Cyber Crimes Increase Demand for Software Forensics Experts The Buzz


Computer forensics investigators are digital detectives, silicon sleuths and computer consciences who remind us that our computers aren't as private as we think they are.

The field of computer forensics involves digging up and analyzing computer-based evidence -- sort of like a computer version of archeology.

"Computers are just large filing cabinets," says Dan Hooper, a special agent with the Utah Department of Public Safety and owner of Westpark Investigations, a private investigation firm in Salt Lake City, Utah. "It takes certain skills and patience to search them, and then these searches need to hold up in court."

Because almost everyone nowadays has one of these "filing cabinets" in their office and home, computer forensics is a fast growing field.

The crimes these experts deal with aren't just your typical computer crimes, such as hacking and software piracy. If a computer is involved in a crime in any way, it's fair game for the computer forensics investigator.

In a recent case, for example, law enforcement officials were having trouble placing a suspect at the scene of a crime. Then they called in a computer forensics investigator, who seized the victim's computer and discovered evidence that proved the suspect had been in the victim's house within 15 minutes of the time the crime took place.

"I've been involved in cases of homicide, robbery, conspiracy, environmental crime, and many others," says Jeff Pikl. He is the director of the International Association of Computer Investigative Specialists (IACIS) in Stayton, Oregon.

It's criminals' ignorance of computers that makes the computer forensics investigator's job possible.

"People treat their computers as if no one else will ever look at what's on their hard drive," says Peter Constantine, owner of Data Discovery in Beaverton, Oregon. "I've seen extremely personal diaries and actual confessions of crimes. Usually what gives people up is their e-mail.

"People have a tendency to brag, to discuss what they're doing. Then they hit the delete button and think that's the end of it. But even if you wipe a file, there's liable to be a copy or a fragment someplace."

Staff Sergeant Terry Hampel is in charge of a high-tech crimes forensics unit. He recently worked on just such a case. "We were doing a drug investigation, and we uncovered a diary of activities on a suspect's computer that linked him to the crime," he says. "The criminal thought he had deleted the files."

"No matter what you do with your computer, don't ever use it for anything your grandmother wouldn't be proud of," says Constantine. "If there's anything offensive on that disk, a guy like me will find it."

How does a computer forensics investigator pry all this incriminating information out of a seized computer? "There's a specific protocol for a forensic computer examination," says Constantine.

"First, I take control of the computer by starting it up with my own software. Then I make an exact copy, called an image, of everything on the hard drive. The image goes on my own hard drive so I can examine the data there, and so it can be used for evidence if the case goes to court.

"The actual exam consists of looking at all files, regular or hidden, sound files, image files, and so on. I may also run some programs to see if anything unusual happens. Finally, I report what I found and print out the evidence."

Because computer forensics investigators deal with the ever-changing world of operating systems and software, the specific steps they take to uncover evidence today might be different tomorrow.

"The software that's being developed to do proper forensics is changing constantly," says police detective George Sidor. "Part of the computer forensics investigator's job is to be on top of the latest computer technology.

The U.S. has a few nationwide computer forensics firms, and large American companies are just starting to hire their own specialists. But most computer forensics investigators in the U.S. work in law enforcement.

Mike Menz is the International Executive Committee Secretary for the High Technology Crime Investigation Association. He sees a lot of growth in the years ahead. "Is it a growing field? Yes. A fast-growing field. And there are a variety of ways to get into it."

As the use of computers and technology increases, so will related crimes. According to Menz, computers are involved in everything from money laundering to extortion. "In most of your crimes today, computers are involved."

The team that he works with handles hundreds of cases a year. "We probably do in between 500 and 600 cases a year now just on computer-related crime in northern California," says Menz.

The salary depends on where you work and the skills that you have. "If you're in private enterprise, you get paid for what you're worth, which usually means anywhere from the $60,000 level up to the six-figure level -- $100,000 plus, easy," says Menz. "In government work, you're talking anywhere from the mid-forties up to the eighties."

Since most computer forensics experts work in law enforcement, training opportunities for individuals are still slim. Many experts get their training at either the IACIS or the Federal Law Enforcement Training Academy in Georgia.

But the more computers there are in offices, the more companies will have to protect themselves against software piracy, unauthorized computer use and other computer crimes in their own offices. As demand for independent investigators to take care of such cases rises, more schools and courses will be developed to train them.

What else do you need to become a computer forensics investigator? According to Kirk Stockham, owner of a computer forensics company in Modesto, California, it takes more than knowing your hardware from your software and your bits from your bytes.

"You must be well read, articulate and a good writer, since court testimony is involved and reports have to be written," he says. "Communication skills are a must to be able to present technical computer solutions and evidence in a thorough, simple and exciting manner to juries, courts, judges, the police, the military, attorneys, businesses and clients."

The preparation may be hard, but the pay is worth it. Computer forensics investigators in the private sector can expect to earn as much as lawyers or consultants: from $125 to $250 per hour.

Not only that, but those already in the field are on the ground floor of what in the next few years will become a booming business.

"As more computers invade our lives, more experts will be required to search for the evidence that these large filing cabinets hold," says Hooper.

Links

International Association of Computer Investigative Specialists
The official site of the IACIS

High Technology Crime Investigation Association International
One of the most well-known organizations for computer forensics

Computer Forensic Programs
Browse through a directory of Computer Forensic Specialist programs