Job Training for Computer Forensics

What PC Forensics Is

• The study and practice of PC forensics follows the same principles as general forensic science in that it is designed to find and secure factual evidence within computers and related storage accessories. This field is also referred to as digital forensics in some corners.

  The intent of PC forensics is not just to find specific data, but to also record and explain how it exists and was created. This can be a file, a disk, an image, a computer, a data stream, and much more. At its most simplistic level PC forensics practices asking what data is sitting on a particular technology. The more complex review involves not just identifying the information but also explaining how it was created and recorded from a historical perspective. This aspect becomes extremely valuable in investigations.

Basic Training Format

• The fundamental training material will focus on the personal computer (PC) platform drive protocols known as FAT and NTSF. These file systems command the creation, storage, relocation, structure, and deletion of data on hard drives. They are also the foundation for the commonly used Microsoft Windows operating software and various peripherals and accessories (hard drives, cell phone memory, camera card storage, flash drives, disks, etc.).

  Further training will educate students on remaining neutral in their practice and research. Too often, much like statistics, information can be biased when reported to an audience. The strength of PC forensics and general forensics is to show, beyond doubt, that the data and information recovered exists un-tampered and in the state it was last created and used in.

Advanced PC Forensics Training

• After a basic understanding is established in students' understanding of file systems and operating systems, many training programs apply the theory into practice. Courses will include practice recovery exercises of varying difficulty and degree to reinforce principles and approaches of PC forensics.

  This practical approach will be coupled with correct protocol and standards of documentation. The recording of findings and what exists on system analyzed again is also critical because, again, it needs to be above criticism and reproach to be usable in business security, litigation, and law enforcement.

Preparing for a Defense

• Not offered in wide availability but a good course option to take advantage of if it does exist is an elective in defending one's finding and research. A good course design will cover in a practice setting what it is like to be in a deposition or mock court setting defending research. Too often this valuable experience is earned the hard way in the real life setting and related mistakes are only learned after the fact when good research is thrown out as weak or unusable.

Career Opportunities from PC Forensics Training

• The career potential for PC forensics will only continue to grow. As the world continues to migrate towards more and more use of computer technology down to the daily task level, the need to capture and recover targeted data becomes more and more integral to investigations and security. Digital phone records, mobile texting records, files, deleted information, and data traffic history all become very useful to convincing juries and businesses how to react to problems and cases correctly.