As much as I love CSI I am not delude to think that forensic investigator is as glamorous as shown on TV and considering it could take encase hours to do some processing I know that case are definitely not solved in an hour but I was wondering if some computer forensic jobs had more variety then other.
For example the majority of an investigator time is office based but do investigator working for law enforcement get to participate in raids at 4am and seize evidence where as those working in corporate forensic may have no need to go out and knock down doors.
Do law enforcement investigators go on different course to the private sector?
Or is the role of forensic/digital/computer investigator them same regardless of who you are doing it for?
I know there is a post about along the lines of law enforcement vs. private forensics, I don’t what to get into a debate about who is better etc I would just like to know which aspects of the job is different or the same between working as a digital investigator for a private/corporate firm compared to the same job for a law enforcement/ government agency .
Thanks in advance for any replies.
As much as I love CSI I am not delude to think that forensic investigator is as glamorous as shown on TV and considering it could take encase hours to do some processing I know that case are definitely not solved in an hour but I was wondering if some computer forensic jobs had more variety then other.
For example the majority of an investigator time is office based but do investigator working for law enforcement get to participate in raids at 4am and seize evidence where as those working in corporate forensic may have no need to go out and knock down doors.
Do law enforcement investigators go on different course to the private sector?
Or is the role of forensic/digital/computer investigator them same regardless of who you are doing it for?I know there is a post about along the lines of law enforcement vs. private forensics, I don’t what to get into a debate about who is better etc I would just like to know which aspects of the job is different or the same between working as a digital investigator for a private/corporate firm compared to the same job for a law enforcement/ government agency .
Thanks in advance for any replies.
One thing I won't miss when I retire is executing search warrants 8)
I did one 4am RAID in 7 years with the police, and I'm glad that I'll likely never have to do one again. It was 5 hours of waiting in the cold and dark, and 15 minutes of actual work.
Examiners working for police do tend to spend some time on raids, but then in the private field, we do tend to spend a roughly equivalent amount of time conducting field imaging, which is kind of like a raid, except that we're there with the consent of the owner (or a court order), it's much more civil, and there's no guns involved.
As for your question about different courses, there are training programs that are limited in enrollment to LEOs, but as a general principle the content of those courses could just as easily be learned in commercially available courses. There's almost no forensic methodology which is not widely known outside of law enforcement, and very little investigative methodology which is secret.
I went on one warrant where we had bad intelligence (we walked in on hundreds of servers and discovered three off-site locations) and ended up on site 72 hours, sleeping in cars for a couple of hours at a time. I did discover on that search just how cooperative companies can get when you inform them that they can either help out or watch all their computers get loaded onto trucks and carted off. ) They were really happy to see us leave after three days…
While much is the same (i.e. field time), there are some differences. One biggie is what is/not known in advance. In LE there are some clever ways to develop intell on your target beforehand, but many times you just don't know what you're getting into until you hit the door. That may also occur in the private sector, but not as often. I have found that experience in both sides has benefited the other side (i wear both hats). Another big difference is the parameters of the response. I have found that the private side tends to be more limited in terms of response parameters.
I have no idea what you are talking about.
We are all great looking, drive luxury cars, wear designer suits, have pads in Manhattan, LA and for weekends in FL, and really get to hang out with the cream of the crop.
After all, we are Forensic Investigators. mrgreen
As much as I love CSI I am not delude to think that forensic investigator is as glamorous as shown on TV and considering it could take encase hours to do some processing I know that case are definitely not solved in an hour but I was wondering if some computer forensic jobs had more variety then other..
"…if some computer forensic jobs had more variety then other."
Of course.
That said, what kind of variety do you want?
Back in the old days, mostly what I did was try and track down problems in large manufacturing systems. Usually user errors, or program errors, seldom a malicious attack.
Today, I mostly do PD defense work on kiddie porn cases (a nearly hopeless job, as most defendants seem to have confessed.)
And divorce/business asset-hiding cases (though there are a number of other things to look for….)
Lots of the work, like many occupations, is boring and routine–but vital that it be done correctly (to maintain evidence and a trail of custody.)
Acquiring images & analyzing them is pretty routine, but it requires some thought to know what sorts of things you might be looking for…and not everything hidden is a bad thing.
It is becoming more common for people to completely wipe their deleted filespace–not to hide anything in particular, but to prevent anyone from analyzing it for data to use for their own purposes.
It is no longer a smoking gun to find that anti-forensics software is or was installed. EVERYTHING that people do, is done on their computer–it takes a supreme act of will and thought to avoid using a computer in our society.
I'm also seeing an increase in the number of times one party has planted evidence (emails, files, cookies,) to make another party look like they're up to no good.
Criminal cases are usually a simple case of analyzing the data which the police have taken, checking their custody chain and searching for information which they may have missed.
But to understand the data, you MUST look outside the computer too. WHAT is in the data. WHY is in the person. So I find myself dealing with PI's & police detectives to understand the person behind the data.
Often I get people who will say there's no need to look, as the person doesn't know enough to have done anything. But there are two issues here, one is How do you KNOW what the other person knows? The other Who says they had to do it themselves?
The history of computer security is the same as that of any other security–very seldom has anyone given it a thought until burned.
When ATM machines were new, no bank would talk to anyone about securing the data lines…most went uninsured much less protected for the first several years–until they suffered losses.
(The banking industry depends so heavily upon an image of 'safe' that they have routinely let crimes go unreported over the years, because to admit that they had been compromised would be more expensive than the direct losses. This was particularly common on transfers.)
Increasingly, the data trail only starts at a particular machine, the WWW is an incredibly huge and dynamic place, and the information can be nearly anywhere.
As the impact of the fact that any information can be digitalized sinks in, more and more devices become merely specialized computers–and data can be stored on any of them.
People tend to use the tools they have available, in today's society, computers are ubiquitous, and their use for all matters, legal, illegal, shady & clear is becoming increasingly obvious.
Forensics is detective work, and whether you look at computer disks or footprints or bones, the material you have has a story, but interpreting that story is up to the detective.
We're not glamorous? <shocked look>