Required Skills for Digital Forensics Investigator
So You Want to Become a Digital Forensics Investigator!
I have been a full time Digital forensic investigator now for almost 15 years. I still remember the excitement on my first day when I started within the South Yorkshire Police Computer Crime unit. The learning curve was steep. I had no university degree in computers, limited computer training and most of what I knew about computers was self-taught including how to build computer systems.
So why was I offered a position within the computer forensic unit? I was an experienced investigator and I had demonstrated self-motivation and the ability to learn by teaching myself to build computer systems, 3 of the key skills required to become a good forensic investigator.
I have been very lucky in my career. From day one I had the privilege to work with some very skilled, experienced forensic investigators who were willing to share their knowledge and in return expected high standards. Over the past 15 years, I have seen many changes within the digital forensics field, including changes in the volume of data that needs to be examined, the range of devices that may hold vital evidence and an increase in the cyber criminals’ skills.
Digital forensics has been well established in the UK now for many years. The Association of Chief Police Officers (ACPO) in the UK first introduced the “Good Practice Guide for Digital Evidence” back in 1999. The first Master’s degree in digital forensics was introduced around 2002. Electronic evidence is routinely used in the UK courts and is generally well understood.
I have now been in Thailand for more than 5 years. As the Director of Computer Forensic Services for Orion Investigations, my role is not just business development but to help raise awareness of cyber security in general and in particular the benefits of digital forensics as part of an investigation. Digital forensics is still very new in Thailand and when I first arrived many companies and even law firms were unaware of what digital forensics actually is and how it can benefit them.
Things have really changed over the last few years. With the push for a digital economy, the awareness of cyber security and cyber security threats has really begun to grow. Local universities are including digital forensic modules within their courses and Thailand is prepring their own national guidelines for digital evidence.
At Orion, we have seen a steady increase in the volume of forensic investigations we undertake and a big increase in the number of people attending our forensic training courses. When I present on the topic of digital forensics, one of the questions I am now often asked is.
“What do you look for when recruiting a forensic investigator”?
Below are the qualities and skills I look for when recruiting a digital forensic investigator:
- Self-Motivation / Desire to Learn – Computer forensics is not a 9 to 5 job. There is so much to learn that it is not possible to do it all within work hours. In order to keep up with the changes in technology and techniques, a good forensic investigator will need to use some of their own personal time to conduct research.
- Investigator’s Mindset – This is one of the hardest skills to teach a new investigator. I look for someone who is not afraid to ask questions and is determined to find answers to those questions. When you start an investigation you never know where it will lead. The investigator needs to be able to work as part of a team but also independently. The investigator needs to be able to decide what is relevant to the investigation, what lines of enquiries to follow and when to stop.
- Communication Skills – The importance of good communication skills should not be underestimated. The investigator needs to have the skills to take potentially complex evidence and present it in a clear, easy to understand way for non-technical people. Good reporting skills is vital. The role of the forensic investigator often involves giving evidence in court as an expert witness. As a result, the investigator needs to be well prepared and to be able to answer questions in a clear, concise manner while under pressure.
- Technical Skills – Digital forensics is a technical field and as a result the investigator should have a solid technical background. When looking for a forensic investigator to join the team I look for an investigator who has a broad range of general technical skills. An ideal investigator will also have additional skills in a specialized area. For example an investigator may have a particular interest in the forensic examination of Apple devices or Microsoft devices, network forensics or malware analysis.
Digital forensics is an exciting field to be involved in and a good forensic investigator will never stop learning. There is currently a shortage of cyber security specialist in Thailand. Without doubt the demand for such specialists will continue to grow over the coming years both within the government and private sector. As a result people who are currently obtaining the required skills and qualifications will be well placed for an exciting and rewarding career in cyber security.
About the Author
Andrew is responsible for the management of the Orion Computer forensic Unit. His responsibilities include ensuring the unit operates to the highest international standards, business development and the development and delivery of training for clients and staff. Andrew is an experienced forensic investigator with extensive training and comprehensive experience in relation to criminal, corporate, malware and counter terrorism investigations within the UK, Europe and, more recently, Asia. He has worked in the public sector with the South Yorkshire Police where he received his initial training in computer forensics and also in the private sector with a leading UK computer forensics company. He is also an experienced trainer having developed UK Law Society approved training courses and delivered master degree level forensic training. With over 15 years’ experience in the field of computer forensics, Andrew has regularly appeared in UK and Thai courts as an expert witness to present complex computer evidence.