While the fields of cyber security and digital forensics are strongly related and often overlap, they each offer a distinct set of challenges and require subtly different skill sets. Generally, you can remember the difference between the two by thinking in terms of "before" and "after." Cyber security is most often concerned with monitoring and preventing illegal access to systems containing sensitive or confidential data (before any potential attacks occur). Digital forensics is about investigating after a cyber attack or crime has taken place.1 While this means each field utilizes its own methodology tied to distinct goals, both frequently operate from a shared knowledge and experience base.
What Does a Cyber Security Analyst Do?
Sometimes called information security analysts, cyber security experts work to protect a company or organization's computer networks and systems from unauthorized access. They primarily work with systems responsible for securing private and confidential information, but they may also deal with other parts of an organization's technological infrastructure.1,2
A cyber security expert's primary job is to foresee any possible entry points or weaknesses in the network and work proactively to address these issues. To do this effectively, they must be able to anticipate possible avenues for cyber attacks and put themselves in the position of a hacker trying to get into their own system(s). Sometimes cyber security analysts may also need to work with digital forensics specialists to provide access logs or other network information following a cyber attack.1
Types of Cyber Security Jobs and Responsibilities
Often cyber security specialists work for computer or Internet companies, private corporations (often those in the financial industry or other sectors that deal heavily with private information), consulting firms, or law enforcement agencies.2
For example, the FBI lists the following as some sample jobs and responsibilities in its information on cyber security careers with the agency:3
- Information Technology Specialist
- Computer Security
- Network Management & Security
- Cyber Incident Response
How to Become One
Information and cyber security analysts usually need a minimum of a bachelor's degree in computer science, programming, information systems, or a related field. Many employers require experience working in IT or as a network, systems, or database administrator, while some may even prefer an MBA.2 (Also see our guide to some cyber security certifications that may help when pursuing a cyber security career.)
What Does a Digital Forensics Specialist Do?
Digital forensics specialists are typically consulted to investigate a cyber attack or crime that has already occurred. Often this involves a network or system that has been broken into or an instance of confidential information being accessed by hackers. However, digital forensics may also be required to retrieve or reconstruct data from computers or networks authorities believe to have been involved in committing a crime.4
Whereas cyber security specialists need to be able to think creatively about ways their own safety measures could be bypassed, digital forensics experts must be excellent problem solvers with a strong attention to detail. They must be able to use any recorded data to reconstruct the pathway(s) hackers may have taken through a system or network in order to understand how it was broken into—and they often work closely relaying this information to cyber security analysts who will use it to prevent further attacks in the future. They may also help gather evidence in cooperation with authorities searching for suspects or building cases to prosecute in court.1,4
Types of Digital Forensics Jobs and Responsibilities
As digital forensics is a more specific subset of the field of forensic science, these roles (sometimes called forensic computer examiners) often involve working for law enforcement, consulting firms, or investigation departments in private companies. Computer companies and businesses that specialize in data recovery may also staff similar positions.4
Keep in mind that depending on the organization, there may be more significant overlap between digital forensics and cyber security roles. (The FBI itself even lists "Digital/Cyber Forensics" under its recommended experience for cyber security careers.3)
How to Become One
Typically a bachelor's degree in computer science is needed for those looking to pursue a career as a digital forensics expert. Because digital forensics positions may involve either corporate or criminal investigations, the requirements will vary based on the type of organization with which a role is being offered. For instance, a position with a forensics unit in a law enforcement agency may require one to have completed police or FBI academy training, while a role at a private corporation may require additional professional experience in a relevant industry.4
Ready to learn more? Explore online IT programs in Digital Investigations or Information Assurance and Security at AIU.
1. Computer & Digital Forensics Blog, "Cyber Security and Digital Forensics: Two Sides of the Same Coin," on the internet at http://computerforensicsblog.champlain.edu/2014/10/22/cyber-security-digital-forensics-two-sides-coin/ (visited February 23, 2016).
2. Bureau of Labor Statistics, U.S. Department of Labor, Occupational Outlook Handbook, 2016-17 Edition, "Information Security Analysts," on the Internet at http://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm (visited February 23, 2016).
3. Federal Bureau of Investigation, "Cyber Careers," on the internet at https://www.fbijobs.gov/talent-networks/professional-careers/cyber-information-technology/cyber-careers (visited February 23, 2016).
4. Bureau of Labor Statistics, U.S. Department of Labor, Occupational Outlook Handbook, 2016-17 Edition, "Forensic Science Technicians," on the Internet at http://www.bls.gov/ooh/life-physical-and-social-science/forensic-science-technicians.htm (visited February 23, 2016).