Forensic computer analyst

As a forensic computer analyst, you'll investigate computer-related crime, also known as cybercrime, that can include data breaches, security incidents and other online criminal activity.

You'll use a range of specialised software and investigative techniques to secure, retrieve and analyse data linked to a variety of illegal activities, including:

• cyberstalking and harassment
• hacking
• network intrusions
• online scams and fraud
• political, industrial and commercial espionage
• phishing and ransomware attacks
• spam campaigns
• terrorist communications
• the possession and distribution of illegal or indecent images
• theft of confidential information.

You will investigate crimes where digital devices can either be the target of the offence or where they are used to commit a crime. Devices and online systems may also be used for illegal communication and data storage.

Your investigations can focus on data stored on a range of devices and platforms, including:

• cloud-based systems
• mobile phones
• personal and work computers
• removable storage devices such as flash drives
• tablets
• unmanned aerial vehicles (drones).

Job titles vary and may be advertised as digital forensic analyst.

What does a forensic computer analyst do?

As a forensic computer analyst, you'll need to:

• secure digital systems and devices to prevent evidence from being altered or tampered with
• use specialist forensic tools and software to extract, recover and analyse digital data
• investigate data from computers, mobile phones, cloud-based systems and removable storage devices
• recover deleted, damaged, hidden, encrypted or password-protected files
• examine digital evidence linked to cybercrime, fraud, harassment and other criminal activity, including sensitive or confidential material
• trace digital activity, communication and data trails between individuals or groups
• assist investigators at crime scenes by identifying and securing relevant digital devices and evidence
• work with investigators, cyber security teams and other specialists during digital investigations and incident responses
• collect and preserve evidence in a legally admissible way and maintain accurate records
• write technical reports and, where required, present evidence in court as an expert witness
• keep up to date with evolving cybercrime methods, forensic technologies and legal or regulatory standards through ongoing professional development
• deliver training and provide technical advice to staff in other departments to increase their understanding of computer forensic processes.

What salary can I expect as a forensic computer analyst?

• Typical starting salaries for forensic computer analysts range from £25,000 to £30,000 a year.
• With experience, salaries can rise to between £35,000 and £50,000 a year.
• Senior analysts, specialists and managers may earn £60,000 or more, particularly in larger organisations or specialist consultancy roles.

Salaries vary depending on your level of experience, technical expertise, location and the size and type of organisation you work for.

Gaining professional qualifications and certifications can help increase your earning potential.

Income figures are intended as a guide only.

What hours does a computer forensic analyst work?

Working hours generally range from 37 to 40 hours per week, although some flexibility may be required depending on the type of assignment or investigation you're working on.

Some organisations require around the clock cover, with staff working on an on-call rota to respond quickly to cyber security incidents and criminal investigations.

Full and part-time roles are available.

How do I become a computer forensic analyst?

You'll usually need a relevant degree or equivalent in a subject such as:

• computer science
• cyber security
• digital forensics
• software engineering.

Other useful subjects include science, technology, engineering and mathematics (STEM)-related subjects, network security, data science and electronics.

You may also be able to enter the profession with an HNC or HND plus relevant experience. Having practical experience and industry certifications is valued by employers.

It's also possible to get into the profession through a Level 6 cyber security technical professional degree apprenticeship. Apprenticeships combine paid work with academic study, allowing you to train on the job. Search for an apprenticeship

Having a relevant postgraduate qualification can be useful, particularly if your first degree wasn't in a related area. The National Cyber Security Centre (NCSC) lists certified degrees and postgraduate qualifications in cyber security and related fields from a range of universities.

Search for postgraduate courses in computer forensics or cyber security.

Entry without a degree is possible by starting in an entry-level IT or cyber security role and working your way up through further training and industry-recognised certifications.

Some roles, particularly those in law enforcement or government, require security clearance.

What skills does a forensic computer analyst need?

You'll need:

• knowledge of digital forensic tools and software such as EnCase, FTK, Cellebrite and XRY used to recover, preserve and analyse digital evidence
• understanding of operating systems including Windows, macOS, iOS and Android for investigating computers and mobile devices
• analytical and problem-solving skills for identifying patterns, tracing digital activity and interpreting complex data
• attention to detail and a methodical approach when handling sensitive digital evidence and maintaining accurate records
• written and verbal communication skills for producing forensic reports and explaining technical findings to technical and non-technical audiences
• the ability to work under pressure during cyber security incidents and criminal investigations while meeting deadlines
• integrity, confidentiality and professionalism when working with sensitive information and secure systems.

Where can you find forensic computer analysis experience?

You may be able to take a placement year as part of your degree, which can provide first-hand industry experience and help you build professional contacts. If that isn't possible, look for summer internships with IT, cyber security or technology companies.

Finding specific forensic computing experience can be difficult due to the sensitive nature of the work, but broader IT and cyber security experience in areas such as network administration, operating systems, software development and data analysis is useful.

You can also build practical skills through cyber security competitions, online labs and capture-the-flag (CTF) challenges offered by organisations such as TryHackMe and Hack The Box.

Student membership of professional organisations and cyber security communities can provide access to networking opportunities, industry events and careers information. Relevant organisations include:

• BCS: The Chartered Institute for IT
• Chartered Institute of Information Security
• CREST - careers and student community resources.

Several groups and initiatives are working to improve diversity within cyber security, including We are Tech Women and the Fraud Women's Network.

Find out more about the different kinds of work experience and internships that are available.

Who employs forensic computer analysts?

Any organisation that handles sensitive information or may be vulnerable to cyber security incidents and data breaches may employ forensic computer analysts within in-house cyber security or digital forensics teams.

Opportunities are available across both the public and private sectors. Typical employers include:

• digital forensics and cyber security consultancies
• financial services organisations, including banks and accountancy firms
• government agencies and departments
• intelligence and security services, including GCHQ and MI5
• IT, technology and telecommunications companies
• police forces and law enforcement agencies, such as the National Crime Agency (NCA)
• public sector organisations, including the health sector.

Jobs are available throughout the UK and internationally, particularly in major towns and cities.

With experience, there may also be opportunities to work as a self-employed consultant.

Look for job vacancies at:

• Civil Service Jobs
• CyberSecurityJobsite.com
• Forensic Focus Jobs
• Police Oracle Jobs

A number of recruitment agencies specialise in cyber security and forensic computer analyst roles, including ARM Recruitment.

Where can a career as a computer forensic analyst lead?

You may begin your career through a graduate scheme or entry-level role in IT, cyber security or digital forensics. Some forensic computer analysts start in related roles such as IT support technician, network engineer or software developer before moving into digital investigations and cybercrime analysis.

You'll usually undertake professional training in areas such as digital forensics, incident response, mobile device analysis, data recovery and expert witness procedures, as well as the use of specialist forensic tools. You may work towards industry-recognised certifications and accreditations from organisations such as CREST and GIAC.

Continuing professional development (CPD) is important as cybercrime methods and technologies evolve rapidly. Professional bodies including BCS, The Chartered Institute for IT and the Chartered Institute of Information Security (CIISec) offer membership, training, events and networking opportunities to support your career development.

With experience, you could progress to senior analyst or management roles leading digital forensics or cyber security teams. Career progression is often influenced by your technical expertise, industry certifications, area of specialisation and willingness to relocate or travel. You may also move into related areas such as cyber security analysis, incident response or penetration testing, or become a self-employed cyber security consultant.