The technology giant Cisco defines cyber security as the practice of protecting systems, networks, and programs from digital attacks. Such attacks may be aimed at accessing, changing, or destroying sensitive information; extorting funds from users; or Interrupting typical business processes. Protecting an organization from these digital assaults is becoming increasingly difficult, says Cisco, both because there are now more devices than people, and because attackers are becoming more innovative.
Many companies have dedicated cyber security personnel on staff and systems in place to prevent infiltration. Despite these efforts, attackers regularly succeed in compromising organizations’ digital files and information to greater or lesser degrees. When they do, an expert in cyber security forensics may be called in to evaluate the problem and find a solution.
This task is challenging and requires highly specialized skills and knowledge. For this reason, employers are increasingly looking for candidates with advanced degrees. The University of North Dakota’s Master of Science in Cyber Security online is one option, offering a solid basis for a digital forensics career path or other cyber security careers.
What Cyber Security Forensics Professionals Do
At its most basic level, the job of a cyber security forensics professional is to cope with cybercrime after it has occurred. According to Laurence Bradford of Forbes magazine, these efforts include a variety of tasks that may differ from case to case, including recovering and analyzing information from data storage devices (including computers, phones, or networks), tracking down hackers, recovering stolen data, following computer attacks back to their source, and aiding in other types of investigations involving computers.
On its website, the National Institute for Cybersecurity Careers and Studies (NICCS) breaks these tasks down into more specific lists of duties that fall within the cyber security forensics area:
Gathering evidence of cybercrime:
- Confirm what is known about an intrusion and discover new information, if possible
- Use specialized equipment and techniques to catalog, document, extract, collect, package, and preserve digital evidence
- Analyze log files and other information to identify the perpetrator(s) of a network intrusion
- Recognize and report evidence that a particular operating system was used in an intrusion
- Extract protected data or recover deleted files using specialized programs and tools
- Capture and analyze network traffic associated with malicious activities
- Recreate an “image” of a computer drive (without necessarily having the original drive) to see the intrusion as the user may have seen it, and possibly to find clues
- Look for intrusion “artifacts”—for instance, small alterations of a system’s source code or system configuration—that yield hints about an intrusion
Preparing obtained data:
- Create a duplicate of all digital evidence to ensure that the original evidence is not unintentionally modified, to use for data recovery and analysis processes
- Use specialized programs and procedures to decrypt seized data
- Process images with appropriate software tools, depending on the analyst’s goals and needs, for later analysis
- Compare and contrast digital files to see if their “signatures” match
- Compare databases to discover alterations or errors
- Analyze timelines to see when events occurred and in what order
- Review images and other data sources for recovery of potentially relevant information
- Use specialized software to perform real-time forensic analysis as events unfold
- Examine all other recovered data for information that is relevant to the issue at hand
- Create and maintain a tracking database for evidence acquired in an investigation
- Provide summary of findings in accordance with established reporting procedures
- Serve as technical expert and liaison to law enforcement personnel and explain incident details as required
- Ensure that chain of custody is followed for all digital media acquired in accordance with the Federal Rules of Evidence
- Write and publish cyber defense recommendations, reports, and white papers on incident findings to appropriate constituencies
Along with their crime-related responsibilities, cyber security forensics personnel may perform many ongoing tasks. These may include regularly checking the company’s systems for computer viruses and other malware and performing virus scans; providing technical assistance on digital evidence matters as needed; and maintaining cyber defense software and hardware for immediate use as needed.
Salary and Job Outlook
Cyber forensics is an art as well as a science. An unusually talented and knowledgeable candidate can perform basic cyber forensics without a college degree. Most employers, however, require a minimum of a bachelor’s degree and many ask for additional specialty certifications. For jobs with major corporations, which are exposed to correspondingly greater risk than small organizations, candidates may need to hold an online cyber security master’s degree or the equivalent. Because the state of technology is constantly changing, ongoing education will also be essential to those on a digital forensics career path.
According to the Bureau of Labor Statistics, growth in all cyber security careers is projected to be 28 percent between 2016 and 2026—much higher than average. Payscale.com states that the median pay for digital forensic investigators as of April 2019 was $71,503, with an overall range of $41,194 to $119,360. Factors contributing to individual pay rates include education, certifications, additional skills or areas of specialization, and years of experience.
University of North Dakota’s Master of Science in Cyber Security Online Degree
University of North Dakota’s Master of Science in Cyber Security online program helps students prepare for careers in the high-demand field of cyber security. With four tracks offering different emphases, the program can be a starting point for many cyber
UND is accredited by the Association to Advance Collegiate Schools of Business International, which only recognizes about 30 percent of business programs in the United States. Coursework for UND’s Master of Science program is done online, which allows busy professionals to study cyber security and earn their degree without disrupting their work or personal lives. For more information, contact UND today.
Cyber security definition and difficulty – Cisco
What cyber security forensics professionals do – Forbes
Duties of cyber security forensics professionals – National Initiative for Cybersecurity Careers and Studies
Degree requirements – Forbes
Job growth outlook – U.S. Bureau of Labor Statistics
Salary figures – PayScale.com