Computer forensics investigators are digital detectives, silicon sleuths
and computer consciences who remind us that our computers aren't as private
as we think they are.
The field of computer forensics involves digging up and analyzing computer-based
evidence -- sort of like a computer version of archeology.
"Computers are just large filing cabinets," says Dan Hooper, a special
agent with the Utah Department of Public Safety and owner of Westpark Investigations,
a private investigation firm in Salt Lake City, Utah. "It takes certain skills
and patience to search them, and then these searches need to hold up in court."
Because almost everyone nowadays has one of these "filing cabinets" in
their office and home, computer forensics is a fast growing field.
The crimes these experts deal with aren't just your typical computer crimes,
such as hacking and software piracy. If a computer is involved in a crime
in any way, it's fair game for the computer forensics investigator.
In a recent case, for example, law enforcement officials were having trouble
placing a suspect at the scene of a crime. Then they called in a computer
forensics investigator, who seized the victim's computer and discovered evidence
that proved the suspect had been in the victim's house within 15 minutes of
the time the crime took place.
"I've been involved in cases of homicide, robbery, conspiracy, environmental
crime, and many others," says Jeff Pikl. He is the director of the International
Association of Computer Investigative Specialists (IACIS) in Stayton, Oregon.
It's criminals' ignorance of computers that makes the computer forensics
investigator's job possible.
"People treat their computers as if no one else will ever look at what's
on their hard drive," says Peter Constantine, owner of Data Discovery in Beaverton,
Oregon. "I've seen extremely personal diaries and actual confessions of crimes.
Usually what gives people up is their e-mail.
"People have a tendency to brag, to discuss what they're doing. Then they
hit the delete button and think that's the end of it. But even if you wipe
a file, there's liable to be a copy or a fragment someplace."
Staff Sergeant Terry Hampel is in charge of a high-tech crimes forensics
unit. He recently worked on just such a case. "We were doing a drug investigation,
and we uncovered a diary of activities on a suspect's computer that linked
him to the crime," he says. "The criminal thought he had deleted the files."
"No matter what you do with your computer, don't ever use it for anything
your grandmother wouldn't be proud of," says Constantine. "If there's anything
offensive on that disk, a guy like me will find it."
How does a computer forensics investigator pry all this incriminating information
out of a seized computer? "There's a specific protocol for a forensic computer
examination," says Constantine.
"First, I take control of the computer by starting it up with my own software.
Then I make an exact copy, called an image, of everything on the hard drive.
The image goes on my own hard drive so I can examine the data there, and so
it can be used for evidence if the case goes to court.
"The actual exam consists of looking at all files, regular or hidden, sound
files, image files, and so on. I may also run some programs to see if anything
unusual happens. Finally, I report what I found and print out the evidence."
Because computer forensics investigators deal with the ever-changing world
of operating systems and software, the specific steps they take to uncover
evidence today might be different tomorrow.
"The software that's being developed to do proper forensics is changing
constantly," says police detective George Sidor. "Part of the computer forensics
investigator's job is to be on top of the latest computer technology.
The U.S. has a few nationwide computer forensics firms, and large American
companies are just starting to hire their own specialists. But most computer
forensics investigators in the U.S. work in law enforcement.
Mike Menz is the International Executive Committee Secretary for the High
Technology Crime Investigation Association. He sees a lot of growth in the
years ahead. "Is it a growing field? Yes. A fast-growing field. And there
are a variety of ways to get into it."
As the use of computers and technology increases, so will related crimes.
According to Menz, computers are involved in everything from money laundering
to extortion. "In most of your crimes today, computers are involved."
The team that he works with handles hundreds of cases a year. "We probably
do in between 500 and 600 cases a year now just on computer-related crime
in northern California," says Menz.
The salary depends on where you work and the skills that you have. "If
you're in private enterprise, you get paid for what you're worth, which usually
means anywhere from the $60,000 level up to the six-figure level -- $100,000
plus, easy," says Menz. "In government work, you're talking anywhere from
the mid-forties up to the eighties."
Since most computer forensics experts work in law enforcement, training
opportunities for individuals are still slim. Many experts get their training
at either the IACIS or the Federal Law Enforcement Training Academy in Georgia.
But the more computers there are in offices, the more companies will have
to protect themselves against software piracy, unauthorized computer use and
other computer crimes in their own offices. As demand for independent investigators
to take care of such cases rises, more schools and courses will be developed
to train them.
What else do you need to become a computer forensics investigator? According
to Kirk Stockham, owner of a computer forensics company in Modesto, California,
it takes more than knowing your hardware from your software and your bits
from your bytes.
"You must be well read, articulate and a good writer, since court testimony
is involved and reports have to be written," he says. "Communication skills
are a must to be able to present technical computer solutions and evidence
in a thorough, simple and exciting manner to juries, courts, judges, the police,
the military, attorneys, businesses and clients."
The preparation may be hard, but the pay is worth it. Computer forensics
investigators in the private sector can expect to earn as much as lawyers
or consultants: from $125 to $250 per hour.
Not only that, but those already in the field are on the ground floor of
what in the next few years will become a booming business.
"As more computers invade our lives, more experts will be required to search
for the evidence that these large filing cabinets hold," says Hooper.
International Association of Computer Investigative Specialists
The official site of the IACIS
High Technology Crime Investigation Association International
One of the most well-known organizations for computer forensics
Computer Forensic Programs
Browse through a directory of Computer Forensic Specialist programs