Computer forensics specialists in demand as hacking grows

[InfoSec News <isn () c4i org>]

http://seattletimes.nwsource.com/html/businesstechnology/134531230_forensics08.html

By Suzanne Monson
Special to The Seattle Times
September 08, 2002 

Dick Tracy had it easy. 

Today's real-life crime-fighters battle villains more sophisticated
than those the comic-book character ever faced — and these modern-day
crooks often set their sights on threatening business, government and
national security using computers.

That's why it takes more than a simple high-tech wristwatch to beat
computer crime. It takes cybersleuths — experts trained in Information
Systems (IS) security, or computer-program protection, and the more
advanced skills of computer forensics.

"There simply are not enough people to do this work," says Scott
Pancoast, a Seattle-based certified forensic computer examiner with
the Washington state Attorney General's Office.

One of just 180 forensics investigators certified worldwide by the
International Association of Computer Investigative Specialists,
Pancoast is among the 15 to 20 computer forensics examiners who work
in this state.

These "digital detectives" collect, preserve and analyze computer
evidence according to careful style so that it can be criminally
prosecuted.

Not only is demand for computer forensics investigators hot, but
several labor forecasts predict a shortfall of nearly 50,000 within
the IS security profession, too.

In police parlance, if computer forensics investigators are
detectives, then IS security experts are the patrol cops who protect
computers and network systems from high-tech safecrackers and vandals.  
Businesses, government and law-enforcement agencies all are
"scrambling" for such workers, says Lake Washington Technical College
dean Mike Potter.

That's why, Potter says, the Kirkland school is adding a two-year
computer forensics degree program to its existing three-quarter
computer/network security certificate program this fall; Eastside
police chiefs and local business leaders stressed the need.

No wonder. Cases of computer hacking and network viruses have
skyrocketed in the past 14 years. The number of computer/network
security incidents reported to the Carnegie Mellon Software
Engineering Institute has exploded from six in 1988 to more than
52,658 last year.

And increasingly, other cases involve the perpetrators using their
personal computers or the Internet to commit such crimes as
embezzlement, drug dealing and child pornography. That's the typical
workload facing computer forensics specialists such as Pancoast.

"When I tell people what I do, they often say, 'God, that must be
fun,' " says Pancoast. "I try to dispel that myth as much as possible.  
When you boil down the stories that we've seen, there are some great
ones. But often it's long hours with tedious and sometimes boring
work."

Pancoast recently was combing through "tidbits" on a computer hard
drive with more than 40 billion bytes. His job was to narrow the
search down to 2,000 bytes that might be important in building a
criminal case.

"It's like searching for a needle in a haystack," he says.

His meticulous work has been integral to prosecuting various cases
throughout the state, including the high-profile mail-order bride
murder case in Snohomish County earlier this year. With so few
computer forensic specialists in the state, counties and other
law-enforcement agencies around Washington often turn to him.

Computer forensics investigation, Pancoast says, is for people who
"gotta like law enforcement, are very curious and want to follow leads
when things just don't look right."

However, he warns, it's also a job that requires "mental toughness" to
deal with the darker, sometimes intensely graphic side of crime.  
Performing "exacting, detailed work" can mean the difference between a
conviction and a case being thrown out of court. Typically, computer
forensics specialists start out in law-enforcement and expand their
skills into cyber-sleuthing, says Lake Washington Technical College
computer forensics instructor Marvin Everest, who has about 30
students enrolled in his course. However, civilians with computer
forensic training may become qualified to work for law-enforcement and
government agencies, he believes.

Many of these high-tech civilians start out with slightly different
skills — IS security training that is more often employed in
businesses, protecting internal computer systems and external
networks.

Employers who are tired of "getting beat up by viruses and much more
sophisticated hackers," Potter says, are hiring security professionals
to protect them from bugs such as "Code Red" to the "I Love You"  
virus.

Network-security specialists must be able to think like hackers,
Potter says. In one class, students practice "intrusion detection" by
playing "good guy, bad guy," he adds. "One half of the class is trying
to break into the network, while the other half is using prevention
tools."

Several other local schools — including Bellevue Community College,
the University of Washington's Extension Continuing Education program
and ITT Technical Institute — offer training in IS security.

With advanced skills, security professionals are among the technology
industry's highest-paid workers, according to a recent survey by the
System Administration Networking and Security Institute.

Security consultants tended to earn the highest average at $79,395,
followed by security auditors at $71,404, security administrators at
$63,598, system administrators at $61,440 and at $58,399 a year,
network administrators.



FACTS For more information about the growing field of computer
forensics:

ITT Technical Institute: www.itt-tech.edu or 206-244-3300.

Lake Washington Technical College: www.lwtc.ctc.edu or 425-739-8100.

University of Washington Educational Outreach:  
www.outreach.washington.edu/ or 206-543-2320.

Certified Information Systems Security Professional: www.isc2.org or
888-333-4458.

Computer Technology Investigators Northwest: www.ctin.org.

High Technology Crime Investigation Association: www.htcia.org or
540.937.5019.

International Association of Computer Investigative Specialists:  
www.cops.org or 877-890-6130.

System Administration Networking and Security (SANS) Institute:  
www.sans.org or 866-570-9927.




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.