Looking to enter into the Digital Forensics field (Need Advice)

aderonaderon Posts: 402Member
I'm going to be graduating with a B.S. in IT (Network Admin) soon and I'm starting to plan my next steps forward. My end goal is to become a digital forensics investigator.

I'm considering two options. Either,
A) Spend $10,000 to get a master's in Digital Forensics over a 2 year time span
or
B) Spend $5,000 to earn my EnCE cert through one of the boot camps in the time span of a month or so.

My question is, would a B.S. in IT along with the EnCE be enough to land me an entry level digital forensics position or should I just go straight for the master's? (Note: I'm going to get the master's either way, I'd just like to start my digital forensics career as early as possible)
Also, do you think the added benefit of landing a job early would be worth the extra $5000 I'd wind up spending by getting the EnCE cert AND the master's as opposed to just the master's?
2017 Certification/Degree Goals: AWS CSA (Complete), OSCP (In Progress), M.S. Cybersecurity (In Progress)
2017 Learning/Reading Goals: Advanced Bash-Scripting Guide (Completed), Automate the Boring Stuff with Python (Completed), Black Hat Python (Completed), CodeAcademy Learn Python (Completed), SecurityTube Python Scripting Expert (Completed), Assembly Language Megaprimer for Linux (Completed), The Basics of Hacking and Penetration Testing (Completed), PenTesterLab Bootcamp (Completed)

Comments

  • Tom ServoTom Servo Posts: 104Member
    I don't know much about the digital forensics field, but my understanding is that it is very difficult to get into. I believe oftentimes police officers, fbi, etc with a knack for IT end up in digital forensics, rather than IT people going directly into it. That said, work experience is the most important thing, and if you have done the research and believe you could get a job in digital forensics with the EnCE cert, I would go that route, get the work experience, and then augment your qualifications later with the masters degree.
  • yzTyzT Posts: 365Member
    The answer depends on what do you understand by digital forensics:

    - Police: prior to become a forensics investigator, you need to be a police already for a couple of years.

    - Private companies, banks, etc: if the company is large and deal with important data, likely there is a forensic guy as part of the incident response team. So do not expect this position to be suited for an entry level.

    So, what are your chances?

    - Go for the master's and do a high quality project that make you stand out.
    - Become a policeman.
    - Try to get any other security-related position, like a security analyst, eventually moving to an incident response team and once you're here, specializing in forensics.
  • puertorico1985puertorico1985 Posts: 205Member
    There are a few job postings for Junior Digital Forensics. It asked for a BS Degree, and some hands-on experience which could be acquired with a boot camp. In my Master's program, I recently finished a digital forensics course and for the Final Exam, we were required to pass the Access Data ACE Certification, which can be found here: Certifications | AccessData

    That could be something to look at as well. There are a few options that you can choose, but you may be able to snap up a position as an entry level forensics guy (Junior level) and work your way up.
  • LionelTeoLionelTeo Posts: 517Member ■■■■■■□□□□
    If by career advancement in private companies, a huge Security Operation Center with Incident Response to Forensics tied to a Security Operation Center that require a Security Analyst with Forensic Knowledge is a viable option. You can slowly advance from Network Forensic to on site forensic. Another way would be directly to go into managed security services company like FireEye, where they value forensic and reverse malware.

    If by Education Choice and trying to get yourself in a forensic field, you need to have passion, either you top your class in your master or you tied your current education with various certifications and not just one certificate. Fortunately, the forensics field has so many certifications options available that is not specifically limited to one organization. You can to choose from GIAC, EnCase, ISC2 and a few others. My recommendation if you want to do break in forensic really hard, take your master and spend free time traveling around listening to forensic audio lecture and books on public transport. Grab up to 2 forensic related certs with your master, you will stand out among the crowd and thus makes you easy to break into forensic field.
  • ComputerForensicsComputerForensics Posts: 8Member ■□□□□□□□□□
    the computer is not the instrument of the crime, it may contain evidence of illegalities. As PCs, PDAs and other computer-based devices become pervasive in work and personal lives, it's no surprise they often play a role in illegal behavior.
  • 5ekurity5ekurity Posts: 346Member ■■□□□□□□□□
    Getting involved with a consulting firm that does digital forensics is a good way to get started. The EnCE isn't bad to have, but it's just that - all based on EnCase. So if you go to an AccessData shop, you'll need to get familiar with FTK and all of their tool suites. AccessData has a nice training package, but again, it probably doesn't make sense to choose one vs. the other until you know what kind of shop you are going into. Also, there's a good chance that the company you get involved with will offer on-the-job training, or will pay for you to attend training.

    I agree with LionelTeo and say get as much independent/free knowledge as you can via webcasts, books, audio lecture, etc. There are some great books out there, such as those by Harlan Carvey, that explain a lot of really in-depth concepts for forensics / IR on a Windows platform. Just remember there is also mobile device forensics, and Linux/Unix forensics, so I think being familiar with the methodology for HOW to perform a forensic analysis trumps 'click this button in the tool and it will index/search for your string/regex'.

    You can also check out ForensicFocus.com for some tips/tricks.
  • danny069danny069 Posts: 1,025Member ■■■■□□□□□□
    Definitely look into the Access Data Cert I believe it is free, I looked at the exam and it is no joke, but hey it's free. Real good advice there. My professor recommended it and it will look good on your resume, especially if you can utilize the FTK (Forensics Tool Kit) I am currently doing my Bachelor's Degree in Cyber Security/Digital Forensics. I would do specialized training first instead of a Master's program, since you are going to do the Master's eventually. It will assist you in getting your foot in the door.
    I am a Jack of all trades, Master of None
  • Danielm7Danielm7 Posts: 2,197Member ■■■■■■■□□□
    I have a friend that works in forensics. He wasn't an officer, but all the people he works were. There was an opening in his department and he said I'd be great there as they train you on the job for the forensics specific stuff. The job was filled by a police officer.
Sign In or Register to comment.