how to learn computer forensics

  • Posted by: admin
  • 2017-07-03

how to learn computer forensics

Learning computer forensics is a combination of self-teaching, educational training and on-the-job training. A computer forensic examiner solves crimes involving digital media and, of course, a computer. He or she is an expert in gathering, recovering, examining and offering data evidence in scams like identity theft and electronic fraud.


But, those who choose to work in computer forensics also will find themselves working on cases such as

– intellectual property theft

– forgeries

– bankruptcy investigations

– employment disputes

– inappropriate email and internet usage in the workplace

– regulatory compliances

– industrial espionage



People who love computer forensics, love computers. They spend hours reading about computers and how they work. This includes terms like registry keys, software, hardware and root kits. People who love forensics will want to know how things fit together. For them, it is not enough to know the what. They must know the how.


Information can be found everywhere on computer forensics from the Internet, to books, to forums, to product information FAQs.

Educational Training

But a huge part of the job of a computer forensic examiner is testifying in court and working with law enforcement. For accuracy and clarity, it is important to have solid educational training in the area of computer forensics as well.


The love of computers needs to be there, of course, because that is what time is spent doing. But without a solid educational foundation, one will have no credibility to stand on when sitting in front of a jury.


There are many colleges that offer degree programs in computer forensics. Within these degree programs, you have classes like accounting fraud, cryptography and forensic analysis.


On the Job Training

The bulk of your knowledge about forensics will come as you actually do the job. No textbook can teach or prepare you for some of the situations you will find yourself in because each will be unique and different. Below is a layout of the forensics process.


The Forensics Process


There are three steps to the forensics process:

  1. Collecting the evidence and logging it


  1. Analyzing the evidence


  1. Identifying incriminating evidence and its direct relationship to the perpetrator


These steps are usually done while the suspect’s computer is running. So, to collect the evidence, you need the proper tools. In order to be able to conduct the process, you need the proper toolkit. Your forensic toolkit should consist of six specific things:


  1. a helix forensic CD – this is your basic tool for your investigation.
  2. a digital camera – You will use this to capture and kind of physical state of the suspect’s computer, laptop, etc.
  3. Evidence USB hard drive (500 GB) – You must have this to make an evidence copy of the specified disk drive
  4. Analysis Computer – This is your main tool which will probably be a laptop. Always make sure it is 100 percent clean with no cookies, no viruses, no Trojans or anything that can corrupt the evidence.
  5. VDK driver – This is for the analyzing of the computer. It is a driver that will enable you to mount an image created during your evidence collection.
  6. Antispyware/Rootkit detector software for your analysis computer


Learning computer forensics is as easy as downloading the course from the Internet, or attending a college and earning your degree. But there is one important thing to remember when considering the field. If you do not love computers, you will not love this line of work because all of your time is spent with a computer unraveling its mysteries.