As today’s world becomes increasingly connected and digital, so the threat landscape becomes more sophisticated and complex. Between nation states, criminal underground organisations, and motivated hackers, tools and skills are needed to trace their attacks and gather the evidence necessary to investigate and prosecute their crimes.
“This is why we have seen a rise in demand for digital forensics skills,” says Jonathan Cooke, Commercial Sales Director at DRS, a Cyber 1 company. He describes digital forensics as the identification, preservation, examination and analysis of the ‘digital trail’. “It has to use scientifically accepted and validated processes, so that evidence can be presented in court.”
Digital forensic practitioners not only have to recover and analyse all evidence, they need to be able to present the evidence and interpret its meaning to law enforcement, lawyers, and, ultimately, to the judge.
“Being a sound and thorough analyst is a fundamental requirement, but practitioners have to be able to effectively communicate their findings with clarity, and offer their professional opinion to the non-technical people,” adds Cooke. “Evidence does not speak for itself, so it needs an interpreter to explain what it means, what its implications are, and why it is important to the case, among other things.”
To qualify as a digital forensics practitioner, an individual needs several qualifications, he says. “They would need an academic degree in either digital engineering or computer science, which would give them a good foundation. Then they would need further technical and professional training in digital forensics principles and processes.”
However, they would also need specific training on the digital forensics tools that they would be using. “There are different tools available to perform specific tasks. A digital forensics practitioner would need in-depth knowledge of the tools, although this knowledge on its own is not enough to qualify someone in this field.”
Cooke says the impact that a digital forensics practitioner’s work can have on a business as well as individuals should not be underestimated. “Individuals can end up in jail, and fraudsters could go free if mistakes are made, so there’s no room for error.”
Because of this, he strongly suggests that all digital forensics practitioners should undergo competency testing on an annual basis, to ensure their competency in the field. “Moreover, continual training should be conducted to keep them in line with the latest tools and processes.”
The field of digital forensics is a growing and changing one. “It is now considered a full-blown forensic science discipline, which is held to exacting standards. It’s not about knowing how to use one tool or solution, it takes time to master, and constant input to remain up to standard.”