Skip to main content
2 answers
5
Asked 3074 views

What does a typical day look like for a Computer Forensic Analyst?

I am working towards to becoming an Computer Forensic Analyst, and I was wondering what a typical day looks likes. How many hours do they work? Do they work odd hours? What processes do they go through every day? That sort of information would be helpful.

#computer #forensic #information-technology

+25 Karma if successful
From: You
To: Friend
Subject: Career question for you

5

2 answers


5
Updated
Share a link to this answer
Share a link to this answer

Terrie’s Answer

Hi Katie - great question! The beauty of a Computer Forensics career is that it isn't usually the same thing, day in, day out. An answer you will learn early on in this industry is "depends". Depending upon what forensics engagement you are participating in, you may work general 8 hours a day, or many hours, in the pursuit of seeking answers. For example, if you are working for a company that may have been hacked, you may work 12-14 hour days throughout the duration of the compromise, OR, if you are working for a company investigating users not being too productive, you may work a regular 8 hour day.


In regards to processes, this also "depends". If you are handling evidence, such as receiving and imaging a hard drive, you would follow a Chain of Custody and/or an Evidence Handling process. If you are investigating a person, you may follow similar processes as I just stated. If handling a compromise, your process would be different. Again, your processes will "depend" upon whether you are dealing with a cloud environment, physical evidence, or connecting to a system over the wire.


This career requires critical thinking, attention to detail, documentation, analytical skills, and continuous learning. The industry is very big on sharing knowledge and research and gives you the opportunity to continue to grow and study, even when school is done. Hope this helps! #computer#forensic


Terrie recommends the following next steps:

Look for an internship over the summer
Thank you comment icon I agree I think Depends is the right answer as each Company will be a little bit different, with the exceptions of some processes like following the proper steps ensure your Evidence can hold up in a Court. So, to add a little bit I think you should, look at the company you want to work for, a good rule of thumb is the smaller the Security department the more different tasks you will be doing each day - while a larger group or company could be more specialized - In this field you will always be busy. Eli Richards
5
1
Updated
Share a link to this answer
Share a link to this answer

Esteban’s Answer

You wake up and grab your coffee (or tea) and reflect on the last few days worth or work you've done. Perhaps you listen to one of many computer security podcasts, like SANS Internet Stormcast, that provide you with the latest hacks or vulnerabilities out there in the world. By now, you've gotten a task from the project manager you're working with. This is the person that fields the work from clients. They know what you are working are and what your specializations area.

For example, maybe you're the person on the team that knows everything about mobile phone forensics. You know how to dig into an iphone or android phone app to find hidden data or phone call logs. Or perhaps you're the specialist on Cloud technology and you know a lot about how Amazon cloud services are used and you can find S3 buckets used by an attacker to store data they've stolen from a company.

You'll spend your day figuring out the puzzle buy evaluating logs, drive images, or system configs, or even application code to figure out how did someone break this companies security and what did they do. You might need to code up a script or application to evaluate the tons of data you have from client systems.

If you are successful and find the right evidence, you'll end up writing a report that explains what you found to people how are relying on you and your expertise to explain to them what happened. This is your time to shine and yes it does rely on being able to write up a good report that is accessible and readable. Especially by clients or customers who are not computer forensics experts. They don't know what you know and need to understand what you've identified in terms that make sense to them. So good written communication is key.

Then you end your day with the satisfaction of having solved a mystery or having helped a client recover what they care about...saving their business or at the very least understanding what happened how it effects their business.


Thank you comment icon I appreciate that this answer calls out the reporting step. In my experience it's one of the main competencies that sets cyber/security specialties apart from other specialties. While a developer or ops role will sometimes need to perform documentation as part of an investigation, root cause analysis or after-action activity, it's much less frequent than in cyber positions. Most cyber roles like Forensics will be expect to do an analysis write-up showing technical details, accessible explanations, and derived conclusions as part of their day-to-day activities. Joshua Cartwright
1