Skip Navigation

Computer Forensics

In the computer-driven, web-driven 21st century, there's a high demand for specialists who can design, install and troubleshoot computer networks. There’s also a high demand for professionals who can protect computer users—and networks—from viruses, identity thieves, hackers and other cyber criminals.

Whether you’re changing careers or are looking to build on your existing information technology (IT) education, CLC can be your gateway. Practical courses, taught by exceptional instructors, will prepare you for a rewarding, well-paying career.

Digital detective work

Malicious computer viruses that disrupt the lives of millions—and cost organizations millions of dollars... employees who steal credit card numbers or other classified information... hackers... terrorists... sexual predators lurking online... the list goes on.

Cyber crime is growing, and so is the need for skilled professionals who are able to detect and prevent it.

What does this career involve?

They may not have the weekly chase scenes as portrayed in popular TV crime dramas, but computer forensics experts in real life stay busy with their most important tasks: Collect, examine and preserve evidence or information that is digitally stored or encoded. The storage media can range from servers, desktop computers and laptops to MP3 players, memory sticks (jump drives), CDs and more.

More than examining deleted emails, a computer forensics expert tracks financial records, looks into intellectual property theft, finds out if files have been copied to CDs or if there has been improper use of a computer network. While most of the work concentrates on criminal activity, computer forensic techniques can be used in other e-discovery situations, such as re-tracking steps taken when data has been lost at a corporation.

For a computer forensics professional, duties fall into four main categories:

  • Identify sources of digital evidence. Use digital forensic tools such as password crackers, network communication protocols and email converters. DiskEdit and WinHex are DOS-based hex editing tools used to examine and recover files stored on a disk.
  • Preserve the evidence—without altering or destroying it. All printouts, disks and other physical evidence must be collected properly, to ensure that it is valid and admissible in court. For example, investigators make a digital copy of the original hard drive or portable storage device. They then lock the original in a secure facility to maintain its unaltered condition. All investigation is done on the digital copy. Specialized software allows detectives to look for evidence, such as the true date on which a file was created or modified.
  • Analyze the evidence. Determine how email messages, photographs, documents and other parts of an electronic “paper trail” fit together and point to wrongdoing or criminal activity.
  • Present the findings—in a court of law for a criminal case. For a non-criminal case, such as an employee suspected of severe Internet time-wasting, a computer forensics specialist may present findings to the employer’s human resources or security department.

What are the typical job titles?

In addition to computer forensics technician, common job title include: computer forensics examiner, computer forensics analyst, incident response specialist, senior security forensics investigator, information systems security analyst, security engineer, e-discovery and data restoration specialist and director of forensic technology services.

Computer forensics technicians work for law enforcement agencies, detective agencies, corporations and branches of federal, state or local government. Many are self employed as consultants.

What is the salary range?

As with any career, the salary depends on training, level of experience, geographical area, economic conditions and other factors.

What are the job prospects?

To learn more, refer to the Bureau of Labor Statistics Occupational Outlook Handbook for Information Security Analysts.