A Career in Digital Forensics

If you work within digital forensics in cyber security are on the front lines in the fight against cybercrime. It’s working on the process of identifying and reconstructing the relevant sequence of events that have led to the currently observable state of a target IT system.


What will I work on?


The majority of your work is driven by the need to respond to security incidents or suspected crimes. You work methodically and carefully, in control of the pace of your work. You work on very technical matters, sometimes delving deeply into hardware and software, using specialised tools, to recover data from systems and devices. You record the steps of your investigations and your findings thoroughly; in some organisations, this will be for presentation in legal proceedings, whether civil or criminal. If you're an experienced digital forensics practitioner, you may be directly involved in such proceedings, appearing as an expert witness in court.


What skills are important?



  • Problem-solving
  • Logical thinking
  • Writing formal reports
  • Evaluating the probable social, commercial, cultural, ethical and environmental consequences of an action

Specialist skills:

  • File system analysis
  • Memory artefact analysis
  • Software analysis, possibly including decomplication
  • Scripting in languages or tools, such as Python, Unix Shell and PowerShell
  • Physical disassembly of electronic devices
  • Use of common forensics tools such as UFED, EnCASE and FTK
  • Writing reports suitable for submission in legal proceedings

Transferable skills:


Having a career in Digital Forensics is a requirement for significantly advanced, specialised skills.

However, some roles are quite specialised and may provide a good foundation on which additional training can build. These include:

  • Data recovery
  • Archaeology
  • Forensic accountancy
  • Scene-of-crime officers

let's talk

Sign up to our Cyber security newsletter