Ever thought about working in digital forensics? As part of out regular Get a job series on security careers, SC asked some prominent Australian forensics professionals about how to get into their industry and what it takes to succeed.
Forensics is a diverse area of information security. Professionals in the field are digital detectives who can subvert security systems, follow complex data trails and prepare evidence that can sway the outcome of high-profile court cases. They work in a tight, close-knit industry and often collaborate to unravel crime.
Why you want it
"It's a chance to delve under the bonnet," says Rod McKemmish, partner at PPB Advisory. "If you like finding out how things work, how computers and humans tick, then it is a great job." McKemmish was a beat-cop who some two decades ago entered the the burgeoning industry as a founder of the Victorian Police forensics division, one of the first of its kind in the country.
It is common for forensics officers to have a background in policing, in sworn or civilian roles. Those with law enforcement experience are well-placed to snap up a senior position in the burgeoning industry that is in need of talent.
Those working in the private sector may work with police to crack data breach cases, or to gain the required authorisation to obtain evidence.
Patrick Dunne, senior manger of forensic evidence services at the Australian Securities and Investments Commission (ASIC), kicked off his career in a state police service in 1997 when as a Unix and Oracle administrator he was sent to one of the world's first computer forensics courses, conducted by a Canadian law enforcement agency.
"There was no Encase or FTK in those days - we used a disk editor to view data," he says. Now Dunne's teams investigate cases involving Terabytes of data and troves of new and legacy file formats. All of this must be decoded within often tight court deadlines so ASIC's lawyers and investigators are sufficiently resourced to battle what Dunne says are often well-resourced businesses and individuals.
His work at the securities watchdog is satisfying stuff. "The work we do helps to promote a stronger and fairer marketplace and as such is vital to the community," he says. His staff are distributed across the country and collaborate via weekly video and audio team meetings.
Shane Bell, director of forensic technology at McGrathNicol, got his start in the industry as an officer for eight years in the Australian Navy before working for a further six years in private sector forensics. He also loves the job.
"It can be very interesting and very engaging. Each matter is different and you get a chance to explore new technologies as well as master the old stuff," he says. "At the moment we are assisting with some very complex large scale electronic discovery matters and who knows, maybe next week we will be out on a search warrant or an Anton Piller order, or being called to give evidence in court as an IT forensic expert witness, or even assisting in uncovering a large fraud."
One professional speaking on the condition of anonymity is a forensics officer of eight years with a Federal Government agency. M.K, not his real name, cracks fraud cases and regularly accompanies Australian Federal Police on search warrant raids against suspected fraudsters. He has worked in the tech sector for about 15 years.
"Data carving and searching for evidence is the fun bit," M.K says. "But this is only a small percentage of the overall job." When M.K isn't digging for data on mobile phones, computers and thumb drives, he is presenting statements and reports for court-admissible evidence.
M.K started his career as a police offer and like many still has the heart of a cop: he hates crime, is methodical, and down-to-earth. And he hates the beaten-up glossy image of the trade as it is portrayed in Hollywood cop flicks. "It's nothing like CSI. That show really gives me the sh*ts, and it sometimes attracts d**kheads to our industry," he says.
Forensics demands an analytical mind, and a respect for due process. Professionals are unswerving followers of the creed of continuity of evidence, meaning they produce detailed documentation about the steps in investigations that could take days, or many months.
But McKemmish thrives in this pool of paperwork. He sees it as an opportunity to present complex technological processes as a story readable by laymen and lawmakers. One prominent case was so successfully prosecuted on what he says were grounds of solid book work that he did not need to give evidence in court and the case was quickly closed.
Most forensics professionals at a senior level have given evidence in court more times than they can remember. It's a stressful environment but one that M.K enjoys as a place to test his skills.
"Any nerd can find evidence on a computer. But being able to present that in court in admissible fashion, being able to handle yourself in the witness box against other experts and lawyers, that's where your skills come in."
Courtroom duels is also where McKemmish gets a thrill.
"I like the civil matters, exchanging reports, having conferences, and the intellectual sparring before you get in the witness box."
They also travel, a lot. "I've seen the world," McKemmish says.
Over the page: Drawbacks, cash and how to nail the job.