Over the past few years computer forensics courses at university have become more and more popular.
Initially it was just a few Universities offering these courses, Royal Holloway and Cranfield, but over time everyone else has got in the act.
Universities everywhere, from Glamorgan to Glasgow, Bournemouth to Birmingham, they all run a computer forensic course. Some lecturers are quite open, the courses are just a revenue stream for their Universitity, others imply that the course gives the students stepping stone into computer forensics.
Sadly, most courses are quite pointless. They are ran by people who have never worked in the industry, and there only experience is from a couple of police cases they may have seen, books they have read, or the research they have done.
The course are, generally, about 5 years behind the technology curve with lectures and students alike completely unaware of the applications now available. Concepts such as culling down data, clustering, review platforms, data theft, or the civil procedure rules, are hardly touched; if at all.
Data recovery is just touched on, and if you asked a lecturer about the best tools to recover a corrupted EDB file on RAID, they would, most likely, just stare back at you.
The legal side of the industry is only just covered, from a criminal perspective, where its very black and white, but the multi-billion dollar civil side of the industry, where most of the jobs are, is not covered at all.
So the information being taught is outdated, police orientated, and does not cover anything to do with Electronic Discovery, the Civil Procedure Rules or the like.
Having interviewed many many computer forensics graduate after computer forensics graduate over the past few years, I decided that meeting most of them was a waste of our time (mine and theirs), as their knowledge was so poor.
Some students, even those with a 2:1, had never handled hard drives, most had never heard of back up tapes, and none of them had a clue about the civil procedure rules (the very laws that govern the computer forensics industry for expert witnesses). Technical questions about de-duplication or the like fell on deaf ears, and most looked perplexed at the questions, let alone the answer.
There are some good lecturers out there, and some of the modules for some of the courses at some of the universities will be good. But for those hoping to get into computer forensics an MSc in Computer Forensics is not the best way to educate yourself in the subject, as the people teaching you have probably never done it.
So what’s a good way into the computer forensics industry?
If you are an undergraduate, do a degree in computer science, maths, or a pure science. Learn about computers, programming, and writing scripts.
In your spare time, get hold of a *ahem* copies of EnCase, FTK, and hex editors. Play with operating systems, learn about forensic artifacts, set up virtual machines and recover data. Buy old hard drives from eBay and try and find information on them. This way you will end up with a good degree, with a good background in science, and the basic skills for the subject you want to do.
If your a post graduate, and you have a coupe of grand to spend, follow the basic above, learn the basics of your craft in your spare time and then buy an EnCase Passport course. It costs around £3,000 and entitles you to as many Encase course as you want to attend in 12 months, you will certainly gain more from it than an MSc in computer forensics.
If you are on a course or run a course that you think is the bees knees, let me know. If you are thinking about attending a course, or think that your course is not what you had hoped have a go at the test below, or if your brave enough ask your lecture to have a go at the tests here, and see how they do!
Computer Forensics is about experience, intellect, and knowledge of the tools and the subject.
I have a BSc in Chemistry, completed numerous course ( including nearly all of the EnCase Courses and several FTK courses), worked in 4 continents, over a decade of investigative experience and an MSc in computer forensics.
The MSc had been of the least value to me, in terms of practical or theoretical knowledge.