Forensic computer analyst
Job prospects for forensic computer analysts are good as any organisation or employer susceptible to IT security incidents will be in need of their services
As a forensic computer analyst, you'll investigate computer-related crime (also known as cybercrime) that can include data breaches, security incidents and other online criminal activities.
You'll use a range of specialised software and other techniques to secure, retrieve and analyse data linked to a range of illegal activities including:
- hacking
- network intrusions
- online scams and fraud
- political, industrial and commercial espionage
- terrorist communications
- the use of illegal images
- theft of confidential information.
You will investigate a range of crimes where the computer can either be the object of the crime, for example when criminals carry out hacking or spamming, or where it is used to commit a crime, such as online hate crimes or the possession of illegal pornography. It can also be used for illegal communication and data storage.
Your investigations can centre on data stored on a range of devices, including personal or work computers, tablets, mobile phones, the cloud and flash drives.
You could be working for the police or other law enforcement agencies, for a specialist computer forensic company or investigative team, or large companies such as banks.
Responsibilities
As a forensic computer analyst, you'll need to:
- secure a system or device so it can't be tampered with
- use a range of forensic tools and software to extract and analyse data
- deal with highly sensitive or confidential data or images, depending on the type of case you’re investigating
- recover damaged or deleted data or access hidden, protected or encrypted files
- unlock digital images that are locked to hide the identity of a place or person
- examine data from mobile phones and satellite navigation systems to trace people or places
- follow electronic data trails to reveal links or communication between individual or groups
- collect information and evidence in a legally admissible way
- write technical reports based on your findings and, if required, give evidence in court as an expert witness
- present findings of on-going incidents to other members in the investigation team, law enforcement agencies and clients
- keep up to date with evolving cybercrime methods and developments within the digital forensics field
- undergo security checks and vetting procedures
- work to relevant ISO accreditations.
Salary
- Typical starting salaries for forensic computer analysts range from £25,000 to £30,000 a year.
- With experience, you can earn £30,000 to £50,000 a year.
- In more senior roles, it's possible to earn up to £80,000.
Salaries vary depending on your skill set, the region you're located in and the size and type of company you work for.
Gaining professional qualifications and certifications can help you to move up the salary scale.
Income figures are intended as a guide only.Â
Working hours
Working hours generally range from 35 to 40 per week, although you will need to be flexible as exact hours will depend on the type of assignment or investigation you are working on.
Some organisations require 24/7 cover, with staff working on a call-out rota, allowing for fast responses to information and cyber security or criminal incidents.
What to expect
- Much of your work will be office or computer lab based but you will have situations where you will need to travel to off-site locations to visit clients, attend meetings or go to court. You may also have to attend the scene of crime so that you can help with the seizure of items or examine devices in situ.
- Digital forensic opportunities are available throughout the UK and internationally. Organisations and companies tend to be in cities or towns.
- You may face restrictions on how much you are able to talk about your job outside work, particularly if you work in government, the Ministry of Defence or police departments. This is due to the sensitive nature of some of the information you may encounter. You might also have to view information and images that you find distressing.
- If you're involved in cyber forensics roles, you may be required to act as an expert witness and give evidence in court cases.
- Some roles require employees to be security cleared.
- Several groups and initiatives are working towards closing the gender gap in cyber security, such as We are Tech Women, the Fraud Women's Network and the Cyber Security Challenge - Women in Cyber.
Qualifications
Most recent entrants to the forensic computer analyst profession are graduates. Some employers require you to have a degree or Masters in computer forensics, or related areas such as cyber security. Others, particularly larger organisations, may be more flexible and accept a range of computing or science, technology, engineering and mathematics (STEM)-related subjects for graduate schemes in this field.
The following subjects in particular may be helpful:
- computer forensics
- cyber security
- computer science
- IT
- mathematics, physics and other STEM subjects
- network engineering
- networks security
- electronics.
Having a relevant Masters can also be beneficial, particularly if your first degree wasn't in a related area. The National Cyber Security Centre (NCSC) lists certified Masters degrees in cyber security and closely related fields from a range of universities.
Search for postgraduate courses in computer forensics or cyber security.
It's also possible to take a cyber-security technical professional level 6 degree apprenticeship. This would involve you working while gaining the relevant qualification. Find out more about the apprenticeship and where it is offered.
Entry without a degree is possible by starting in an entry-level position and working your way up by undertaking further training and industry-specific qualifications and certifications.
Skills
You'll need to have:
- a willingness to keep up to date with the latest forensic computing techniques, tools and software, such as FTK, EnCase, Cellebrite and XRY
- an understanding of operating systems, e.g. Windows, Mac, iOS and Android
- analytical and problem-solving skills
- patience and a methodical and well-organised approach to work with the ability to adapt to changing priorities quickly
- an enquiring, investigative mindset with excellent attention to detail
- written and verbal communication skills for writing reports on findings and conveying technical information to technical and non-technical people
- the ability to identify patterns or trends across large amounts of data
- an aptitude for working under pressure and to deadlines
- decision-making skills and the ability to interact with a range of people and communicate decisions effectively
- the ability to manage expectations
- integrity and impartiality and be compliant with issues of confidentiality
- security clearance - this may be necessary if you have access to sensitive information.
Work experience
It is useful to get relevant work experience as it can give an insight into the field and will enhance your future employment prospects. You may be able to take a placement year as part of your degree, which will give first hand industry experience and will help you to make contacts.
If that isn’t possible you could also look for a summer internship with IT companies or organisations that may use cybersecurity services.
Finding specific forensic computing experience may be difficult due to the sensitive nature of the work, but other IT experience such as in computer network administration, operating systems, software and data analysis is also useful.
Other ways to get experience is through competitions such as those run through Cyber Security Challenge UK.
You can also look at getting student membership with relevant professional bodies as this will give you access to events, industry news and development and networking opportunities. For more information see:
Find out more about the different kinds of work experience and internships that are available.
Advertisement
Employers
Key employers include law enforcement agencies and computer forensic companies specialising in digital forensic investigations.
Any organisation or employer susceptible to security incidents and data breaches may employ computer forensics analysts within an in-house team.
There's a high demand for digital forensic professionals and career prospects are excellent for this area of work, particularly if you're willing to travel.
There are a number of graduate schemes and entry-level opportunities across all sectors, including:
- financial service organisations - including banks and accountancy firms
- forensic computing companies and consultancies
- government agencies
- government departments - both national and regional
- government intelligence and security services - including GCHQ and MI5
- IT and telecommunications companies
- police forces and law enforcement agencies - such as the National Crime Agency (NCA)
- the public sector - including the health sector.
With experience there are also opportunities to work as a self-employed consultant.
Look for job vacancies at:
A number of recruitment agencies specialise in forensic computer analyst roles, including ARM: Cyber Security.
Professional development
The fast moving and constantly changing nature of cyber-crime means you'll need to keep up to date with the latest developments in your field and be prepared to learn new investigative methods and software.
Your employer may encourage and support you to undertake training and accreditation in forensic computing techniques, tools and software. This may include Forensic Analysis and Cell Site Analysis, FTK, Data Recovery, Expert Witness, Encase, XRY, Cellebrite, X-Ways and ISO/IEC 17025 and ISO/IEC 27001 accreditation.
There are a number of recognised industry-specific qualifications and certifications suitable for computer forensic professionals, including:
- CREST Examinations
- GIAC: Digital Forensics and Incident Response Certifications
- PA Consulting: Cyber Education
Training, events and conferences are also offered by professional bodies including BCS, The Chartered Institute for IT, CREST and the Chartered Institute of Information Security. Membership of these can aid your professional development throughout your career.
Career prospects
You may start your career by getting a place on a graduate training scheme or via an entry-level job. This could be in a support technician role or in a related role such as network engineer or developer. With experience you could then move into an analyst role.
As you gain more experience and develop your skills through professional development courses and relevant industry certifications, you can progress towards a senior analyst role, leading a team of analysts and related staff, and eventually become head of security. With experience, self-employment as a security consultant is also possible.
An overview of career development pathways and typical roles open to cyber sector professionals are available at Cyber Security Challenge UK.
Alternative pathways could include a move into a different but related role, such as that of cyber security analyst or penetration tester.
Alternative careers
Related jobs and courses
graduate scheme
Technical Graduate 2025
- CGI (4 other jobs)
- Competitive salary
- Various locations
work experience
Analyst - Year in Industry
- National Highways (6 other jobs)
- £22,001-£24,500
- Various locations
work experience
Digital Innovation Placement
- Rolls-Royce Motor Cars (24 other jobs)
- Competitive salary
- West Sussex