Content

It’s forensic tools time again

We are consistently amazed by how this category changes year to year. This year we are back, mostly, to the traditional computer forensics tools. Of course, we have the usual network provider, mobile device tools and case management.  But this year there are no new exotic entries. Perhaps this is because the market – and the field of cyber forensics – is changing rapidly and the tools are more than keeping up. In part because the quality of the tools is improving rapidly digital forensics, - especially computer forensics – is quickly becoming commoditized.

The path to, at least, moderate forensic skills is shortening materially. Cyber forensic specialists are not in as great demand partly because the demand is being satisfied and partly because the job of digital forensic incident response (DFIR) is subsuming the people who know how to do cyber forensic investigations and DFIR. More important, perhaps, is that this trend is being supported by training and certifications from private sector training organizations and university education, most of which is preparing students – especially at the graduate level - for supervisory roles.

So great is the competition for training and certification at commercial level training organizations that non-profit powerhouses such as (ISC)2 have abandoned the forensics market to them. Recently (ISC)2 announced that it was abandoning the CCFP (Certified Cyber Forensics Professional) certification, the only such certification in the world that requires either significant experience (six years) or a university degree. Having been involved in the development of that certification from the concept through implementation, we obviously don't agree with that decision.

However, it is a sign of the times that many aspiring (hype/silly term alert) “forensicators” want – and often get – the shortest path to a job in the field. The good news is that, as this month's lineup shows clearly, the tools are becoming so competent that the entry-level practitioners will, we hope, catch up eventually. The news may not be all good for these newcomers, though.

Not many years ago a good entry-level digital forensics engineer could get a high 5-figure or low 6-figure job right out of university.  Today those high salaries are a thing of the past. According to the website www.payscale.com the median salary for a forensic computer analyst is $68,431.  The range is from $40K-$97K for entry level to $54.5K-$151K for experienced engineers.

First-rate, experienced engineers with some DFIR experience still make top dollar, though. The unfortunate thing is that while we are awash with moderately-trained and questionably-certified entry-level practitioners the top-tier is struggling for lack of candidates with substantial experience and training.

There is not a tool in this month's collection that we have not used in production for several – sometimes, many – years. The improvements are not obvious on the outside except for one tool that did a complete makeover a few years back. The advent of HTML5 has not been an obvious player in the forensic tool field yet, but we're pretty sure that it will.  There are lots of advantages to that user interface. However, the improvements inside have more than kept up with the demands of new technologies, the need for more efficiency and the proliferation of a moderately trained and largely inexperienced entry-level workforce.

So, with all of that said – or written – it's time to move on to the main event: the tools.  We have an excellent crop of players. And, of course, we remind you of an important concept: it is far better to have multiple tools that do approximately the same thing in the lab so even apparent competitors can live side-by-side to good benefit.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.