Criminals are increasingly using digital technologies on smartphones and computers to commit crimes. As more enterprises increasingly face sophisticated cyber-attacks, the demand for highly-skilled IT security pros is, as always, on the rise.
Computer forensics is the collection of computer evidence vital to solve cases related to fraud, harassment, child pornography and a host of other digital crimes. While many computer forensic investigators work as freelancers, others are employed by private companies and even government agencies. Some of the job roles available for these electronic sleuths include computer forensic analyst, network security specialist, IT security consultant, IT auditor, ethical hacker, and security administrator.
Just like other scientific fields, forensic experts take a methodical approach to locating the data needed to uncover and solve criminal cases. Perpetrators often try to damage any evidence that they may leave behind while committing the crime making it difficult to gather, and especially to decipher.
As a certified computer forensic investigator, one of my prime duties is to gather and analyze data related to cyber incidents and then put it into a format that is admissible in a court of law. This requires the ability to learn quickly, retain knowledge and draw conclusions. Successful forensic investigators also need the skills and abilities to:
- Follow cybercrime investigation processes, methodologies, protocols and any pertinent laws.
- Categorize cybercrimes and follow best practices while handling evidence.
- Use forensic tools like FTK and Encase to analyze and create case reports.
- Maintain the purity of the crime scene while collecting, transporting and preserving electronic evidence.
- Conduct interviews and think critically.
- Utilize tools for steganography, password cracking, and file forensics.
- Capture and analyze logs and correlating time synchronization.
- Accurately document the investigation and provide effective expert-witness testimony in court often under adversarial conditions.
Forensic investigations of computer hacks is one of the most demanding jobs in the security field. It takes years of study, preparation and hands-on practice to become good at it. Fortunately, there are a number of certifications which can help you develop the skill-set.
One preeminent vendor-neutral certification is EC-Council’s Computer Hacking Forensic Investigator (CHFI). If you’re planning a career as a computer forensic investigator, you will be hard pressed to find any other certification so broadly recognized and respected throughout the industry.
The EC-Council’s CHFI program is designed for IT pros involved with information system security, computer forensics and incident response. Although it is not required, the Council strongly recommends that candidates attend their Certified Ethical Hacker class before enrolling in the CHFI program.
The EC-Council’s CHFI program runs for eight hours over five days. Candidates for certification must be at least 18 years of age. For candidates under the age of 18, in order to attend an official training or be eligible to attempt the exam, they will need to provide the accredited training center/EC-Council a written consent of their parent or legal guardian and a supporting letter from their college or university. Only applicants from nationally accredited institution of higher learning will be considered.
In order to earn the certification, you need to clear the ECO 312-49 exam — available at EC-Council approved testing centers. (There is an option to take the 312-49 exam on the last day of the training class.) The exam itself consists of 150 multiple-choice questions to be completed in a 4-hour time limit. A score of 70 percent is required to clear. The cost is $650 in the U.S. market, $718 in Europe.
The CHFI exam is quite comprehensive and covers the following domains:
- Computer Forensic Investigation Process
- Searching and Seizing Computers
- Digital Evidence
- Understanding File systems
- Data acquisition
- Recovering Files and partitions
- Forensic Investigation with FTK
- Forensic Investigation with Encase
- Log correlation
- Network traffic analysis
- Wireless network analysis
- Mobile forensics
- Email Investigations
- Investigating reports
- How to Become an Expert Witness
EC-Council offers official training classes that are campus-based instructor-led training (ILT), live-online ILT, or self-paced computer-based (CBT). Prices ranges from $600 to $3000 depending on the mode of training you select.
For those who wish to self-prepare for the CHFI certification exam there are a number of conditions that need to be met:
- 2 years of proven information security related work
- Educational background related to information security specialization
- A non-refundable $100 eligibility application fees
- Submitting EC-Council’s exam eligibility form
- Upon approval from the EC-Council one can but the exam vouchers for the CHFI exam.
The EC-Council offers a number of official and comprehensive CHFI training materials. Click here for more information on training materials and pricing. If you choose to self-study, I recommend you purchase the CHFI Computer Hacking Forensic Investigator Certification All-in-One Exam Guide, by Charles L Brooks. There is also an excellent CHFI video series offered free from Cybrary. For some very good free practice quizzes and exams, check out GoCertify.com.
The demand of the CHFI certification is on the rise and Indian employers are willing to pay handsome amounts for the right candidates. The base salary for Information Security Manager in India is in the area of ₹1.8 M, and salaries for security analysts and senior security managers are up to ₹ 1.2 M.
Certified individuals can enjoy the wide popularity and the acceptability of EC-Council’s reputation around the world. CHFI is also a great certification that can lead into other EC-Councils certs like the Certified Security Analyst (ECSA), Certified Incident Handler (ECIH) and Licensed Penetration Tester (LPT).
As more people connect to the internet through an ever increasing number of devices, cybercrime will continue to rise. Particularly in India where the number of occurrences has tripled between 2011 and 2013.
The demand for skilled digital forensic investigators is greater than ever and there is no better time to prove one’s ability to work as certified computer forensic investigator than with the industry leading EC-Council’s CHFI certification. The relatively new field and the shortage of certified professionals, along with an impressive pay scale, makes the choice of being a computer forensic investigator a rewarding career path indeed.