Home » Specialties » Digital or Computer Forensics Investigator

How to become a digital forensics investigator and fight cybercrime

Learn about a forensics career that gets more important every day.

woman examines computer internal drive for clues

What do digital and computer forensic experts do?

Computer and digital forensics is the use of analytical and investigative techniques to identify, collect and examine magnetically stored or encoded evidence.

The job of a computer—also called digital—forensic investigator is to dive into an infected or compromised program or software to learn about a digital breach or a hack. They specialize in recovering data from computers used in criminal or corporate breach investigations. Their primary goal is to help law enforcement investigators recover data and trace the source of the breach. They work closely with police, investigators and law enforcement officials to provide the evidence they’ll need to arrest hackers and cyber criminals.

Job duties

The first step in many computer or digital forensics projects is to make an exact duplicate of a hard drive and then run tests on the copy to get as much evidence from it as possible. This often involves retrieving deleted or encrypted documents. Computer forensics experts often find this the most challenging and fun part of their job. They also work on cell phones, tablets and cameras, or any other source of compromised digital information.

Computer forensic experts work in a variety of places including police departments, local and federal government agencies, prosecutors’ offices, law firms, accounting firms, identity protection agencies, banks and other financial institutions and insurance companies. They may also work as contractors and hire their services out to private companies and agencies.

Daily tasks

In a day’s work, they’ll perform such tasks as:

  • Gathering evidence 
  • Recovering and reconstructing data from damaged or erased hard drives 
  • Using forensic software to collect and analyze electronic data 
  • Writing investigative reports 
  • Reporting findings to law enforcement
  • Providing expert testimony about digital evidence 
  • Identifying system vulnerabilities 
  • Evaluating the breadth of a cyberattack

4 steps to become a digital forensic expert

Earn your bachelor’s degree.

man working as tech support on phone

You’ll have some options to consider once you enroll in school. You can earn a bachelor’s in computer science for example and get a broader education in such areas as computer programming, information systems and networks, or you can hone your focus exclusively on cybersecurity essentials such as information security and security systems.

Gain experience.

woman photographs infected computer keyboard

With a bachelor’s degree you can work in an entry-level role that will give you a solid foundation in IT, systems engineering and support services. This experience will come to good use once you complete a master’s program in your chosen digital and computer forensics area of specialty.

Earn your master’s.

digital forensic investigators head to court to testify

Master’s degrees in cybersecurity are becoming more common and this is where you’ll want to study your options, decide which areas of forensics interest you and specialize. Some of the cybersecurity areas to consider are digital forensics, cyber forensics and computer forensics.

Consider professional certification.

man looking at tablet for hacks

You’ll want to continue to advance and grow in your career, so you might want to consider earning a professional certification (or two). Some employers may require you to earn certifications, which may contribute to your value to your company as well as expanding your skillset.

Computer forensics education, certification and licensure

Most computer forensics investigators learn their trade while working for a law enforcement agency, either as a police officer or a civilian computer forensics expert. Some go into law enforcement specifically to get this training and establish a reputation before moving to the private sector.

To get computer forensics training outside of law enforcement, a computer science, cybersecurity or accounting degree is a good place to start. A computer science degree gives you the technical skills needed, and an accounting degree provides good background knowledge for investigating financial fraud. More and more colleges and universities are offering bachelor’s or master’s degrees in computer forensics.

Because of the growing popularity of this field, many schools now offer bootcamps and certificate programs in computer forensics. These short duration, intensely focused programs are for law enforcement officers, paralegals or others already finished with a degree program, working in a related field and/or involved in investigative work.

Professional certifications

Because they work with rapidly evolving technologies, computer forensics experts never stop training. They continually learn about the latest software programs, operating systems and methods of fraud detection by attending conferences and taking additional computer forensics courses. Professional certifications, such as the ones listed below, are also a great way to advance or expand your knowledge once you’re already working in the field.

Some professional certifications to consider include:

  • Certified Computer Examiner (CCE)
  • EnCase Certified Examiner (EnCE)
  • GIAC Certified Forensic Analyst (GCFA)
  • GIAC Certified Forensic Examiner (GCFE)
  • GIAC Network Forensic Analyst (GNFA)
  • Certified information Privacy Professional (CIPP)
  • Computer Hacking Forensic Investigator

There are no licenses specifically for computer forensic investigators, but some states, such as Texas, require them to be licensed private investigators.

What skills should a computer forensics investigator have?

A computer forensic investigator should have thorough knowledge of the law and legalities so they can observe proper evidence custody and control procedures. They should be able to document evidence accurately so that it can be presented at trial.  


Employers look for digital forensic investigators who have knowledge of data analysis, computers, forensic science and legal procedures. There are also specific skills and job-knowledge that a digital forensic investigator needs:

  • Knowledge in investigative process and procedure
  • Understanding of criminal law and cybersecurity
  • Statistics/data and math skills
  • Tech savviness
  • Knowledge of common programming languages
  • Detail-oriented
  • Experience with penetration testing and professional hacking
  • Excellent verbal and written reporting skills 

What types of tools do computer forensic investigators use?

Tools for digital forensic investigators get more sophisticated by the day—and it’s easy to see why. To catch cyber thieves, an investigator’s tools need to be at least as complex and savvy as the cybercriminal’s. According to Lifars Securityscorecard, many of today’s tools are “wrappers” or one toolkit that contains hundreds of technologies with different functions. Though there are hundreds open source and proprietary sets of tools and applications out there, here are just a couple of examples of state-of-the-art applications and tools used on the job:

Autopsy:
Autopsy helps a forensic investigator to gain an understanding of what happened on a phone or computer. There are different modules that can perform a timeline analysis, do hash filtering, recover deleted files and find indications of compromise among other things.
Microsoft COFEE:
COFEE stands for “Computer Online Forensic Evidence Extractor” and it is a forensic kit that extracts evidence from Windows-specific computers. Developed by a former Hong Kong police officer turned Microsoft executive, COFEE acts as an automated forensic tool during a live analysis.
Computer Aided Investigative Environment:
Assists investigators in the four stages of investigation: preservation, collection, examination and analysis.
EnCase:
EnCase is the premiere pioneer tool used in forensic cyber investigations. It helps investigators find evidence to testify in criminal investigation cases involving cybersecurity breaches by recovering evidence and analyzing files on hard drives and mobile devices.

Median annual salaries

According to the 2022 U.S. Bureau of Labor Statistics Occupational Employment Statistics, computer forensics experts working as private investigators and detectives earn a median annual salary of $52,120. Information security analysts on the other hand, earn a healthy $112,000 annually.

If you practice computer forensics for a police department, your salary will depend on your rank and seniority. The median annual salary for police and sheriffs is $65,790, while forensic scientists earned a median annual salary of $63,740.

Here are salaries for information security analysts and forensic scientists by state:

Information Security Analysts

National data

Median Salary: $112,000

Projected job growth: 31.5%

10th Percentile: $66,010

25th Percentile: $85,270

75th Percentile: $141,130

90th Percentile: $174,540

Projected job growth: 31.5%

State data

State Median Salary Bottom 10% Top 10%
Alabama $105,180 $53,680 $165,980
Alaska $93,960 $68,220 $141,470
Arizona $106,360 $60,110 $158,300
Arkansas $83,370 $47,300 $135,280
California $134,830 $72,590 $203,110
Colorado $109,610 $64,240 $172,420
Connecticut $119,270 $84,190 $162,960
Delaware $127,670 $85,910 $174,690
District of Columbia $123,140 $84,300 $177,240
Florida $106,440 $63,710 $164,920
Georgia $117,020 $70,730 $168,580
Hawaii $107,060 $64,810 $174,350
Idaho $103,450 $54,840 $148,460
Illinois $108,510 $64,180 $161,250
Indiana $85,190 $49,740 $132,210
Iowa $104,750 $52,930 N/A
Kansas $96,960 $60,320 $128,850
Kentucky $88,820 $43,800 $156,000
Louisiana $85,580 $56,380 $129,640
Maine $85,300 $60,310 $124,650
Maryland $131,260 $74,930 $203,470
Massachusetts $113,610 $64,610 $173,290
Michigan $98,620 $55,030 $155,930
Minnesota $109,760 $71,920 $158,940
Mississippi $81,140 $50,110 $131,990
Missouri $84,140 $40,100 $133,330
Montana $81,080 $51,990 $159,630
Nebraska $96,050 $61,670 $133,050
Nevada $95,710 $64,250 $161,590
New Hampshire $133,680 $82,220 $189,750
New Jersey $130,210 $82,900 $173,310
New Mexico $123,240 $70,220 $165,170
New York $133,100 $76,450 $215,550
North Carolina $117,860 $76,100 $175,320
North Dakota $84,900 $50,220 $130,850
Ohio $103,470 $60,060 $155,900
Oklahoma $95,360 $54,020 $139,680
Oregon $119,990 $66,590 $172,380
Pennsylvania $99,200 $49,220 $148,170
Rhode Island $104,200 $71,840 $164,470
South Carolina $105,000 $56,620 $139,750
South Dakota $101,130 $70,400 $129,790
Tennessee $95,740 $62,240 $164,810
Texas $110,270 $69,040 $162,800
Utah $103,570 $60,110 $174,920
Vermont $79,780 $51,330 $132,050
Virginia $130,130 $80,170 $181,280
Washington $133,120 $82,420 $181,550
West Virginia $86,340 $37,370 $141,760
Wisconsin $104,520 $61,450 $138,620
Wyoming $92,890 $51,280 $123,880

Source: U.S. Bureau of Labor Statistics (BLS) 2022 median salary; projected job growth through 2032. Actual salaries vary depending on location, level of education, years of experience, work environment, and other factors. Salaries may differ even more for those who are self-employed or work part time.

Forensic Science Technicians

National data

Median Salary: $63,740

Projected job growth: 12.6%

10th Percentile: $39,710

25th Percentile: $49,320

75th Percentile: $82,160

90th Percentile: $104,330

Projected job growth: 12.6%

State data

State Median Salary Bottom 10% Top 10%
Alabama $53,610 $37,970 $68,810
Alaska $65,120 $47,960 $98,110
Arizona $62,760 $40,760 $103,620
Arkansas $46,500 $34,900 $52,420
California $85,490 $54,230 $132,320
Colorado $74,060 $54,710 $101,050
Connecticut $81,450 $47,250 $100,150
Florida $59,090 $37,520 $80,440
Georgia $47,980 $36,460 $69,100
Idaho $52,810 $38,300 $81,830
Illinois $107,520 $59,380 $107,520
Indiana $58,300 $37,490 $79,920
Iowa $65,690 $53,390 $93,370
Kansas $62,390 $46,090 $93,640
Kentucky $52,460 $41,250 $67,140
Louisiana $50,920 $37,870 $86,840
Maine $61,830 $40,310 $74,730
Maryland $65,480 $47,080 $104,310
Massachusetts $80,910 $60,240 $122,860
Michigan $57,490 $26,030 $95,120
Minnesota $79,210 $47,900 $99,780
Mississippi $51,630 $31,510 $67,330
Missouri $52,240 $32,350 $80,620
Montana $62,860 $49,890 $80,060
Nebraska $61,300 $34,770 $75,170
Nevada $64,980 $45,540 $104,400
New Hampshire $75,070 $55,850 $89,320
New Jersey $61,620 $48,150 $77,780
New Mexico $54,050 $29,820 $80,870
New York $79,140 $62,510 $104,330
North Carolina $47,370 $38,720 $64,030
Ohio $63,620 $48,350 $100,960
Oklahoma $67,120 $38,820 $100,330
Oregon $104,470 $61,270 $109,930
Pennsylvania $49,910 $35,680 $83,090
South Carolina $48,590 $36,310 $65,890
Tennessee $60,540 $39,380 $83,480
Texas $56,970 $38,400 $80,640
Utah $53,560 $41,390 $73,200
Virginia $68,310 $42,310 $102,660
Washington $77,170 $50,250 $99,180
West Virginia $48,840 $34,710 $66,990
Wisconsin $59,400 $38,730 $90,220
Wyoming $57,790 $41,900 $79,640

Source: U.S. Bureau of Labor Statistics (BLS) 2022 median salary; projected job growth through 2032. Actual salaries vary depending on location, level of education, years of experience, work environment, and other factors. Salaries may differ even more for those who are self-employed or work part time.

Job growth and outlook

Computer forensics may be a relatively new but well-established field within criminal justice but with more than 1,400 publicly acknowledged data breaches in 2021 alone, and another 400 not publicly reported, the job growth forecast for experienced digital and computer forensic investigators is much stronger than the national average for all other careers.

According to the U.S. Bureau of Labor Statistics information security analysts can anticipate a 31.5% job growth through 2032 compared to the 5% growth for all other careers combined. Add to the fact that some 422 million individuals in the U.S. alone experienced some form of compromised data in 2021, and you can see why digital and computer forensic investigators and experts should experience a healthy job market for the foreseeable future.

Sources: computerforensicsworld.com; U.S. Bureau of Labor Statistics

Written and reported by:

All Criminal Justice Schools Staff

Updated: February 21, 2023