Law Enforcement, Investigation and Forensics
One undeniable change in outlooks since Sept. 11 has been a heightened sensitivity to information security and cybercrime in the law enforcement community. Numerous information security certifications aim squarely at this community, along with civilian infosec professionals who may have to gather or analyze evidence related to alleged cyber-crimes should they occur on their watch.
In this general area of information security, it’s possible to identify two distinct areas of specialization. First, there’s the investigation side of things, which deals with securing crime scenes, gathering and labeling evidence and managing the activities of numerous specialists to create a legally acceptable chain of evidence that leads clearly from the deed to the courtroom. Second, there’s the forensics side of things, which deals with analyzing and understanding exactly what happened and how it happened. This information is every bit as important to determining how to prevent future occurrences or exploits in the future as it is to prosecuting alleged prior exploits or occurrences in court.
I can identify at least four certifications that touch on either or both of the areas of specialization:
- Certified Computer Crime Investigator (CCCI, Basic and Advanced)
The CCCI is intended for law enforcement and IT professionals who seek to concentrate on investigations. It comes in two versions: Basic and Advanced. The basic requirements are: two years of experience (or a college degree plus one year on the job), 18 months of investigations experience and 40 hours of computer crime training. In addition, candidates must document at least 10 cases they’ve investigated. Advanced requirements take experience to three years, four years of investigations, 80 hours of training and acting as a lead investigator in at least 20 document cases, with involvement in 60 cases overall. See High Tech Crime Network certifications online at www.htcn.org/changes.htm.
- Certified Computer Forensics Technician (CCFT Basic and Advanced)
The CCFT is intended for law enforcement and IT professionals who specialize in forensics. It also comes in two versions: Basic and Advanced. The basic requirements are: two years of experience (or a college degree plus one year one the job), 18 months of forensics experience and 40 hours of computer forensics training. In addition, candidates must document at least 10 cases they’ve investigated. Advanced requirements take experience to three years, four years of investigations, 80 hours of training and acting as a lead investigator in at least 20 cases, with involvement in 60 cases overall. See High Tech Crime Network certifications online at www.htcn.org/changes.htm.
- Computer Forensic Computer Examiner (CFCE)
The International Association of Computer Investigative Specialists (IACIS) offers this credential to law enforcement and industry professionals. Candidates must posses a broad knowledge of information security, plus training or experience in computer forensics, forensic procedures and standards and ethical, legal and privacy topics. Certification includes hands-on performance-based testing and a written exam. See Computer Forensic Certification online at www.cops.org/External%20Certification.htm.
- Professional Certified Investigator (PCI)
A senior certification from the American Society for Industrial Security, the PCI is for professional cyber-crime investigators. Beyond technical skills and knowledge, the PCI tests candidates’ knowledge of legal and evidentiary matters related to court presentations. Topics covered here include case management, collection of evidence and presenting cases. The PCI also requires seven to nine years of investigation experience, with at least three years in case management (a bachelor’s degree or higher counts for up to two years in this category) and a clean legal record. See ASIS International Certification online at www.asisonline.org/cppg/cppip.html.
For those working on the forensics side, either the CCFT or CFCE is a good credential to pursue. Those interested in working the investigations side should probably start with the CCCI and move into the PCI when they can meet its more stringent work experience requirements.
Ed Tittel is president of LANwrights Inc. and is contributing editor for Certification Magazine. Ed can be reached at email@example.com.