Digital forensics and incident response skills are interlinked and increasingly in demand, offering the right candidates varied and interesting careers.
This is according to Veronica Schmitt, co-founder of the DFIRLABS Digital Forensics and Incident Response practice, Assistant Professor at Noroff University in Norway, and a designated professional member of the Institute of Information Technology Professionals South Africa (IITPSA).
Schmitt was speaking during a webinar hosted by the Institute of Information Technology Professionals South Africa (IITPSA) Women in IT Chapter.
Schmitt, who is currently researching security vulnerabilities in IoT medical devices, says digital forensics and incident response skills would be needed across industries as the world moved increasingly to digital.
“The Covid-19 pandemic forced everything online, and now everything and everyone must move fast – and when we move fast we make mistakes. We have a constantly evolving cybercrime landscape, so the risk to organisations now is greater than ransomware.” Digital forensics and incident response are needed to help organisations recover from breaches and mitigate losses and reputational damage.”
She notes that digital forensics is a multi-faceted field, with career opportunities in both public sector law enforcement and the private sector. Both areas had pros and cons: “Digital forensics and incident response isn’t just one thing – for example, you could look at doing intelligence work; or if you are passionate about social media and privacy there are elements in digital forensics that pursue those. If it’s digital, and has a storage component, digital forensics can become involved.
“There are good and bad elements in every direction you choose. In public sector law enforcement, digital forensics investigators look into cases that aren’t psychologically safe – such as human trafficking, or child porn. In the private sector, there might be fraud, divorce cases or cyber bullying.”
To enter a career in digital forensics, Schmitt recommends starting with free introductory courses online, and SANS certification courses, followed by internships at a recognised cyber forensics and incident response firms.
“I think of myself as a digital detective – or a digital snoop.”
She says digital forensics and incident response professionals such as herself typically enjoyed solving puzzles and had a range of soft skills in addition to their technical skills. “We suffer from a ‘crusader complex’, wanting to make a difference and help people.”
There is also an element of psychology involved: “You need to understand the user to be able to uncover their file naming conventions and build a digital fingerprint or profile. And when an organisation is compromised, people are often upset and panicky, so it is our responsibility to help calm things down.”
Schmitt adds that digital forensics and incident response professionals also needed skills to manage court appearances. “In court cases, emotion needs to be taken out of it, so I remind myself to breathe, think, then answer. Often the defence will question your credentials and integrity as an expert witness, so it is important to make sure your resume is impressive, with all the right credentials.”
She notes that the legal system is not yet robust in terms of understanding digital crimes, so digital forensics professionals needed to be able to clearly convey the terms they used and how they uncovered evidence.
Schmitt likenes digital forensics to a ‘wizard in the castle’. “They make amazing things happen by pulling things together. Then you also have the cavalry – that’s incident response. They can’t be separated and are fluid in terms of flowing into each other.”