Forensic Computer Analyst

PC CSI AKA CYA

You may have noticed a new trend in the tech world, that of needing a Forensic Computer Analyst. So what the heck is a Forensic Computer Analyst anyway? Lets start with computer forensics. At the most basic level, computer forensics is the analysis of information contained within and created with/by/for computer systems and computing devices, typically in the interest of figuring out what happened, when it happened, how it happened, and who was involved.

These analysts investigate causes of computer meltdowns, who has misused a computer system, or how someone committed a crime. This new breed of professional is becoming quite popular in white-collar criminal investigations. Hey guess what, these people are certified. The Certified Computer Forensics Investigators first step is to clearly determine the purpose and objective of this Investigation. Then they will take several careful steps to identify and extract all relevant data on a subject’s computer system. Forensic analysis will extract the data that can be viewed by the operating system, as well as data that is invisible to the operating system.

This type of investigation has been around for years with agencies such as the FBI CIA NSA etc. They all perform the same basic task within the following guidelines:

• Preservation
• Identification
• Interpretation
• Documentation
• Rules of Evidence
• Legal Processes
• Integrity of Evidence
• Factual Reporting of the Information Found
• Providing Expert Opinion

Two Primary Types of Computer Forensics Investigations are:

1. When the computer was used as an instrument to commit a crime or involved in some other type of misuse
2. When the computer is used as the target of a crime such as hacked into and information stolen

In the first type of investigation,  hard drives and other storage media are delivered for analysis. The second type of investigation will typically capture information that is extremely volatile, such as RAM data concerning network connections and running processes.

In computer forensics, there are three types of data that to be concerned with

1. Active
2. Archival
3. Latent

Active data is the information that can be see. Data files, programs, and files used by the operating system etc. This is typically the easiest type of data to obtain. Archival data is data that has been backed up and stored in what is usually external media such as backup tapes, CD’s, floppies, or entire hard drives to cite merely a few examples. Latent or, ambient data is the information that one typically needs highly specialized tools to view and is typically data that has been deleted or partially overwritten.

You may have noticed the new top ten hot job list that has been released. Forensic Computer Analyst is listed as number 3 immediately after Computer Software Analyst. Number one was Investment Banking Analyst. Seems strange I have experience in all 3. Too bad I can’t do them all at once, now that would be a really great job description!  So many analyst positions, so little time…