Home Computer Forensics Specialist

How to Become a Computer Forensics Investigator

In the field of criminal justice, technological changes have created a growing need for professionals who can track down, isolate, and present evidence of digital crimes.

What Is Computer Forensics?

Computer forensics is a field of science that involves identifying, recovering, preserving, and presenting evidence found in computers for use in criminal or civil investigations.

The term “cyber/digital forensics” is often used interchangeably with “computer forensics.” Technically, computer forensics is a specialty area within cyber/digital forensics. The latter deals with investigations of more than just computers, such as mobile devices and video and image data.

However, colleges and universities aren’t usually so specific. Computer forensics and cyber/digital forensics programs often have similar focuses and coursework. Employers also might have their own requirements for computer forensic investigators that overlap with other digital forensic fields.

What Does a Computer Forensics Investigator Do?

Computer forensics investigators are computer “detectives” who access, preserve, and analyze computer information that might serve as evidence for civil or criminal investigations. As computing and computer security become more advanced, the job of a forensics investigator becomes more challenging. They need to be extremely knowledgeable about every aspect of information technology.

Judd Robbins, a computer forensics expert, describes the basic process of retrieving digital information:

  1. Secure the information on the computer so that unauthorized users cannot access it.
  2. Find and make copies of every file on the computer, including encrypted data. Investigators should only work on copies of the files, because accessing a file can alter it.
  3. Find deleted and hidden files using special software programs.
  4. Decrypt and access protected files.
  5. Analyze areas of the computer that are normally inaccessible.

Throughout this process, investigators need to document every step. The documentation should list the files and data recovered from the system, whether any files had encryption, and describe the system’s physical layout. The documentation step is critical, since computer evidence that isn’t documented may not be admissible in court.

The final step may be for computer forensics investigators to testify in court.

Specialized and Related Computer Forensics Jobs

As a computer forensics investigator, you may use your skills broadly in several areas of criminal justice. Or you may specialize in a particular area such as pornography, internet child exploitation, financial fraud, or hacking.

Where you work could also determine what you specialize in. For example, if you work for the Department of Homeland Security, your focus may be on terrorism—retrieving data from the computer of a suspected or convicted terrorist.

Who Hires Computer Forensics Investigators?

As a computer forensics investigator, you may find many types of employers in your field. These include, but certainly aren’t limited to:

Federal Government Employers

Regional and State Employers

Private Employers

  • Technological asset companies (companies that track and manage software and hardware assets so they don’t become compromised)
  • Law firms
  • Security or investigation firms
  • Consultancies

Due to the secure nature of computer forensics, you’ll almost certainly have to undergo a background check to be hired for a job. Additionally, keep in mind that you may find some of what you encounter in your role as a computer forensics investigator to be disturbing. Make sure to discuss your role expectations with your hiring manager or others who have worked in the field.

Computer Forensics Salary and Career Outlook

According to ZipRecruiter, computer forensics investigators earned the following as of December 2019:

Median Annual SalaryTypical Salary RangeMedian Annual Salary Compared to National Average
$85,240$39,500 to $125,000$11,000 higher

The field of computer forensics is expected to grow significantly. Although the U.S. Bureau of Labor Statistics (BLS) doesn’t report specific projections for computer forensics investigators, it projects a 12% increase in all computer and IT jobs between 2018 and 2028 and a 32% increase for information security analysts. This projected growth is much faster than that of most other occupations.

Online crime and cybercrime grow each year as technology encompasses more areas of our lives. Trained computer forensics investigators are needed to help authorities identify, recover, preserve, and present evidence from digital devices used to commit crimes.

Some examples of how digital crimes follow our changing technological landscape: According to the World Economic Forum, the crime of cryptojacking, or targeting of cryptocurrency owners, increased in 2018. The Forum’s predictions for 2020 include a rise in advanced phishing attacks, mobile smartphone fraud, vulnerabilities in home automation and Internet of Things devices, and artificial intelligence for cybersecurity evasion and social engineering.

Requirements to Become a Computer Forensics Investigator

There is no single path to becoming a computer forensics investigator. Most people pursue a bachelor’s degree, although obtaining a master’s degree may improve your chances of getting a job. Some might start as IT majors but then narrow down their area of focus to forensics, while others might be criminal justice professionals who decide to specialize in computer forensics.

Bachelor’s Degree in Computer Forensics

Earning a bachelor’s is usually the best place to start. There are many options—look for programs in digital forensics, information technology, IT with a computer forensics concentration, cybersecurity, digital security, and so on. Additionally, schools offer a range of options for on-campus, hybrid, and online-only training.

Coursework will vary depending on the specific degree program you choose but will likely include classes such as:

  • Introduction to computer and digital forensic science
  • System fundamentals
  • Network security
  • Criminal law
  • Digital forensics investigative techniques
  • Computer ethics
  • Malware analysis

Master’s Degree in Computer Forensics

Although it’s not necessary to get a master’s degree to work as a computer forensics investigator, having a master’s degree can lead to jobs with more responsibility, positions at higher levels, certain government jobs, paths to advancement, and so on. Some computer forensics master’s programs are designed for specific industry professionals like law enforcement officers, IT specialists, or network administrators.

There are a variety of degree programs you can choose from. You might choose a computer science degree with a concentration in computer forensics. There are general degrees, such as Master of Science degrees in computer forensics, digital forensics, and cyber security. There are also specialized degrees (or concentrations) in areas such as security informatics, malware analysis, vulnerability management, and electronic crime.

Depending on your program, you might take courses such as the following:

  • Information technology auditing
  • Fraud examination
  • Network forensic criminal investigations
  • Reverse engineering and memory forensics
  • Cryptography and authentication

Most master’s programs also require you to complete a capstone project and/or internship.

Online Computer Forensics Programs

Some institutions offer fully online programs that can be a good fit for full-time working professionals who need schedule flexibility and the ability to take classes from anywhere. These online programs include associate degree programs, bachelor’s degree programs, and master’s degree programs, and even doctoral programs such as a Ph.D. or a Doctor of Information Technology.

You may also come across hybrid (also called “blended”) online/in-person programs in computer forensics, both at the bachelor’s and master’s levels. You can usually complete much of your coursework online, but you will also be required to participate in internships or other hands-on experiences in physical locations.

Online or hybrid programs can offer more flexibility than in-person programs and may allow you to complete a computer forensics program based in another state or city. Online and hybrid programs may also allow you to finish your degree or certification faster than traditional in-person programs.

Computer Forensics Certification

Obtaining certification is a voluntary process that shows employers and other professionals that you have the knowledge and skills to perform your job as a computer forensics investigator. Becoming certified generally involves passing a test that includes multiple-choice questions as well as a practical exercise.

One of the more prominent is Certified Computer Examiner (CCE) certification. In fact, a growing number of government agencies and other companies are now requiring forensic computer examiners to have this certification.

Another option is Certified Computer Forensics Examiner (CCFE) certification, which covers nine testing domains such as computer forensic tools, hard disk evidence recovery and integrity, and evidence analysis and correlation.

Certified Forensic Computer Examiner (CFCE) certification is for individuals who have had at least 72 hours of training in specific core competencies of computer forensics. Before taking an examination, candidates must undergo a peer review.

Resources

  • American Academy of Forensic Sciences (AAFS)The AAFS is a multidisciplinary professional organization that aims to promote professionalism, foster research, improve practice, and encourage collaboration in the forensic sciences. Its members include physicians, attorneys, dentists, toxicologists, anthropologists, digital evidence experts, psychiatrists, criminalists, and others.
  • International Society of Forensic Computer Examiners (ISFCE)The ISFCE administers the Certified Computer Examiner (CCE) certification, an internationally recognized computer forensic certification that is vendor neutral and open to both law enforcement and non-law enforcement personnel. It also offers a professional network and resources for certified individuals.
  • American Society of Digital Forensics and eDiscovery (ASDFED): ASDFED is a nonprofit membership organization offering advocacy and educational resources for individuals who work with technology and the law, and those who handle, secure, or process digital evidence.
  • High Technology Crime Investigation Association (HTCIA)The HTCIA provides education and collaboration opportunities to members for the prevention and investigation of high-tech crimes.
  • International Association of Computer Investigative Specialists (IACIS)IACIS is dedicated to training, certifying, and providing membership services to computer forensic professionals around the world.
  • ForensicsWikiThis site is a compendium of user-contributed information dedicated to the field of forensics. 
  • Department of Defense Cyber Crime Center (DC3)Operating under the executive agency of the Secretary of the Air Force, DC3 provides forensic services, cyber technical training, vulnerability sharing, technical solutions development, and cyber analysis within the Department of Defense mission areas.