Computer forensics has always fascinated me, and occasionally when computer forensics comes up in the news, they focus on basic stuff like inspecting some one’s Internet Explorer cache to see what they have been visiting on the Internet. A case came up like that locally here – a husband was accused of drowning his wife in the bath tub, and they found his browser history full of links to adult-cheater web sites. This provided evidence that he had an apparent motive to kill his wife.
I suspect that such a candidate would need to have a mastery of a lot of wide ranging technical areas, including:
Knowledge of popular, and niche, encryption software (which hides evidence)
Knowledge of all of the common email clients
Knowledge of all of the common web mail clients
Ability to undelete files and to recovery hard drives that have erased but possibly intact evidence on them
Knowledge of hacking techniques for networks (itself an enormous subject)
This would be a huge undertaking for someone to study, even if they had a great technical background already.
I think that in real life, most forensic jobs in the IT area use reformed “black hat” hackers with criminal backgrounds who already really, really understand the culture and the tools.I tend to think that a regular degreed professional wouldn’t really know many aspects of the culture without immersion in hacker society for awhile.
Then there’s the area of application:
Criminal investigations
Financial investigations (insider trading, etc)
National security
Network security for corporations and institutions
