If you have good analytical skills you could forge a successful career as a forensic computer analyst, tracing the steps of cybercrime
Your role as a forensic computer analyst will be to investigate data breaches, security incidents and criminal activity. You could be working for the police or other law enforcement agencies, or for a specialist computer forensic company or investigative team.
Using a range of specialised methods and techniques, you'll retrieve and analyse data linked to a range of criminal activity, such as network intrusions, hacking, online fraud, political, industrial and commercial espionage, terrorist communication, theft of confidential information and the use of illegal images.
As a forensic computer analyst, you'll need to:
- use a range of forensic tools and software to extract and analyse data
- deal with highly sensitive or confidential data or images, depending on the type of case you are investigating
- secure a system or device so it cannot be tampered with
- recover damaged, deleted or access hidden, protected or encrypted files
- unlock digital images that are locked to hide the identity of a place or person
- examine data from mobile phones and satellite navigation systems to trace people or places
- follow electronic data trails to reveal links or communication between individual or groups
- collect information and evidence in a legally admissible way
- write technical reports based on your findings and, if required, give evidence in court as an expert witness
- present findings of on-going incidents to other members in the investigation team, law enforcement agencies and clients
- keep up to date with evolving cyber-crime methods and developments within the digital forensics field
- undergo security checks and vetting procedures
- work to relevant ISO accreditations.
- Typical starting salaries for forensic computer analysts range from £21,000 to £25,000 a year.
- With experience, you can earn £30,000 to £45,000 a year.
- Analysts can earn up to £80,000 in more senior roles.
Salary variations can occur according to the specific skill set you have, the region you're located in and the size and type of company you work for.
Gaining professional qualifications and certifications can help you to move up the salary scale.
Income figures are intended as a guide only.
Working hours generally range from 35 to 40 per week, although you will need to be flexible as exact hours will depend on the type of assignment or investigation you are working on.
Some organisations require 24/7 cover, with staff working on a call-out rota, allowing for fast responses to information and cyber security or criminal incidents.
What to expect
- Much of your work will be office or computer lab based but you will have situations where you will need to travel to off-site locations to visit clients, attend meetings or go to court.
- Digital forensic opportunities are available throughout the UK and internationally. Organisations and companies tend to be located in city or urban areas of England, Wales, Scotland and Northern Ireland.
- You may face restrictions on how much you are able to talk about your job outside work, particularly if you work in government, the Ministry of Defence or police departments. This is due to the sensitive nature of some of the information you may encounter. You might also have to view information and images that you find distressing.
- If you're involved in cyber forensics roles, you may be required to act as an expert witness and give evidence in court cases.
- Some roles require employees to be security cleared, so individuals with criminal records may be excluded from applying for these roles.
Although it's possible to enter this profession without a degree (by starting in an entry-level position or IT apprenticeship and working your way up), most recent entrants to the profession are graduates.
Some employers specify a degree or Masters in forensic computing, or related areas such as cyber security. Others, particularly larger organisations, may be more flexible and accept a range of computing, engineering or STEM-related subjects for graduate schemes in this field.
The following degree subjects may increase your chances:
- computer forensics
- cyber security
- computer science
- mathematics, physics and other STEM subjects
- network engineering
- networks security
You could also choose to undertake further study. The National Cyber Security Centre (NCSC) lists certified Masters' degrees in cyber security and closely related fields from a range of universities.
You'll need to have:
- a willingness to keep up to date with the latest forensic computing techniques, tools and software, such as FTK, EnCase, Cellebrite and XRY
- understanding of operating systems, e.g. Windows, Mac, iOS and Android
- excellent analytical and problem-solving skills
- patience and a methodical and well-organised approach to work
- an enquiring, investigative mindset with excellent attention to detail
- good written and verbal communication skills for reporting findings and conveying technical information to technical and non-technical people
- the ability to identify patterns or trends across large amounts of data
- an aptitude for working under pressure and to deadlines
- the ability to interact and communicate effectively with a range of people
- integrity and impartiality and be compliant with issues of confidentiality
- security clearance - this may be necessary if you have access to sensitive information.
The confidential nature of the work means it can be difficult to secure shadowing work or short-term work experience. You may be able to secure a summer internship or year-out placement in computer forensics, as these are available within a range of organisations.
Relevant work experience is a great way of gaining insight into this field and will enhance your future employment prospects.
Key employers include law enforcement agencies and computer forensic companies specialising in digital forensic investigations.
Any organisation or employer susceptible to security incidents and data breaches may offer opportunities in computer forensics.
There's a high demand for digital forensic professionals and career prospects are excellent for this area of work, particularly if you're willing to travel.
Several groups and initiatives such as the Women's Security Society, Fraud Women's Network and the Cyber Security Challenge - Women in Cyber are working towards closing the gender gap in cyber security.
There are a number of graduate schemes and entry-level opportunities across all sectors, including:
- financial service organisations - including banks and accountancy firms
- forensic computing companies and consultancies
- government agencies
- government departments - both national and regional
- government intelligence services - including GCHQ
- IT and telecommunications companies
- police forces and law enforcement agencies - such as the National Crime Agency (NCA)
- the public sector - including the health sector.
Look for job vacancies at:
The fast moving and constantly changing nature of cyber-crime means you'll need to keep up to date with the latest developments in your field and be prepared to learn new investigative methods and software.
Your employer may encourage and support you to undertake training and accreditation in forensic computing techniques, tools and software. This may include Forensic Analysis and Cell Site Analysis, FTK, Data Recovery, Expert Witness, Forensic Toolkit, Encase, XRY, Cellebrite, X-Ways and ISO 17025 and ISO 27001 accreditation.
There are a number of recognised industry-specific qualifications and certifications suitable for computer forensic professionals, including:
- GIAC Computer Forensic Certifications
- 7safe Digital Forensic Training
- ISC2 Certified Cyber Forensic Professional (CCFP)
- CREST professional qualifications
Professional bodies include the British Computer Society (BCS), CREST and the Institute of Information Security Professionals (IISP). Membership of these can aid your professional development throughout your career.
You can progress towards a senior analyst role and eventually become head of security. With experience, self-employment as a security consultant is also possible.
The Cyber Security Building is an excellent resource that outlines roles available at different stages from trainee through to more senior positions. Cyber Security Challenge UK also provides an overview of career development pathways and typical roles open to cyber sector professionals.
Alternative pathways could include a move into a different but related role, such as that of cyber security specialist or penetration tester.