: What should my major be? CS or Information Tech.?

Post Posted: Wed Jan 01, 2014 8:29 am

Joachimm is spot on. I would add that a CS degree would be better than a degree in Digital Forensics in respect to wider career options should you be unable to make entry into the field or if you decide that you'd rather follow a different path.

Also, have you considered minoring in criminal justice?
_________________
Some things you just can't "unsee". 

miket065
Senior Member
 
 
  

Re: What should my major be? CS or Information Tech.?

Post Posted: Sun Jan 05, 2014 9:47 am

- mcarter52
I am currently a sophomore in college, and I am really interested in a career in Computer/Digital Forensics, but I'm having issues deciding on a major.


My grandmother was still not sure what she wanted to do when she grew up even in her eighties... Grin. She had so far been a lawyer, mother, politician, and US Ambassador. The trick is not to worry about it to much and just get the most sale-able education and experience you can while you have the chance. Keep this in mind; there are very few forensics jobs available, there are way more computer security jobs but they are still limited, and there is a galaxy of computer jobs available.

Next thing you need to consider is money. At the end of the day you need enough to be happy for the rest of your life. There are those who are happy following their dreams whatever may come. But if that is not you then you better figure out how much money you can make before you specialize. Here in the US there are essentially three kinds of forensics folks (and yes I am going to generalize here but I do not want to write a book). The largest group are those who work for law enforcement/government. Many make a reasonable salary but very few will ever break 100K per year and most are around 30 to 60 k. Then there are the folks who work for a forensic shop. These people are in the same bucket as the group working for LEO and Gov from a pay standpoint but in most cases have worse benefits. Finally there are the folks who have hung out their own shingle and may employ a few people. The last group can easily make over 100K but all of them have some other specialty that makes them special enough to charge very attractive rates. In any case right out of the door from your University, if you can find a forensic job, you will be at the bottom of the bucket from a pay standpoint.

I can't find any school nearby that offers Computer Forensics specifically and it seems like most in the field hold a CS/IT degree. Now that it has evolved a bit I wanted to see if anyone had some recommendations.


That is because it is a niche skill with very few opportunities for employment. Universities are money making operations and they provide training based on demand.

I currently am a CS major, and I really want to stick with it, but what worries me is that it won't concentrate enough on security/network. After reading a few books on what the career entails, it seems like an IT degree would teach me more (not counting what I learn in my own time); please correct me if I'm wrong.

I hired over 300 IT and Security people in the last few years. If you did not have a degree you did not get past my recruiters to me. After that your experience was king. If I needed to further down select I looked at your certs. One thing that is pretty constant for the people I hire is that during their University they worked in the IT field. Either formally at a job or informally as part of an open source development team. You either live/love IT and it shows or you are a regular Joe just putting in the time for the bucks. I have no time for clock watchers and neither do my customers.

In regards to certificates, I am starting to prepare for them and learn as much as I can now, but when should I aim to actually obtain certs? Right after college grad? Or after I've gained some experience in the field?
Many certs worth having have an experience requirement. Start looking at those and figure out how to get that experience. Otherwise get a bunch of certs to hang on your wall.

In summary. Get the broadest education you can that will prepare you to do something you like and has the chance of getting you paid at the level you think you will desire. Do something now you can put on your resume. If you wait until after school you are to late. Consider forensics as a goal but build in some other goals that are more likely to get you hired so you can then build up to the forensics job you want. Never stop learning. Your degree will be a useful tool but it is not the end of the line education wise.  

InfoSecCow
Newbie
 
 
  

Re: What should my major be? CS or Information Tech.?

Post Posted: Sun Jan 05, 2014 2:03 pm

Just for the record, in the 1 (one) Uni offer that I actually checked, it was more or less the same stuff in every course, only in different order, see this thread:
www.forensicfocus.com/...c/t=10903/
and particularly the comparison table:
www.forensicfocus.com/...1/#6568731
s18.postimg.org/6gro6b...ds_BSC.jpg

I guess noone will ever actually enter in the details of a "Computer Forensics" degree over a "Computer Forensics and Security" (or viceversa), and each Uni offers slightly different modules for similarly named courses.

As other people said, allow me to doubt that choosing one course over the other will provide you with anything "more relevant" in order to get a job, your personal inclinations/attitudes and the work/study/passion that you put into it besides the university courses may be much more relevant.

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 

jaclaz
Senior Member
 
 
Reply to topicReply to topic

Share this forum topic to encourage more replies



Page 1 of 1