Review of "'The Eight E's': Ascending the Computer Forensics Ladder"

I ran into an article at Law.com named "The Eight E's': Ascending the Computer Forensics Ladder" written by Craig Ball. In my opinion, the world could use more articles on how to further your career in computer forensics that are vendor independent, such as this. This was a great article for those considering a career in computer forensics or may be wondering where their career is going. After reading this article, I compared some of my personal experience to what Mr. Ball presented.

Exploration

Some of the best computer forensic analysts I have met such as Curtis Rose, Matt Pepe, and Kris Kendall each tinker with technology. This tinkering leads to ideas and facts that may seem useless at the time, but are worth their weight in gold when one of your investigations contains that piece of technology. In my opinion, being naturally curious is one of the best assets to becoming a really effective analyst.

Education

I definitely agree that an advanced degree helps when you are being compared to those without one. What concerned me most in this "E" category was the following phrase:

"Professional certifications that legitimately demonstrate training, testing and practical experience have value in helping courts, clients and potential employers assess your qualifications. Supplement your college degree with as many courses and certifications as your time and budget allow."

I have to disagree, slightly, with this statement. I am a firm believer that some certifications are definitely worth your time. For example, I am a fan of vendor independent certifications, but I do not believe that you should get as many as you can. I have looked through resumes and wondered why someone would take the time and trouble to get 35 certifications when it would have been more beneficial to work on more real world cases. As I have said before, you may be certified in Microsoft Word, but that does not make you an author.

Experimentation

In my opinion, this is the same subject as "Exploration". Experimentation is a natural extension of Exploration in my mind.

Experience

All of the schooling and certifications in the world cannot replace true experience. There are four easy ways to get experience, in my mind:

Intern at a commercial computer forensics company

Lend a hand at a law enforcement agency as community service

Gather data from online sources or books

Generate your own data and analyze it

Exchange

In my opinion, this "E" is often overlooked. In my experience, a number of analysts do not want to share their secrets or methods and it can be hard to share data, tools, and methodologies. Do not let this stop you. There are a number of good resources out there where exchange does occur.

Equipment

This "E" is where the author shines. The sentence that sums up what you need to know is:

"We use forensic suites, such as Guidance Software's EnCase or Access Data's FTK, to automate routine tasks, improve efficiency and lower costs -- but buying a program doesn't make you a ready expert."

Earning

"Many CF firms charge clients $250 to $600 per hour, so it's not unrealistic for entrepreneurial examiners to hang out their shingles after learning the ropes. Expect $25,000 in minimum startup costs for hardware, software and training. Overhead will vary on whether you operate from your home or offsite."

The $25,000 Mr. Ball refers to is obviously for the computer forensic specific aspects of starting up a CF business. There is a lot, lot more to starting a business that does not have anything to do with computer forensics at all.

I agree that most firms do charge $250 to $600 per hour. In my opinion, most of the charges are unwarranted. I don't think clients want to pay an open ended per hour charge for a vague understanding of the results any longer. That is why we are offering flat fixed rate fees for most of our computer forensic services at JRD.

Essential Element -- Character

Mr. Ball is very insightful in this "E". The only thing I would add is that you must realize is that once you enter computer forensics you will never stop learning. Just when you think you are full of knowledge, there are many, many other subjects out there that are untouched. Always be open to teaching others and learning from those that are more familiar with other subjects.

Submit to Delicious Submit to Digg Submit to Facebook Submit to Google Bookmarks Submit to Stumbleupon Submit to Twitter Submit to LinkedIn
© 2012 Jones Dykstra & Associates, Inc.
5850 Waterloo Rd, Suite 140, Columbia, MD 21045
P:(410) 480-7190 F:(410) 480-7191
contact@jonesdykstra.com