Careers in Cyber Forensics

For those of you, excited by the prospect of investigating cyber crime, tracking criminals, hackers and the like, Cyber Forensics would be the right choice. However, the knowledge areas to be mastered by a trained professional include computer security, crime prevention techniques and understanding the emerging trends in technology abuse in virtual space. This article guides you on the intriguing domain of Cyber Forensics and career options on offer

Saturday, August 01, 2009

Print

Comment

Email

Digg

Del.icio.us

Reddit

Twitter

IT has engulfed our lives so much that most of our daily activities are dependent on it. And with so many people using it as part of their lives, it has also emerged as a means for criminal activities. It is not just an individual who is threatened by illegal activities in cyber space, but even an entire country's security could be at risk. For instance in 2008, there was news that the email system of the Indian Prime Minister's Office was affected by a computer virus for three months, and upon investigating it was revealed that its computers were being remotely controlled. One might also recall the 2006 train bombings in Mumbai, where terrorists used advanced techniques such as IP address masking for funds transfer and other communications.

Most terrorists groups now communicate through masked IP addresses and use proxy services so that their activities become hard to trace. To make matters worse, there are always cases where sensitive data has been stolen through a network attack or identity theft. It is in such cases that a cyber forensic expert dons his gloves to follow the digital trail left by criminals and helps bring perpetrators of such criminal activities to justice.

Why society needs Cyber Forensics pros
Cyber Forensics is a new and developing field, which can be described as the study of digital evidence resulting from an incidence of crime. The science involves the investigation and a computer to determine the potential of legal evidence. It helps create preventive intelligence and threat monitoring besides post incident investigations. The growing spectre e-commerce and web-based business transactions has changed the way white- collar crime is committed. Enterprises have become increasingly concerned about the use of computer networks for corporate spying and other similar threats. In addition, extraordinary risk factors such as terrorism in India are also witnessing a strategic change from an operational perspective. India, like elsewhere, is also witnessing an exponential rise in the number of frauds done through computers and IT systems.

From the government's perspective, cyber security has become as important a parameter for national security as physically safeguarding the nation's borders. In fact, there exists a critical dependence of various industries and business sectors on the government-controlled IT infrastructure and networks. And if any vulnerability is attacked by terrorists, it can be disastrous for the country's corporates and businesses. For instance, the banking sector's inter-bank financial settlement process is based on a centralized IT infrastructure that's managed by RBI, and any disruption in the system can cause tremendous loss to the sector. Such high IT dependence is also present in national assets like oil and gas networks, national stock exchanges, railways, air traffic controls, etc. Such systems are prime targets for hackers as well as terror organizations to cause severe business and economic losses to the country. This has further escalated the need to have Cyber Forensics experts in India to preserve country's IT assets against operational and reputation risks. Thus, Cyber Forensics professionals are not just required by enterprises for their information security, but also by government agencies to keep track of nation's cyber security and preserve it from malicious attacks.

Forensic – as per the dictionary definition relates to the use of science and technology for establishment of facts or evidence in a court of law. Similarly Cyber Forensic helps extract information from computer storage and other media to establish facts in a manner that can be presented in the court of law. Before anybody can even start doing any Cyber Forensics – one should be well trained in a vast array of IT aspects – like hardware, networking, Internet security and operating systems. After a few years of hands-on experience in the above mentioned aspects, the person can start learning Forensic Acquisition (Imaging) with various commercial and Open source tools, Analysis/Correlation of the information and finally E-Discovery. Cyber Forensic experts are typically needed by Law Enforcement Agencies – as the agencies themselves might not have the tooling/expertise to conduct very high end data analysis. The demand/supply ratio for cyber forensic professional is 1:10 – that says how hard it is to find a decent CF professional in India. Murali Talasila, Director-Forensic, KPMG

Opportunities in Cyber Forensics
A Cyber Forensics professional is required to gather electronic evidence of misuse of computer networks and provide evidence in a court of law to bring the culprits to justice. A Cyber Forensics pro is sought by both public as well as private sector. In the public sector, people are mostly absorbed in law enforcement agencies like cyber crime cells, state forensics departments and central agencies like the CBI. In the private sector, it's the information that is of paramount importance for the enterprises, and so they require professionals to safeguard their data from being stolen and misused and also preserve them from hackers. Additionally, there are specialist companies that work on ethical hacking, Cyber Forensics and IT security. A budding Cyber Forensics expert can start his career as a cyber analyst or engineer for an enterprise after gaining experience and domain knowledge can proceed to niche areas in Cyber Forensics. Also, professionals can divert to freelancing and become independent security consultants.

It is estimated by NASSCOM that demand for professionals in Cyber Forensics would be around 90,000 by 2010 in India, whereas world-wide this figure is estimated to touch about 2,00,000, but the industry estimates much higher demand in the local as well as overseas market. With such demands, it is estimated that there would be a shortfall of 35,000 to 45,000 of such professionals in India alone.

Keeping the increasing data thefts and information breach in enterprises in mind, there is an increasing realization worldwide for establishing internal controls and policy compliance as part of corporate governance for organizations. There is already a lot of regulation internationally, such as the Sarbanes Oxley Act, Basel II, Patriot Act and Data Protection Act. All these require organizations to take responsibility to manage their operational risks, ensure data protection, prevent corporate fraud, and enable their storage and archive systems for e-discovery requirements, for litigation purposes. Even the recent fraud in Satyam is a prime example of why such regulations have become the need of the hour. Demand for Cyber Forensics pros is already high in developed countries like the US and Europe and there is also a large demand-supply mismatch in the availability of experienced professionals.

Page(s)   1  2