Each of the 15 specialisms are based on knowledge areas within CyBOK.

More information on CyBOK knowledge areas can be found here.

Here are the knowledge areas associated with Digital Forensics.

Core knowledge – you will need a very good understanding of these areas

Forensics | The collection, analysis, and reporting of digital evidence in support of incidents or criminal events.

Law and Regulation | International and national statutory and regulatory requirements, compliance obligations, and security ethics, including data protection and developing doctrines on cyber warfare.

If you need to investigate breaches affecting industrial control systems (ICSs), you'll also need:

Cyber-Physical Systems Security | Security challenges in cyber-physical systems, such as the Internet of Things and Industrial Control Systems, attacker models, safe-secure designs, and security of large-scale infrastructures.

Related knowledge – you will need a solid understanding of these areas

Distributed Systems Security | Security mechanisms relating to larger-scale coordinated distributed systems, including aspects of secure consensus, time, event systems, peer-to-peer systems, clouds, multitenant data centres, and distributed ledgers.

Adversarial behaviour | The motivations, behaviours, and methods used by attackers, including malware supply chains, attack vectors, and money transfers.

Software Security | Known categories of programming errors resulting in security bugs, and techniques for avoiding these errors - both through coding practice and improved language design - and tools, techniques, and methods for detection of such errors in existing systems.

Security Operations & Incident Management | The configuration, operation and maintenance of secure systems including the detection of and response to security incidents and the collection and use of threat intelligence.

Wider knowledge – these areas will help to provide context for your work

Network Security | Security aspects of networking and telecommunication protocols, including the security of routing, network security elements, and specific cryptographic protocols used for network security.

Web & Mobile Security | Issues related to web applications and services distributed across devices and frameworks, including the diverse programming paradigms and protection models.

Digital Forensics

More about a career in Digital Forensics

An introduction to this specialismWorking life

An introduction to this specialism

What will your responsibilities include? What are your tasks likely to include?Responsibilities

What will your responsibilities include? What are your tasks likely to include?

What core, related and wider knowledge is important for working in this specialism?Knowledge

What core, related and wider knowledge is important for working in this specialism?

What personal attributes might you need? What specialist skills are important?Skills

What personal attributes might you need? What specialist skills are important?

What other cyber security or IT role might you progress to from this specialism?Moving on

What other cyber security or IT role might you progress to from this specialism?

Which certifications and qualifications are relevant to roles in this specialism?Qualifications

Which certifications and qualifications are relevant to roles in this specialism?