Computer Forensics: A Newly Certifiable Field
I've always secretly wanted to wear a trench coat and conduct secret
investigations. I'd have an office on Market Street above the cable car
route, a secretary named Madge, and a bottle of cheap whiskey in my
desk drawer next to my trusty revolver. Okay, so maybe I have watched
too many old movies with William Powell and Myrna Loy, but it's still a
romantic idea.
For those of you who may have similar fantasies, I have a practical
alternative and a brand new field. Computer forensics experts collect,
preserve, and analyze computer evidence that may be critical to
criminal investigations, civil litigation, and corporate internal
investigations. A forensics expert may, for example, use specialized
techniques to retrieve information off of a hard drive that has already
been erased. The expert may find that "smoking gun" the prosecutor is
after, and may even be called to testify in court. A rapidly growing
field that is just a few years old, computer forensics experts come
from both an IT background and a law enforcement background.
A company called Guidance Software, Inc.
(http://www.guidancesoftware.com) has a large share of the marketplace
for the hardware and software needed to conduct computer forensics.
Guidance Software Vice President Bob Sheldon tells me that certified
computer forensics practitioners can make anywhere from about $60,000
to $120,000 a year. But, like most subfields of information technology,
you have to be certified.
Get Trained, Get the Cert
Besides providing the tools, Guidance Software also provides the
training and certification to people who use them. Guidance Software
offers three courses in computer forensics -- introductory,
intermediate, and advanced -- that are available at their three
locations in Pasadena, California; Leesburg, Virginia; and Liverpool,
England. Guidance Software also conducts in-house training sessions for
law enforcement agencies in various locations around the country. Each
course is four days.
After taking the intermediate course and working in the field for six
months, you can qualify for the EnCase Certified Examiner (EnCE)
certification. If you do not take the Guidance Software course, you can
also qualify for the certification by showing that you have had 32
hours of classroom computer forensics training, and a year of practical
experience.
Besides working towards the EnCE certification, Guidance Software's
training courses can also be applied to certifications sponsored by the
High Tech Crime Network, the State Bar of California, and the National
Association of State Boards of Accountancy.
Prospects
So once you've been certified, who do you work for? "It used to be
limited to police departments," said Sheldon, "because they were the
ones that were doing computer forensics in support of criminal
investigations. Now there are a number of private sector consultants
that do computer forensics and each of the Big Five accounting firms
have dedicated computer forensics units."
» posted by ITworld staff
ITworld
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
