Computers and technology are an inseparable part of modern personal and professional life. Computer forensics is the field of study dedicated to investigating all types of cybercrime and situations pertaining to cybersecurity.
The field of cybersecurity is a job sector to watch as private citizens and companies alike find themselves more vulnerable to digital attacks. Within the field of cybersecurity, computer forensics is critical to modern businesses and assists in preventing attacks by analyzing proprietary data and consumer information.
Demand for Cybersecurity Professionals
The demand for cybersecurity professionals is increasing at a promising rate. According to data from the U.S. Bureau of Labor Statistics, this field expects to see an increase in the volume of jobs by 30% in the next 10 years.
The technology to address these issues is also quickly evolving and professionals need continual training to meet the demands of the job market.
The Cybersecurity Industry in Michigan
In the state of Michigan, the automotive industry is driving part of the demand for IT professionals. According to Cybersecurity Guide research, "It's no surprise that Michigan leads the nation in terms of automotive cybersecurity research and development." As cars become more futuristic and incorporate devices and features that require connectivity to the internet, they must be protected from cyber attacks. Consequently, the automotive industry is driving some cybersecurity growth.
Baker College’s College of Information Technology & Engineering offers bachelor’s degrees and Master of Science degrees to help educate the next generation of cybersecurity professionals in the state.
What Is Computer Forensics?
Computer Forensics is the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law.
Analysts can do everything from document the location of a person indicted in a crime to retrieving data from the individual's cell phone and other devices.
Types of Cases
The field can include criminal and civilian cases, with computer forensic analysts working with others to resolve cybercrime on a more local or interstate level. The hardware of computers and media becomes a piece to be studied in an investigation. The Cybersecurity program offered at Baker College includes a course in Computer Forensics and Investigation, where students learn how to present material as expert witnesses and work with law enforcement legal teams. Thus computer forensics overlaps with the criminal justice area.
A leading institute in the field, Forensic Control, explains concisely how computers factor into criminal investigations. They postulate, "Computers can be considered a 'scene of a crime' — for example with hacking or denial of service attacks." A computer is a neutral entity, but it becomes a piece of evidence and part of the remnants of a crime. When crimes such as selling illegal substances or plotting an abduction happen online, there is a record on the device where a criminal worked. The responsibility of the specialist would be to compose a data trail and build a case with relevant material like cell phone logs or website records.
Computer forensics also covers cyber security, which largely deals with breach prevention and testing. A data breach is when confidential information is exposed, such as sensitive business information.
The second part of the role entails safeguarding the existing information, performing patches, stopping denial of service attacks, and testing the firewall. This is less about criminal and civil cases and more about information systems.
Cybersecurity may entail corporate or government work involving international incidents, such as investigations into countries hacking sensitive businesses, or espionage attempts as the world remains a politically unstable place.
The Biggest Challenges in Today's Computer Forensics
Most people are familiar with the technology that encrypts data, such as passwords, or messaging programs that encrypt the data like Signal. Encryption is a challenge in the sense that it often requires cracking the code to a password. This can be time-consuming for specialists, or relatively easy depending upon whether the individual left any clues on paper, or made a password that was easy to guess.
It is difficult to find evidence on a computer because of the expanded storage space due to cloud computing, external hard drives, and computers with larger storage drives. In an investigation, this makes it more difficult to quickly find evidence.
Processing power and the amount of storage are crucial. The available technology must be adequate to allow a specialist to adeptly regulate the amount of data being processed at a given time.
Internet of Things (IoT)
Wired magazine defines the IoT as "everything connected to the internet, but it is increasingly being used to define objects that 'talk' to each other." Nearly everything has internet capacity and can be breached. New technology with internet capacity, such as Tesla cars or a smart home system, are particularly vulnerable.
Anti-forensics includes methods to hide or hinder investigations with overwriting or encrypting data. It also includes using technology to disguise a hacker's location to make their apprehension or detection more difficult. This can happen during a ransomware attack when valuable information is stolen and held for ransom. The data is encrypted and held until the ransom is paid. Sometimes it is never returned, even when the ransom is paid due to the level of malevolence in the attack.
Legality and Compliance
Cloud technology can easily be hacked and is targeted by cybercriminals. Also, sharing information makes users vulnerable to accidentally encountering malware, trojans, and viruses hidden in the files. Organizations that host files can become the center of investigations about users who encounter such problems. In the past, investigations have been used to identify who is responsible for spreading the malicious content vs. who is a victim of said destructive programs.
Techniques, Analysis, and Computer Forensics Tools
Successful IT professionals are notorious for self-study and toying around with various programs. It is often a passion for computers that brings them into the field. Forensics is also a bit like detective work, putting pieces of information together to come up with the bigger picture
There are several career paths and applications for computer forensics. Someone who wishes to work with local law enforcement and the court system is going to use tools for internet analysis, file viewers and analysis, network and database analysis, etc. These tools are available in a multitude of software programs and facilitate the study of the computer for procuring evidence. The IT professional will often have a say in which software to run if they are working for a small police department or jurisdiction.
For more information about becoming a cybersecurity professional, our admissions advisors are here to make specific recommendations and walk you through your options.