Become a Cyber Forensic Investigator (Beginners Roadmap 2024)

00:00

I will explain to you how to become a

00:02

cyber forensic investigator even if you

00:04

don't have any experience or any degree

00:06

but first it's important to understand

00:09

the scope of what a cyber forensic

00:10

investigator does as the job can vary

00:13

between organizations therefore it's

00:15

important to be clear on the duties of

00:18

the Cyber forensic investigator so you

00:20

can build the right skills that you need

00:22

to become a cyber forensic investigator

00:24

a sa forensic investigator can work in

00:26

the private sector so they could work in

00:28

a bank or an insurance company but they

00:31

can also work in law enforcement so they

00:33

could be in a local police station or

00:36

even at the federal level the job can be

00:39

very exciting but at times it can also

00:41

be a little bit dark and I will explain

00:43

to you why later in the video but having

00:45

said that you can get paid really well

00:47

doing this role and there is certainly

00:49

demand within law enforcement but also

00:51

in the broader industry this is a highly

00:54

technical role where you will be

00:56

conducting a technical forensic analysis

00:58

but I will give you a step by bystep

01:00

road map to get you to build the right

01:02

skills so you can become a cyber

01:03

forensic investigator even if you have

01:05

zero technical skills or a degree in the

01:07

cheapest and fastest way possible we're

01:10

going to make some Gatekeepers cry with

01:12

this one let's get into it the main

01:14

issue with digital forensics or cyber

01:15

forensic is that 99.9% of people don't

01:19

actually know what a cyber forensic

01:21

investigator does this includes

01:22

individuals who work in it like Network

01:24

engineers and health desk professional

01:26

even some people who work in cyber

01:28

security don't seem to have a solid

01:30

understanding on what exactly a cyber

01:32

forensic investigator is supposed to do

01:34

it's one of those seemingly mythical

01:36

jobs that you may have heard about but

01:38

you're not 100% certain what it entails

01:40

and I don't blame you in the cyber

01:42

security World job titles are an

01:44

absolute mess someone could have the

01:46

title of a cyber analyst but their

01:48

day-to-day Duties are essentially cyber

01:50

forensic investigations I've seen this a

01:53

lot in the industry so it's perfectly

01:54

normal to be confused now to simplify it

01:57

we first need to understand the

01:58

relationship between incident response

02:00

and digital forensics they're usually

02:02

lumped together you may have come across

02:04

the term DFI which really stands for

02:06

digital forensics and incident response

02:09

they are two completely different roles

02:10

but they can also be performed as one

02:12

role in incident response we follow a

02:14

certain mythology and a procedure to

02:16

detect a cyber incident analyze a cyber

02:18

incident and respond to it now as part

02:20

of our response to an a cyber incident

02:23

we may or may not perform digital

02:25

forensic analysis for example if a

02:27

company got hacked and the cyber

02:29

security profession are trying to stop

02:30

this hack or they're trying to analyze

02:32

and see what happens to maybe contain

02:34

this attack and prevent it from

02:36

happening again a cyber security

02:37

professional should perform forensic

02:39

analysis to look inside the hard drive

02:41

to see how did this attack happen so we

02:43

can look for certain Tim stamps we can

02:45

look for certain files that were

02:47

accessed or we can look for certain

02:48

signatures this analysis is referred to

02:51

as forensic analysis now the analysis

02:53

can happen in a hard drive but it can

02:54

also happen in memory or in a USB stick

02:57

it can also happen in things like a

02:59

mobile phone or a Cloud Server have even

03:02

recently been involved in an

03:03

investigation on a Tesla electric car so

03:05

the scope of a cyber forensic investigat

03:08

can be really broad now performing a

03:09

forensic analysis as part of incident

03:11

response that can be one category of

03:13

forensic analysis the other broad

03:15

category is also doing it in law

03:17

enforcement so as part of a criminal

03:19

investigation you can be part of an

03:21

electronic crime unit you analyze

03:23

devices that are part of an ongoing

03:25

investigation or perhaps you need to

03:27

look into the mobile phone of a suspect

03:29

or you can analyze hard drives to see if

03:31

they contain anything illegal the

03:33

outcome of your investigation can

03:35

influence and even determine whether

03:37

someone gets a jail sentence so it's a

03:39

pretty serious job now one of the main

03:41

reasons why cyber forensic investigation

03:43

can be a confusing job title is as I've

03:46

explained earlier there is a difference

03:47

between performing it within law

03:49

enforcement or within the civilian World

03:51

unfortunately TV shows and movies

03:53

whenever they highlight cyber forensic

03:54

investigations it's almost always within

03:57

law enforcement because it's a little

03:58

bit more exciting and and it can make

04:00

for a good TV show so shows like CSI

04:02

Miami is entirely based on Cyber

04:04

forensics now within law enforcement you

04:06

will be analyzing hard drives or web

04:09

browsers or mobile phones that are part

04:11

of a criminal investigation now

04:12

unfortunately a significant part of

04:14

doing cyber forensic analysis within law

04:17

enforcement could involve the

04:18

investigator looking at illegal material

04:21

but some of that material can contain

04:23

explicit material that could be very

04:24

distressing in fact someone I know

04:26

closely have spent significant amount of

04:28

money and train tring to become a saop

04:30

forensic investigator but then he was

04:32

hired to work at a local police station

04:34

unfortunately he only lasted for 6

04:36

months because he simply couldn't handle

04:38

looking at explicit material you may

04:40

think you're tough but trust me you

04:42

don't know what you don't know so this

04:44

is something that you need to be aware

04:46

of as you're trying to become a cyber

04:47

forensic investigator within law

04:49

enforcement but the good news is the

04:50

skills that you learn can definitely be

04:52

useful outside of law enforcement so you

04:54

could be working as a cyber forensic

04:56

investigator within a cyber security

04:58

Operation Center or within a consulting

05:00

firm where your investigation is part of

05:03

responding to cyber incidents where you

05:04

try to stop cyber attacks or contain

05:06

cyber attacks or even perform what we

05:09

refer to as post compromise analysis

05:11

where you perform analysis after the

05:13

hack has happened to determine what

05:15

happened but also the organizations can

05:17

have some lessons so they can prevent

05:19

this from happening again now if you're

05:20

watching this video then you are

05:22

passionate about this type of work and

05:24

you want to build your skills in the

05:26

area of cyber criminal investigation I

05:28

will show you how to get hired both in

05:30

the civilian world and in law

05:32

enforcement later in this video but

05:33

before we continue a word from our

05:35

sponsor Ora are you tired of receiving

05:38

those spam calls from unknown numbers

05:40

all day I know I am luckily today's

05:42

sponsor Aura can help data Brokers are

05:44

making a fortune selling your

05:45

informations to spammers these Brokers

05:48

are legally required to remove your

05:50

information if you ask them but they

05:51

make it very difficult to do so but

05:53

that's where Aura comes in Aura can

05:55

identify the data broker giving out your

05:58

information and submits opt out requests

06:00

on your behalf you can try Aura for free

06:02

for 2 weeks using my link aura.com Unix

06:05

guu they also have many other features

06:07

that protect you and your family from

06:09

online threats that you can't see and

06:11

it's really easy to set up instead of

06:12

having multiple different apps to get

06:14

things like antivirus VPN parental

06:17

controls password management identity

06:19

theft and more Aura has them all in one

06:21

place and you get everything at one

06:23

affordable price you can either let

06:25

those data Brokers keep profiting off of

06:27

your personal data or you can go to

06:29

aa.com Unix guu today to start your 2E

06:32

free trial and I'll also leave a link to

06:34

it in the description box below and back

06:36

to the video as you may have guessed

06:37

cyber forensics or digital forensics is

06:40

a highly technical role but as promised

06:42

I will show you how to get there if

06:43

you're already working in it so you

06:45

could have some programming skills or

06:47

networking skills or you could be

06:49

working in help disk but this will also

06:51

apply to you if you're a university

06:52

student or if you work in a completely

06:54

different domain like marketing or

06:56

nursing or physical security for example

06:58

so first first things first the first

07:00

course that I want you to start with is

07:02

from RIT University hosted on the edex

07:05

platform it's called computer forensics

07:07

this will be our starting point but just

07:10

be mindful that this course has a

07:11

prerequisite so RIT recommend that you

07:13

do their own course as a prerequisite I

07:16

personally don't recommend that you do

07:17

that prerequisite instead I want you to

07:19

do the Google cyber security first

07:21

because it will give you everything that

07:23

you need to go through this computer

07:25

forensic course especially the Linux

07:27

skills that you will need to go through

07:28

that course so if you have no technical

07:30

background then do the Google cber

07:32

security first then do this RIT course

07:34

doing both of these courses you will

07:36

have the necessary technical skills to

07:38

begin your journey in digital forensics

07:40

I covered the Google cyber security

07:41

certificate in detail in this video so

07:43

please check it out now once you finish

07:45

both courses then the next step will be

07:47

to build in-depth digital forensic

07:49

skills now to perform forensic analysis

07:51

this will be as part of an investigation

07:54

or as part of responding to cyber

07:56

incident so you will be analyzing a lot

07:58

of hard drives you will need to retrieve

08:00

data that's either deleted or hidden but

08:02

things will get a little bit complicated

08:04

because things can vary significantly

08:06

between different operating systems so

08:08

you may need to use different techniques

08:10

based on which version of Windows that

08:12

you're dealing with or maybe you're

08:13

dealing with Mac OS or Linux and things

08:15

can be entirely different if you're

08:17

trying to retrieve information from a

08:19

mobile phone now you don't need to learn

08:21

everything at once in the beginning but

08:23

at minimum you need to be competent with

08:25

retrieving information from hard drives

08:28

in the Windows operating system system

08:29

this is the bare minimum that can get

08:31

you a job in digital forensics later on

08:33

you can add skills for mobile phones or

08:36

iot devices or Cloud servers to expand

08:38

your skills later now the good news is

08:40

there is a beginner friendly course that

08:42

you can do after the RIT course and the

08:44

Google Saba security certificate where

08:46

you can develop this skill and more the

08:49

course is from The infosec Institute

08:51

it's called computer forensic

08:52

specialization it consists of three

08:55

course series the first one is digital

08:57

forensics concept here you will get your

08:59

introduction to the world of digital

09:01

forensics you will understand the r and

09:03

responsibilities of the forensic

09:04

examiner or the forensic investigator

09:06

you will also get to learn the

09:08

methodology that we use in digital

09:09

forensics and you'll get to prepare a

09:11

forensic workstation the second course

09:13

is about the legal consideration for

09:15

digital forensics you will get

09:17

introduced to some of the laws and

09:18

regulations around digital forensics but

09:20

you'll also learn a little bit about the

09:22

chain of custody and how to deal with

09:24

evidence within digital forensics then

09:26

you will go through the investigation

09:27

process and you will learn how to

09:29

collect digital evidence and how to

09:31

store the evidence securely because

09:33

remember this is a highly critical role

09:35

the outcome of your investigation can

09:36

determine the outcome of criminal

09:38

charges so evidence handling is an

09:40

extremely important part of this process

09:42

and at the end of it there is a digital

09:44

forensics project where you get to apply

09:46

everything that you've learned in a lab

09:48

environment digital forensics is a

09:49

practical Hands-On practice you need to

09:51

practice everything that you learn this

09:53

is not a theoretical field you can't

09:55

multiple choice your way out of digital

09:57

forensics now the next C goes through

09:59

Windows OS forensics as I said knowing

10:02

the windows OS is the bare minimum that

10:04

you need to become a digital forensic

10:06

investigator this is an assumed skill

10:08

everyone expects you to know it later on

10:10

you can learn more about the Mac OS and

10:12

other operating systems but at minimum

10:14

Windows OS is a nonnegotiable so here

10:16

you'll learn about the different file

10:18

systems within the windows OS the fat

10:20

file system the NTFS file system and

10:22

you'll even get to perform forensics

10:24

within the Windows registry files this

10:26

is an in-depth look at the windows OS

10:28

and as you will discover in the course

10:30

there is a lot to be learned in this

10:32

area so it's definitely not a small area

10:34

the final course is a deep dive within

10:37

the Windows registry files it is an

10:39

ocean and there is so much that you need

10:41

to learn as a cyber forensic

10:42

investigator so as you can see you will

10:44

go through different types of files and

10:46

different types of software and you'll

10:48

get to apply everything in a lab

10:49

environment after you finish this course

10:52

you will have the necessary skills that

10:53

can get you a role as a cyber forensic

10:55

investigator but as you will see this is

10:58

a highly technical area so you may

11:00

forget things or you may feel

11:01

overwhelmed this is where we need to

11:03

learn from different resources so the

11:05

next course that I want you to do is

11:06

from INE which is the certified digital

11:09

forensics professional this is a

11:11

fantastic Hands-On practical

11:12

certification where you'll get to review

11:14

some of the concepts that you've already

11:16

learned but you'll also get introduced

11:17

to even more Concepts and you will get

11:19

to perform this all in a Hands-On lab

11:21

and if you're competent enough you can

11:23

pass the certification and have more

11:25

digital forensic qualifications on your

11:27

CV but also on your LinkedIn profile now

11:29

we can't really talk about digital

11:31

forensics without mentioning the Sans

11:33

Institute a few years ago we didn't

11:35

really have many options for Saba

11:37

security training especially for digital

11:38

forensics training the Sans Institute

11:41

was the only Institute that provided us

11:43

with cyber forensics training the two

11:45

most popular certifications were the

11:47

jaak certified forensic examiner and the

11:49

jaak certified forensic analyst I have

11:52

done the gcfa and to this day it's one

11:54

of my favorite certifications to do as

11:56

you may be aware Sans training is

11:58

extremely high quality but unfortunately

12:00

it's very expensive but there is a nice

12:02

affordable way to do it which is through

12:04

the work study program so follow this

12:06

URL and then go apply to the Sans work

12:09

study program this will enable you to do

12:11

the training as an assistant where you

12:13

help out Sans to run their training you

12:15

help them out with some administrative

12:16

work and this way you get to do the

12:18

training and the certification for a

12:19

fraction of the price I highly recommend

12:21

you apply there especially for their

12:23

forensics courses because they will

12:25

teach you a lot another great training

12:27

option for digital forensics is from two

12:29

of my favorite companies which is try

12:31

hack me and hack the Box they are both

12:33

practical Hands-On training platform

12:35

both of them offer really nice digital

12:37

forensics upscaling modules so try

12:39

hackme has digital forensics and

12:41

incident response training which is

12:43

really good you get exposed to a lot of

12:45

tools and you can practice them in a

12:46

Hands-On lab again this will strengthen

12:48

your skills but it will also give you

12:50

more chance to practice so you don't

12:51

feel lost and you don't feel like you're

12:53

forgetting things hack the Box have a

12:55

new series called the Sherlocks where

12:57

you do a series of challenges that are

12:59

based on digital forensics I'll leave a

13:00

link to both in the description box

13:02

below so you can check them out now as

13:03

far as getting hired is concerned there

13:05

is a difference between Landing a cyber

13:07

forensic stroll within law enforcement

13:09

versus within the civilian world within

13:11

law enforcement you can actually start

13:13

as a police officer and then get

13:15

transferred to the electronic crimes

13:16

unit this is a great option because

13:18

usually the agency or the police station

13:20

that hired you will pay for all of your

13:22

training but I don't want you to limit

13:24

yourself to that I remember I had a

13:26

career mentorship with an individual who

13:28

worked at a police station and he told

13:29

me that he's unable to transfer to the

13:31

electronic crimes unit in his station

13:33

because his boss didn't want to so my

13:35

recommendation to him was try in

13:37

different stations try in different law

13:39

enforcement agencies law enforcement

13:41

will always have a preference for ex law

13:43

enforcement officers if you already have

13:44

law enforcement experience then you are

13:46

a perfect candidate to perform this role

13:48

because you understand the culture and

13:50

you understand the stress and the way

13:51

that law enforcement functions more than

13:53

someone who is a civilian so this is a

13:55

great trout for anyone who works in the

13:57

military or in the police Poli I highly

13:59

recommend that Avenue now as a civilian

14:01

if you want to land one of those roles

14:03

in law enforcement then you will need to

14:04

do the training courses that I recommend

14:06

before you can land one of those roles

14:08

now as far as civilian jobs are

14:10

concerned the biggest mistake that I see

14:12

individuals make when they want to land

14:13

a digital forensic role is that they

14:15

restrict themselves to just forensic

14:17

roles as I said in the beginning of the

14:19

video titles in cyber security are an

14:22

absolute mess so when you do a job

14:24

search I want you to type the word

14:26

digital forensics but I also want you to

14:28

try and type the keyword cyber and just

14:30

look through all the job because

14:31

sometimes the job may include digital

14:33

forensics task but it can also be a

14:35

broader cyber security job so digital

14:37

forensics can be part of the job but not

14:39

the entire job so this is an important

14:42

aspect to consider the other important

14:44

aspect to consider is appli to Sock

14:46

analyst roles working as part of a

14:48

security Operation Center you will get

14:50

an opportunity to perform some digital

14:52

forensic activities it may not be the

14:54

entire role but as part of your job in a

14:57

security Operation Center you can and

14:58

get that exposure to get some hands-on

15:00

experience with digital forensics which

15:02

can later on lead you to Landing a

15:04

full-time cyber forensics investigator

15:06

so that's definitely a great role the

15:08

other option that you can look into is

15:10

incident response as I explained in the

15:11

beginning of this video digital forensic

15:13

can be part of incident response so a

15:15

digital forensic incident response Ro is

15:18

a perfect Ro where you get to apply

15:20

those skills but you can also learn a

15:21

little bit more about digital forensics

15:23

this is a fantastic role by ment which

15:25

is now owned by Google where you get to

15:28

respond to incidents but you also get to

15:30

perform cyber forensic investigations

15:32

now one word of caution when it comes to

15:34

cyber forensics is that the last thing I

15:36

want you to do is to restrict yourself

15:38

to just digital forensics job think of

15:40

yourself as a cyber security

15:41

professional who have digital forensic

15:43

skills so the job may or may not be a

15:46

full-time cyber forensic investigation

15:48

so for that I recommend that you grow

15:50

your general cyber security skills

15:52

especially your blue team or cyber

15:54

analyst skills and the best way to do

15:56

that is through Hands-On practical

15:58

training and certification like the one

16:00

I recommend in this video so I highly

16:01

recommend you check it out and I'll see

16:03

you there