FRAMINGHAM, 19 OCTOBER 2009 - Last year, when UCLA Medical Center announced the firing of 13 workers and disciplined several others for snooping into the electronic medical records of pop star Britney Spears, it was IT forensics work that enabled the hospital to correctly identify the culprits.
And after part of a large cargo ship sank in international waters, it was IT forensics experts who recovered and analyzed the computer log files associated with the ship's loading processes. Information resulting from their investigation revealed that the log files had been altered after the ship sank and a month before the computers were turned over to authorities for inspection.
The role of IT forensics expert typically falls under the broader job category of IT security. These security pros are in high demand at private companies, law enforcement agencies and law firms, which hire them to gather evidence and serve as expert witnesses during court proceedings.
The primary job of an IT forensics expert, as described by the SANS Institute, is to analyze "how intruders breach an IT infrastructure in order to identify additional systems and networks that have been compromised." Investigating attacks requires proficiency in forensics and reverse-engineering, as well as exploit methodologies, SANS notes.
Several certifications in IT forensics are available through both vendor-neutral organizations like SANS, which offers the GIAC Certified Forensics Analyst certification, and security software vendors, including Guidance Software's EnCase Certified Examiner certification.
Pay for IT forensics experts varies depending on where in the country they work and what their exact titles are. Specific job titles of professionals who perform IT forensics work include security analyst and security administrator. The national average annual salaries for those titles are $84,700 and $85,300, respectively, according to data collected in 64 U.S. cities through July 2009 by Foote Partners LLC.
At least for now, there is no definitive route for becoming an IT forensics expert. For example, Steve Hunt, a security industry analyst at the Computer Technology Industry Association (CompTIA), believes liberal arts students who majored in math or philosophy make the best IT forensics experts. "These are people who will take different ideas and reassemble them in different ways," Hunt says.
"There's a natural talent for it," says Alan Paller, research director at the SANS Institute. "The ones who are best have an inquisitive, take-it-apart personality. They'll spend hours and hours and hours digging into things."
Not surprisingly, that can be the downside of the work. "It can be lonely," says Gregory Evans, CEO of Atlanta-based Ligatt Security International LLC. But it can also be incredibly rewarding, adds Evans, whose IT security firm recently helped track down a child molester by tracing his e-mails.
Sign up for Computerworld eNewsletters.