Why Study Digital Forensics? by Charlotte Knill

Firstly, it might be easier if I explained why I chose it.

It wasn’t until around the age of 18/19 I decided I wanted to take myself down the digital forensics path. I came across this field because I started seeing it become more common in the news that criminals were being caught out by digital evidence. I found it really interesting that when the police were attending crime scenes, they weren’t only seizing physical evidence they could see (weapons or DNA), they were also seizing devices where they would be examined for evidence.

The difference between physical evidence and digital evidence is that you can see one but not the other. You can’t tell just by looking at a mobile phone what evidence is on it. I am a naturally nosey and curious person, so this field of study was definitely for me! I was more interested in the evidence “you can’t see” and wanted to be able to use my curiosity to find answers. I wanted to search through phones for texts, computers for documents, emails, internet history, etc. Basically, just be nosey!

I was able to put my passion for being nosey and curious into practice during my placement year in a real digital forensic environment. Working on real criminal cases affecting real victims – there was no better feeling than my curiosity helping to solve crimes and remove criminals from the streets.

So, that was why I chose it…

But digital forensics doesn’t stop there.

You also have data breaches that affect companies worldwide every single day. Part of my job now is to find out how company websites were breached, identify malicious code that hackers have placed onto their websites and see if any card details have been stolen. That could happen to me, you, your friends and family at any point and being part of what prevents these breaches from occurring/helping companies become safer in the large cyber world we all live in is a rewarding feeling.

Identifying things like malicious code or retrieving deleted texts, images or documents, etc. is done through the use of specialized software. There are many different types of software out there but the ones you will hear about the most will be:

  1. EnCase - https://www.guidancesoftware.com/encase-forensic

  2. Forensic Tool Kit (FTK) - http://accessdata.com/solutions/digital-forensics/forensic-toolkit-ftk

  3. Internet Evidence Finder (IEF) - https://www.magnetforensics.com/

  4. Cellebrite (Mobile Phones) - http://www.cellebrite.com/

Digital Forensics is a field where you learn new things every day. If you go into a Digital Forensics job, don’t feel like you have to know EVERYTHING because you don’t….you can’t - it’s impossible to know everything because of the new devices, software and technology being created all the time. The cyber security industry as a whole operates on the basis of people sharing thoughts and ideas – it couldn’t operate without this.

So, if you like the idea of:

  • Someone telling you “it’s deleted and you won’t get it back” and proving them wrong by retrieving deleted things using special software

  • Removing criminals from the streets

  • Stopping a crime before it has happened and saving potential victims from harm

  • Preventing companies from becoming victims of serious data breaches that could affect you or everyone around you at any time

  • Helping companies stay safe from breaches

  • Learning new things every day

  • Sharing thoughts and ideas to help those around you stay as many steps ahead of cyber criminals as possible

You really should consider digital forensics!

TIP:

Autopsy is a great tool to download and experiment with (free and legal!) -http://www.sleuthkit.org/autopsy/ - memory sticks are ideal for experimenting with. Try placing Word documents on at first and then deleting some (but remember to note down what is on the memory stick and what has been deleted; this is also great practice for taking notes as digital forensic investigators need to take down lots of notes during an investigation).

Another tip: Don’t throw away any old laptops – you could practice taking out the hard drive and plugging that into Autopsy.

If you get stuck, I would recommend using YouTube because you can follow videos in your own time and actually see what is happening. I used YouTube a lot to help me learn how to remove hard drives from many different laptops.


About the Author:

image01-2Charlotte, Aged 23, Information Security Consultant and Forensic Analyst for Security Risk Management Ltd in Newcastle-upon-Tyne, England. http://www.srm-solutions.com/

At the beginning of July this year, I graduated from the University of Sunderland with a first class honours degree in Computer Forensics with Sandwich Year. My sandwich year/placement year was spent with Northumbria Police in their Hi-tech Crime Unit. Before I graduated, I was offered a job with Security Risk Management Ltd as an Information Security Support Consultant and Forensic Analyst where I help to identify how company websites have been hacked and personal details have been stolen. Initially, this was part-time while I finished off my University studies and then moved into a full-time role once my studies were completed.

Social Media Links:

Linked in: Charlotte Knill

Twitter: @_CKnill

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013