What Do Cyber Security Forensics Professionals Do?

View all blog posts under Articles | View all blog posts under MSCS

Hands typing on a backlit keyboard.

Cyber security is the protection of networks, systems, devices and data from attacks by unauthorized individuals or groups seeking to exploit confidential information. According to IBM, the average cost of a data breach in 2021 was $4.24 million — the highest amount since the company first began tracking breaches in 2004.

With the emergence of cloud technology and the Internet of Things (IoT), protecting an organization from digital assaults aiming to access, change or destroy sensitive information is becoming increasingly difficult. Cyber threats are made more dangerous by increasingly sophisticated cyber attack strategies devised by tech-savvy cyber criminals acting either alone or as part of an organized cyber crime unit.

Many companies have dedicated cyber security personnel on staff and systems in place to prevent infiltration. Despite these efforts, attackers regularly succeed in compromising organizations’ digital files and information. When they do, an expert in cyber security forensics may be called in to evaluate the problem and find a solution.

This task is challenging and requires highly specialized skills and knowledge. For this reason, employers are increasingly looking for candidates with advanced degrees. A Master of Science in Cyber Security is one option, offering a solid basis for a digital forensics career path or another cyber security career.

Cyber Security and Forensics: An Overview

At its most basic level, the job of a cyber security forensics professional is to cope with cyber crime after it has occurred. Their work combines data recovery with legal compliance to investigate an incident and identify who was responsible. This includes a variety of tasks that may differ from case to case, including recovering and analyzing information from data storage devices (including computers, phones and networks), tracking down cyber criminals, recovering stolen data, following computer attacks back to their source and aiding in other types of investigations involving computers.

On its website, the National Institute for Cybersecurity Careers and Studies (NICCS) breaks these tasks down into more specific lists of duties that fall within the cyber security forensics area:

Gathering evidence of cyber crime:

  • Confirm known findings concerning an intrusion and discover new information, if it exists
  • Catalog, document, extract, collect, package and preserve various forms of digital evidence
  • Analyze log files and other information to identify the perpetrator(s) of a network breach
  • Recognize and report evidence that a particular operating system was used in an intrusion
  • Extract protected data or recover deleted files using specialized programs and tools
  • Analyze network traffic connected to malicious activities
  • Restore an “image” of a computer drive to see the intrusion as the user may have seen it, and possibly to find clues
  • Look for intrusion “artifacts” — for instance, small alterations of a system’s source code or system configuration — that yield hints about an intrusion

Preparing obtained data:

  • Create a duplicate of all digital evidence to ensure that the original evidence is not unintentionally modified and to use for data recovery and analysis processes
  • Use specialized programs and procedures to decrypt seized data
  • Process images with appropriate software tools, depending on the analyst’s goals and needs, for later analysis

Analyzing data:

  • Compare and contrast digital files to see if their “signatures” match
  • Compare databases to discover alterations or errors
  • Analyze timelines to see when events occurred and in what order
  • Review images and other data sources for recovery of potentially relevant information
  • Use specialized software to perform real-time forensic analysis as events unfold
  • Examine all other recovered data for information that is relevant to the incident

Reporting cyber crime:

  • Create and maintain a tracking database for evidence acquired in an investigation
  • Provide a summary of findings in compliance with reporting procedures
  • Serve as a technical expert for and liaison to law enforcement personnel and communicate incident details
  • Ensure that the chain of custody for all digital media complies with the Federal Rules of Evidence
  • Write and publish cyber defense recommendations, reports and white papers that break down the incident and its findings for appropriate audiences

Cyber Security Forensics Tools

Along with their crime-related responsibilities, cyber security forensics personnel may perform many ongoing tasks. These may include: regularly checking the company’s systems for computer viruses and other malware, and performing virus scans; providing technical assistance on digital evidence matters as needed; and maintaining cyber defense software and hardware for immediate use as needed.

Cyber security forensics professionals’ tools are generally split into two groups: hardware and software. Forensics hardware consists of devices such as hard-drive duplicators or forensic disk controllers that store gathered information in an unalterable state, allowing the data to remain intact and immune to modification or deletion. This preserves the integrity of the data, increasing its reliability if it needs to be admitted into evidence.

Forensics software extracts data or cyber crime evidence. These programs may focus on one aspect of the forensics process, such as disk analysis, image creation, mobile forensics (extracting data from cellphones and other devices) or network analysis. These tools can identify components of a cyber attack, such as vulnerabilities concerning networks, policies or configurations.

While hardware and software are essential to cyber security forensics, they are only as effective as their operators. Professionals in these roles must have the analytical and critical thinking skills to use these tools effectively. They must also monitor the latest trends in cyber crime in order to stay ahead of would-be attackers.

Cyber Security Forensics Salary

Cyber forensics is an art as well as a science. An unusually talented and knowledgeable candidate can perform basic cyber forensics without a college degree. Most employers, however, require a minimum of a bachelor’s degree and many ask for additional specialty certifications. For jobs with major corporations, which are exposed to correspondingly greater risk than small organizations, candidates may need to hold a cyber security master’s degree or the equivalent. Because the state of technology is constantly changing, ongoing education will also be essential to those on a digital forensics career path.

Job growth for all cyber security professions is projected to be 33% between 2020 and 2030 — much higher than the average 8% growth for all professions, according to the U.S. Bureau of Labor Statistics (BLS).

PayScale reports that the median pay for digital forensic investigators as of March 2022 was approximately $65,400, with the top 10% earning around $101,000. Factors contributing to individual pay rates include education, certifications, additional skills or areas of specialization, and years of experience.

Help Build a Secure Digital Future

As new ways of exchanging information through technology emerge, new methods of cyber attacks evolve in response. This constant cycle makes the role of a cyber security professional fundamental to an organization’s success. It also makes for a challenging and rewarding career.

The University of North Dakota’s online Master of Science in Cyber Security program helps students prepare for careers in the high-demand field of cyber security. The curriculum is designed to cultivate the knowledge and skill set needed to excel in advanced cyber security roles. With certificate tracks in Cyber Security Analysis, Ethical Hacking, Computer Forensics and Secure Networks, the program allows students to gain expertise in an area that particularly aligns with their interests.

Learn how the University of North Dakota can help you work toward a fulfilling career in an exciting field.


Recommended Readings

Common Types of Cyber Attacks and Prevention Tactics

10 Cyber Security Trends to Look for in 2021

What Is Vulnerability Analysis? Exploring an Important Cyber Security Concept



Cisco, What Is Cybersecurity?

Cybersecurity and Infrastructure Security Agency, CISA Cyber Defense Forensics Analyst

CyberSecurity Mag, “10 Best Tools for Computer Forensics in 2021”

G2, Best Digital Forensics Software

IBM, How Much Does a Data Breach Cost?

National Initiative for Cybersecurity Careers and Studies, Digital Forensics

PayScale, Average Digital Forensic Investigator Salary

TechTarget, “What Is Computer Forensics?”

U.S. Bureau of Labor Statistics, Information Security Analysts