Home » Future of Work » Making a Case for Digital Forensics
Future of Work

Making a Case for Digital Forensics

digital forensics-investigate-it-incident response
digital forensics-investigate-it-incident response

Dr. Kall Loper is vice president of Digital Forensics & Incident Response at Cyderes. He has been a partner-level practice lead at a global consulting firm, the U.S. Department of Justice, and has founded a forensics firm. He has also served as chair of an academic department and has been a professor for over twenty years.

Dr. Kall Loper

Vice President of Digital Forensics & Incident Response, Cyderes

What are IT students being taught that they were not 10 years ago? 

Delivery of IT education has not changed significantly in the past 10 years. 

The contents are updated and there are the beginnings of subjects like ethics and software development life cycle, but the bulk is still algorithms, coding, and platforms. Although there are exciting developments in machine learning, the broad topic of artificial intelligence dates back to the 1950s. 

Many developments in the pursuit of artificial intelligence have as much to do with finding the right problems to solve as they do with true advancements. Innovation most often comes from the application of methods to problems and new enterprise goals. IT education is just the starting point to a career.

What exactly is digital forensics, and why is it so important today?

Digital forensics is not an IT-related skill set. It encompasses the way IT systems are used in an enterprise and how they are abused by malicious actors.

When we use the word “forensic” in computer science, we usually mean a post-mortem of an incident. We investigate causes to understand and prevent the recurrence. Forensic literally means pertaining to argument, and arguments are at their most significant in court. A true definition of digital forensics would apply the methods of engineering and computer science to resolving issues before the courts. 

Digital forensic skills are indispensable in the way we resolve disputes in our society today. Criminal cases often hinge on details gleaned from mobile devices or the trace evidence left by Internet activity. Civil cases worth billions of dollars also hinge on the ability of the prevailing side to prove their assertions through digital evidence. 

Digital forensics is the discipline that brings evidence from both obvious and obscure places in a computer to the court in a way that meets the requirements of evidence. Digital forensics also encompasses expert opinions and provides a meaningful interpretation of that evidence.

When we train digital forensic analysts, we train documentation and ethics, as well as the technical skills needed to preserve, analyze, and present digital evidence. Forensic analysis may include examination of a computer system while preserving the evidence in such a way that the opposing side can derive the same results following the same process. 

Analysts create verifiable exact copies of data and preserve them in a way that makes any changes, no matter how small, obvious. Documentation of the process allows the analyst to testify that the highest standard of care has been applied to the data, upholding its value to the court process.

How can professionals already in the IT industry get into digital forensics?

If you have recognized that you are bored and stuck, don’t seek the same situation somewhere else. You should be working for more than free snacks; work for the experiences that add value to your skillset and career.

Some of the best forensic analysts I’ve met were not initially trained in digital forensics. System administrators, database administrators, and other working IT professionals bring a wealth of specific knowledge with them. The key to making a change from IT delivery to digital forensics is to approach IT systems in a new way. 

The goal is not the efficient return to service of a system. The goal is to understand how risk became damage, and how to prevent it from happening again. Extra credit is given for understanding how IT risk impacted the enterprise and its mission across many domains: legally, operationally, financially, etc. 

The best place to start is to gain familiarity with the processes of digital forensics. I often recommend any number of sources to explore the field, such as vlogs and podcasts by industry leaders. I use Brian Carrier and Harlan Carvey’s books in my classes, provide them as references in my labs, and recommend them as starting places. 

With a basic understanding of the tasks, search for opportunities that let you learn on the job. In a few short years, you can be as good as anyone; it changes that quickly.

What is your advice to young IT professionals?

If you are a smart problem solver, do that in your career as well as your coding or system administration tasks.

If you understand the business requirements of IT systems, you can shape your opportunities, training, and your career. It is not enough to follow a course of study and respond to the rewards of good grades for specific skills. College coursework leads to a cycle of rewards — grades — that encourages smart people to focus on repeatable, low-level, discreet tasks that do not produce rewards — career advancement and pay — in the work world. 

My standard advice to my students has been to do what you are good at, because rewards will follow your application of your talent. Now, it is more nuanced. Strategically look at the field you plan to enter and be open to learning how the work is performed and try to discover what drives it. Your first job may very well hinge on the skills you learned in college, but that is not the goal. That is the capstone of an apprenticeship. Keep learning and looking around for the need you can fill. You will be rewarded with job satisfaction, career growth, and growing compensation.

Next article