Studying forensics can be a good career move for IT professionals. Many colleges teach computer forensics as part of computer studies and there are also both bachelor's and master's degrees in the subject in some universities. Accountants and lawyers may find computer forensics covered in their studies, and there are vendor-specific qualifications such as those from Cisco and Microsoft.
A key international professional body in the field is the ISACA, which claims to have 75,000 members in 160 countries. The main qualifications are: Certified Information Systems Auditor (CISA); Certified Information Security Manager (CISM); and most recently, Certified in the Governance of Enterprise IT (CGEIT).
The Information Security and Forensics Society (ISFS) was set up in 2000 to regulate and standardise the practice of information security and forensics professionals in Hong Kong and the surrounding region. In conjunction with local universities, it supports a wide range of qualifications ranging from graduate diploma in computer forensics to a variety of master's degrees that can be studied part-time or online.
Another significant professional body is the International Information Systems Security Certification Consortium (commonly known as ISC²), which covers security policies, including forensics and grants various professional qualifications. It claims more than 50,000 information security professionals in more than 120 countries.
All organisations large enough to have an IT staff will need computer forensics skills occasionally, either in-house or outsourced to forensics service providers.
"At the heart of computer forensics is e-discovery, the collection of evidence that will stand up in court," says Logan. "Enterprises that are involved in a significant number of criminal or civil court cases annually need to decide whether to outsource this work to the specialist vendors, or to develop their own in-house resources. Organisations that are new to the e-discovery process, that have always done it manually, that are at the beginning of or in the middle of legal proceedings, or that only have a few matters per year, should first look to the vendors."
Outsourcing is expensive, but a good option in the early stages, especially if the e-discovery involves material that is difficult to work with such as CAD/CAM drawings. But in the long run, in-house skills are cheaper: "Gartner believes the balance will slowly shift from these outsourcers to the enterprise software vendors," says Logan, "as more law firms, regulators and end-users become aware of the options and the software matures. Companies with more than 10 pending matters, or that anticipate more than 10 matters per year, should consider in-sourcing at least part of the e-discovery process."
There are pros and cons to these two approaches. Internal staff may be well-versed in the organisation's structure and security provisions, including such things as user access rights and security policy. But external computer forensics specialists have one big advantage: "They are well-trained and work with many companies," says Steven Chew Lai Keat, senior lecturer, computer science department, Singapore Polytechnic, "So they may be familiar with the whole spectrum of threats facing computer and Internet users."
Sign up for Computerworld eNewsletters.