DIGITAL FORENSICS SKILLSETS

FORENSICS

Dear Readers,

Thanks for reaching out.

The need for computer and digital forensics experts is growing significantly due to the increase in cyberattacks, with digital forensics skillsets becoming a critical element in helping IT security teams learn from security incidents.

Computer Forensics is the application of scientific examination and data analysis performed on computer storage media to discover potential digital evidence for the purpose of presentation in a court of law.

This type of knowledge, also referred to as computer forensics, allows IT-Security Professionals to learn more about the techniques that cybercriminals use and abuse, so that they can implement security controls that makes those techniques less successful.

From that perspective, “Digital Forensics” is a key part of the organization’s risk management approach.

Forensic need practical exposures. Patience and discipline are of the utmost important factor for the same. As an average, most of the forensicators are depends on toolset and far away from the basic understanding with the concept of fundamentals.

Digital Forensics is NOT only a tool, its require combination of set of standards, tools and intelligence (common sense) to make it successful.

Remember, cyber forensics in NOT a single dedicated domain, its an amalgamation of various domains. And If you’re find cyber forensics boring, actually you’re learning it from wrong teacher.

Myself learning from day to day cyber incidents and every case having a unique modus operandi, hence depending on the defined principle is not sufficient. Well, coming back to objective of the article, “to catch a criminal, you have to think like criminla mindset. Hence, these Tactics, Techniques, and Procedures (TTPs) key concept is required.

The most important skills completely depend on what all steps are focusing in “digital forensics” from A to B;

A: Technical SkillSet

As I simplified in old article, nutshell (IPAD)
I identification
P preservation
A analysis
D documentation

I
Understanding and identification of different types of evidence, where the data could reside, understanding of file systems, different acquisitions methodologies, order of volatilities according to live and dead Forensics, triage as in best practices etc.

P
Follow the proper chain of custody, maintain integrity, understanding of hashing, verification, practical knowledge of a different set of tools for imaging, working on case management

A
Manual analysis rather depends on automated parsers forensics tools, interpretation with artefacts, capable to build parsers, enscript, automation, hex analysis, data carving, work on different tools which are available in the market, proven ability to benchmark toolsets, understanding of latest technology transformation respect to digital forensics, knowledge of working culture such as Government authority, Law enforcement, corporate etc. Updated with emerging technology Forensics.

D
Must have report writing skill set, good in presenting findings, data analysis, documentation (doc, excel), knowledge of different standard operating procedures, expertise in techno legal etc

B: Common Skillsets

Understanding of fundamentals in information security

Must be a keen learner of technology-focused

Knowledge of cyber threat intelligence and incident response

Networking, Programming, Malware Analysis domain-based skillset as addon

Some pointers mentioned long back, may found here

https://d3pakblog.wordpress.com/2017/07/16/forensics-as-career/

Disclaimer: Jotted down some pointers as per my understanding and experience. Pls, ignore grammatical mistakes. Thanks