Hello, all! I am yet another aspiring DF major. A little background on me I am 24, live in the US (Northeast OH), married, and have a 6 year-old stepson. I completed a year of the RN nursing program at my college before realizing that while I want to help people, I am more concerned with well-being than strictly health, if that makes sense to any of you. I am taking this program through my local community college, and I will link to it in case my course progression has a relation to the answer for any of my questions (http//
I start this program in January, and I am hoping to fly through it- I get along with electronics much better than people, anyway. Ideally, I will graduate in three semesters instead of four (I am starting the "schedule overload" paperwork this week- we shall see what happens). I would like to think that I am one of the more realistic people getting into the field- I know others who expect to make 60k out of college, who think their life will be a re-enactment of NCIS episodes, etc…. And while I am excited, I am trying to keep both feet on the ground.
In any case, I would like to ask a couple of questions. I did some searching, with varying degrees of success. If there is a post that I missed that would help answer my questions, by all means link to it! )
1. When should I start looking for internships? I have found a couple that state "Digital Forensics Majors" may apply, but not where in the curriculum I should be to not look like a fool for applying!
2. While I do not have any occupational IT experience, I am the family / neighborhood go-to guy when computer issues arise. Is there any way of working that into a CV, or am I stuck with the "no related experience" stigma?
3. Certifications. From reading the increasingly terse replies on the topic, I get the impression that it is a topic that has been discussed ad nauseum. I will not ask which is "best" or anything of that nature. Instead, I am curious as to which certs are easily obtainable for someone who has a little money, but not a lot, and has to juggle work, school, and a family. I can always take more intensive certs over the summer if I have no classes; but which are "easier" for someone with a full life? Assuming, of course, that I have a least a passing familiarity with things considered a prereq (for the expensive course whose name escapes me now that requires you to take the pre-test, I scored an 86 or 88).
4. What sort of "layman" jobs can I look for that would be considered at least tangential to DF? Tech department salesman at Best Buy? Geek Squad at Best Buy? Other than those two, I am coming up dry. Any ideas?
5. Heh, I am just throwing this out there for kicks and giggles, but anything is worth a shot! Are there any DF workers in Ohio who wouldn't mind some free slave labor? He'll, I'd be willing to sweep the place up at night as long as I were allowed to look over a shoulder and ask a question once in a while!
There's my long rant! I am looking forward to your response(s)!
-Vlad
114 views and no responses? What did I do wrong? D
I am in the same boat as you, relatively and just wanted to respond with what I plan on doing from what I have seen so far. I have a B.S. comp sci and currently going into my second semester for a M.S. in digital forensics.
1. For the internship, I would speak with a professor within the curriculum. All programs will accelerate at a different pace and you might have a decent knowledge base earlier than someone in a different program. If you can't get a solid answer from a professor, do a self assessment; look at the coursework and gauge your self study, see where you will be confident to take on the basic task work that would be asked of an entry level DF tech/analyst.
2. Your experience is your experience. No need to downplay it as non related material, but dont make it sound like you can lead, or even start a forensically sound investigation on your own. I have applied for a small number of jobs, VERY FEW, that were above my ability being that I am just starting out. Worst is that it gets throw out and I get no call. Maybe I annoy someone in HR for wasting a few moments of their time…but just maybe someone sees something, maybe for a different position or more entry level that would better suit me. Can't hurt.
3. For non-LE, it seems the CCE and EnCase would be decent starter certs. At least that is the order I plan on starting next semester. CCE will lay the groundwork you need to know that isn't vendor specific and having EnCase will get you passed the HR buzzword searches that are done for jobs that specify it. Again, I do not pretend to be an expert, so if anyone can offer advice in this area, please do.
4. Im not sure there are IT jobs, outside the realm of security, that can DIRECTLY correlate to forensics…that being said, knowledge of OSes and networks can definitely, indirectly, make you a more knowledgeable investigator down the road. I spoke with an IT consultant about this b/c I plan on pursuing an IT specific cert path along with my DF studies; so I asked his opinion about the Microsoft MCITP route or Cisco CCNA. His reply was 'well, both'. MS will give a good OS foundation for knowing what belongs or was altered and how things work in general if investigating, say…a corporate server or exchange server and the Cisco route to understand basic networking, intrusion detection/prevention and other hardware that is involved.
5. I asked my professors this question as well. One told me to look into joining/attending a forensics organization conference, such as the HTCIA and also to look at lawyer offices or private investigators and see if they will take on an entry level employee.
I think you will find you are in the same boat as well as tons of others, because the market is saturated, you will start with 0 contacts, and the cost to get started is significant if you don't find work with a company.
As far as joining an organization and then talking about lawyers or private investigators. Most lawyers don't want anything to do with someone who is involved with an organization which doesn't allow defense work. In the same sense most organizations who are LE or Defense based want nothing to do with anyone who does defense work.
So if your goal is really to help people. You have to figure out if LE or the private sector helps people. I get so many calls where people want to put away the bad guy, forgetting the "bad guy" is innocent and has rights. No one wants "bad guys" to have rights until it lands on your front doorstep and it's your friend, your son, your brother, your mother, who gets arrested and then you want all the rights.
Think about the path you take and even if you go into LE or defense work, remember everyone has rights.
I am in the same boat as you, relatively and just wanted to respond with what I plan on doing from what I have seen so far. I have a B.S. comp sci and currently going into my second semester for a M.S. in digital forensics.
You're already far ahead of me, methinks! ) At least you have a Bachelor's in a related field! I'm happy to hear about what you're doing, and if I happen to find any helpful information, I'll be sure to share it with you!
1. For the internship, I would speak with a professor within the curriculum. All programs will accelerate at a different pace and you might have a decent knowledge base earlier than someone in a different program. If you can't get a solid answer from a professor, do a self assessment; look at the coursework and gauge your self study, see where you will be confident to take on the basic task work that would be asked of an entry level DF tech/analyst.
That seems very much common sense, now that you've said it! Kinda feel silly for asking, thank you for fielding a 'stupid' question! I suppose this answer would also depend on the internship; there is a difference between an internship somewhere that will hold your hand, and one where you're expected to be a true "assistant".
2. Your experience is your experience. No need to downplay it as non related material, but dont make it sound like you can lead, or even start a forensically sound investigation on your own. I have applied for a small number of jobs, VERY FEW, that were above my ability being that I am just starting out. Worst is that it gets throw out and I get no call. Maybe I annoy someone in HR for wasting a few moments of their time…but just maybe someone sees something, maybe for a different position or more entry level that would better suit me. Can't hurt.
That sounds like a good idea, also. DId you apply for the higher level jobs at a place that you'd also applied for lower-level jobs, or would HR see you applying for both and get confused / annoyed?
3. For non-LE, it seems the CCE and EnCase would be decent starter certs. At least that is the order I plan on starting next semester. CCE will lay the groundwork you need to know that isn't vendor specific and having EnCase will get you passed the HR buzzword searches that are done for jobs that specify it. Again, I do not pretend to be an expert, so if anyone can offer advice in this area, please do.
From the standpoint of the asker, the advice looks sound to me. With EnCase being $200 and CCE being $750, it is certainly reasonably priced, a good way to get a couple of initials after my name, at least! )
4. Im not sure there are IT jobs, outside the realm of security, that can DIRECTLY correlate to forensics…that being said, knowledge of OSes and networks can definitely, indirectly, make you a more knowledgeable investigator down the road. I spoke with an IT consultant about this b/c I plan on pursuing an IT specific cert path along with my DF studies; so I asked his opinion about the Microsoft MCITP route or Cisco CCNA. His reply was 'well, both'. MS will give a good OS foundation for knowing what belongs or was altered and how things work in general if investigating, say…a corporate server or exchange server and the Cisco route to understand basic networking, intrusion detection/prevention and other hardware that is involved.
Eh… I honestly figured a slightly depressing answer to this one. At the moment, I'm looking for anything vaguely technology related, down to a computer salesman at Best Buy (Yes, back to the soul-selling business…),
5. I asked my professors this question as well. One told me to look into joining/attending a forensics organization conference, such as the HTCIA and also to look at lawyer offices or private investigators and see if they will take on an entry level employee.
Well, the HTCIA has membership qualifications that prohibit me. I'm not a prosecuting attorney or Senior Management in the field. P Ah, well… maybe I can find something more 'local' or open, and join there.
Thank you for all your helpful advice, and the time that I'm sure it took to type it all out!
I think you will find you are in the same boat as well as tons of others, because the market is saturated, you will start with 0 contacts, and the cost to get started is significant if you don't find work with a company.
While I know that it is no guarantee, I am hoping that my ability to pull up stakes and move where I'm "needed" will help me in the saturated market. The contact thing is true, though. What do you think about sites such as LinkedIn? Would joining the site now and trying to make LE / DF contacts help at all?
I assume that the significant cost you mention is the cost of buying the equipment if I started off attempting to freelance? That does seem a bit pricey, after searching around. It seems as if it would almost be easier to start out as just a Data Recovery freelancer…
As far as joining an organization and then talking about lawyers or private investigators. Most lawyers don't want anything to do with someone who is involved with an organization which doesn't allow defense work. In the same sense most organizations who are LE or Defense based want nothing to do with anyone who does defense work.
I'm afraid that I'm not sure what you're saying here. By defense work, do you mean defending someone against, say, CP charges? I would think that a prosecuting attorney, at least, wouldn't mind someone who was in such an organization. Same with a PI- wouldn't he be working to prosecute also? I feel as if I'm missing the point you are making.
So if your goal is really to help people. You have to figure out if LE or the private sector helps people. I get so many calls where people want to put away the bad guy, forgetting the "bad guy" is innocent and has rights. No one wants "bad guys" to have rights until it lands on your front doorstep and it's your friend, your son, your brother, your mother, who gets arrested and then you want all the rights.
Well, when I say that is my goal, I do not mean that I will let my family starve whilst I gallivant around looking for the perfect job. That said, I suppose the "bad guy" is the one who has evidence piled against him. If a suspected CP'er can be cleared through evidence, he isn't locked into my mind personally as a "bad guy" because he came under suspicion.
By private sector, do you mean internal corporate teams? I didn't think that they and LE would be standing on opposite sides of the field. Again, I get the feeling that this is related to the earlier point that I managed to miss. Please clarify, as I can tell that you're speaking from a great deal of experience, and I want to understand what you're communicating! )
Think about the path you take and even if you go into LE or defense work, remember everyone has rights.
I can see where this would be easy to forget, and it's advice I'll do my best to remember!
I get so many calls where people want to put away the bad guy, forgetting the "bad guy" is innocent and has rights. No one wants "bad guys" to have rights until it lands on your front doorstep and it's your friend, your son, your brother, your mother, who gets arrested and then you want all the rights.
Think about the path you take and even if you go into LE or defense work, remember everyone has rights.
This used to be something that bothered me when I used to think about it too - the "how do I make sure my powers are used for good ?" issue 😉 But I have to agree with forensicakb.
The crux of the matter is though that all you can do as an analyst is _tell the truth_. If the evidence is there, it's there - irregardless of which side of the bench you are on - you can't make it go away, nor can you provide justifications for it being there that would be false - your responsibility is to tell the truth, the whole truth and nothing but the truth.
The judge and jury are there to decide who has commited a crime, not you, and, should you find fault in the actions of a fellow practicioner - you have a duty to report this so that others can build as accurate a picture as possible. (I wouldn't seek to discredit another as a starting point, that's unethical - but people do things wrong, and there are reasons for doing things right.)
The lawyers argue innocence and guilt, they talk up or talk down evidence as best suits them - they may be the ones who have trouble sleeping at night ( although I've yet to meet one that does … ) - you, as a representative of facts, need not concern yourself with such issues so long as you keep a clear concience.
You're already far ahead of me, methinks! ) At least you have a Bachelor's in a related field! I'm happy to hear about what you're doing, and if I happen to find any helpful information, I'll be sure to share it with you!
Maybe on paper it seems like it, but hands on, we're at the same level in where we want to go. I had another professor tell me not being in LE, it was nearly impossible to get into digital forensics, while the other said that was nonsense, that most ppl he has networked with were not LE. My thought is, sooner than later the industry is going to need willing, trained, people for assistance, whether its IT support or straight forensics. Or, maybe it's just my hopes.
That seems very much common sense, now that you've said it! Kinda feel silly for asking, thank you for fielding a 'stupid' question! I suppose this answer would also depend on the internship; there is a difference between an internship somewhere that will hold your hand, and one where you're expected to be a true "assistant".
I think most internships are 'gofer' jobs. Gofer this, gofer that. More or less getting you exposure to an environment you want to work in, network with people and, more importantly, is becoming the new entry level position of sorts; getting your foot in until after you graduate then hire. Definitely see if your school supports internships themselves and look around as some companies do as well. Since you mentioned you are looking to get into any IT related field for experience, I know Verizon Wireless (assuming you are in the states) has a job posting for Bachelors and Masters internships in their IT division. Google VZW careers and look around. I applied for 2 jobs there, one actually sent me an email stating the position was fill, which, IMO, is good so you aren't left wondering.
That sounds like a good idea, also. DId you apply for the higher level jobs at a place that you'd also applied for lower-level jobs, or would HR see you applying for both and get confused / annoyed?
Well, I didn't go too much above my ability…never a good thing to apply for a position that asks for a CISSP and 10 years of security experience when you have none. I looked at a few jobs that would have required a cert that I am planning (or could) attain in 6 months…with that in mind, put out my resumes. Most likely didn't make it past HR, but one never knows. If there was a job more suited for my skill set at the same company, I would just apply for the lower level one with intention of gaining the required experience on the job to move up to that higher position.
From the standpoint of the asker, the advice looks sound to me. With EnCase being $200 and CCE being $750, it is certainly reasonably priced, a good way to get a couple of initials after my name, at least! )
CCE might be higher, but from what I gather, it would be more advantageous to have a vendor neutral cert than one that mainly focuses on just a forensics tool.
CCE is actually $395 for the initial test (
Eh… I honestly figured a slightly depressing answer to this one. At the moment, I'm looking for anything vaguely technology related, down to a computer salesman at Best Buy (Yes, back to the soul-selling business…),
Hey, times are insanely tough right now. Was reading through an IT board recently and people with Masters in IT were applying to Geek Squad at Best Buy out in CA. They don't pay much and I don't think they are ethical at all [my neighbor paid upwards of $300 for some malware removal!], but it would be decent exposure to a field tech position and lead into an entry level IT cert, A+. Do what you have to do to get that experience on the resume….I volunteered my time as a field tech for a friend's company for 2 years while I worked a production job at night; just having that on my resume lead to a few calls recently.
Well, the HTCIA has membership qualifications that prohibit me. I'm not a prosecuting attorney or Senior Management in the field. P Ah, well… maybe I can find something more 'local' or open, and join there.
I don't meet them either, but I believe you can still attend….and network.
Most lawyers don't want anything to do with someone who is involved with an organization which doesn't allow defense work. In the same sense most organizations who are LE or Defense based want nothing to do with anyone who does defense work.
Quite the conundrum!
Is there any solid reasoning behind this?
Just as an FYI, HTCIA does have student memberships.
As for the defense v. prosecution issue………… I do not really want to to touch it other than to say the facts are the facts. Sometimes there are different perspectives about the facts depending on your viewpoint and different perspectives about the strength of the evidence that is gathered.
The field is a mix of law enforcement and purely technical people and lawyers that creates a lot of opportunities but the market is saturated. The tough issue is that nobody really wants to pay for this unless they have to and when they do they expect miracle-CSI like results no matter how bad their IT has been setup or the case handled.
I'd say network where you can,get some sort of forensic certification, practice with the various tools. Look to work in e-discovery, law enforcement, or IT security in any way you can. If you can't get that try and get some sort systems administration/IT job and work to get involved in security incidents that are IT related or even human resources cases within the company that require digital investigations. The private sector always has internal issues that they need guidance and help on from incident response\computer forensics perspective.