Computer forensic investigators are in high-demand. Often referred to as digital forensics engineers or computer forensic investigators, they need to know basic IT skills, understand computer architecture, and networking. They also require the ability to collaborate with various teams and write detailed reports. A digital forensics professional must have analytical and investigative skills, as well as strong attention to detail.
You have worked hard for your degree in this field and now it is time to enter the job market. This process entails interviews. There can be one interview or many, depending on the seniority of the position and the respective company’s hiring policies. Human Resources may perform the vetting, and if you make the cut, you proceed to the department supervisor, manager or another person in leadership. The questions may vary at each level.
You can expect the standard get-to-know-you questions about your background, schooling, and accomplishments. These test your communication skills and project your personality (positive qualities) to the employer/interviewer. In addition to the generic questions, there will be ones directed at your technical skills. According to the Infosec Institute, some of the interview questions you may encounter, along with suggested answers are:
What is a SAM file?
A SAM, or Security Accounts Manager, is a file specifically used in Windows computers to store user passwords.
What is data mining?
Data mining is the process of recording as much data as possible to create reports and analysis on user input.
What operating systems do you use?
Most computer forensic experts know at least one operating system well. Be honest with this question, but you should know Windows, Linux or Mac operating systems well.
What is steganography?
Steganography conceals a message within a message.
Describe your experience with virtualization.
Relate your experience with virtualizations, but be sure to describe the virtual infrastructures you are familiar with, i.e., Virtualbox, VMWare, etc. Make sure you identify the types of operating systems you have dealt with also.
How do you stay up to date on current cybersecurity trends?
This is a personal and important question. The interviewer wants to know how you keep abreast of the changing technology affecting computer forensics. You would mention various newsletters, podcasts, and websites you visit often.
What is the difference between a threat, vulnerability, and risk?
- A threat is the possibility of an attack.
- Vulnerability is a weakness in the system.
- Risks are items that may cause harm to the system or organization.
Additional examples of possible technical questions:
What is the difference between Asymmetric and Symmetric encryption, and which one is better?
Symmetric encryption uses the same key for both encryption and decryption, while Asymmetric encryption uses different keys for encryption and decryption.
What is the difference between software testing and penetration testing?
Software testing just focuses on the functionality of the software and not the security aspect. A penetration testing will help identify and address the security vulnerabilities.
Preparation is paramount to an interview. Practice with a friend or partner will pay dividends in the actual interview. You will feel more confident and less nervous. In addition to the personal and technical questions, the interviewer might present hypothetical scenarios, followed by a question. In other words, what would you do in this situation? These are more difficult to prepare for and the possible scenarios are too numerous. However, here are a few examples:
- You come to work and discover someone has hacked into the computer system. What steps would you take?
- How would you handle retrieving data from an encrypted hard drive?
- What are some of the ways a computer forensics specialist can take to mitigate risks to company assets?
- An incident has been reported that an enterprise host was identified communicating with a known malicious external host. You are the forensic analyst on duty when the disk arrives. How will you begin the investigation?
The purpose of the hypothetical scenarios could be a means of testing your ability to think quickly. You cannot possibly anticipate what questions the interviewer will ask. One phase of the job interview you will know for certain prior to the interview–your questions. Near the conclusion of the interview, the interviewer may ask if you have any questions. Statistics show that about 75 percent of job seekers will say, “No. I think that’s everything.” This is a terrible response, according to HR professionals and managers.
Always have a few questions prepared and have one based on something you found during your research of the particular company. Focus your questions on the company and what you can do for them. You could ask about something (positive) you have discovered about the company. Experts advise not to focus your questions on yourself, salary, time off, benefits, or pay raises.