I receive a lot of inquiries from folks wanting to break into the computer forensics field. They typically ask what they need in terms of background, education, certifications, etc.
The answer is; It varies.
Different companies and organizations will have different needs and different minimum standards based on where they are in size, growth and organizational life cycle.
For instance, a law enforcement agency with an established high tech crime unit may take on someone with minimum skills and train them from the ground up to perform forensic examinations. Normally, this means that they already have someone who manages and directs their forensic activities. On the other hand if they are trying to start up a forensic unit, they may be looking for someone with considerable skill and may draw from the rank of police officers first.
Private companies range from one man shops up to mega companies. Smaller companies may need to hire examiners who require less time to cases than a bigger company that may have the luxury of hiring lesser experienced people and training them.
In the big companies it is possible to start out just doing acquisitions or standardized functions on cases such as setting up the case, copying the evidence and running the first few steps before an examiner takes over for the actual analysis.
There are always different paths to the same destination. If you are a recent graduate of a computer forensics degree, then you have some educational background, but you probably don't have much in the way of useful, i.e. practical experience in computer forensics in a lab environment.
In that case, I would recommend trying to find an internship with a forensic company or a law enforcement agency. Preferably before you graduate so you can put that practical experience on your resume.
Different organizations may offer either paid or unpaid internships. Since the intern is getting more out of the relationship than the company or organization, don't be surprised if they only pay a stipend to cover your gas for the period of the internship.
If you are an experienced computer support person with a track record in network administrations, PC support and or IT security, your backgroun is a big plus. However, you would still be pretty useless in a computer forensics lab until you are trained in the tools and processes. My advice for those of you considering a career change is to get your hands on the tools and practice with them so you can demonstrate knowledge to a prospective employer.
Bear in mind that computer forensics people tend to be very highly motivated toward self learning and are constantly trying out tools and techniques to improve their skills. Many tools are available for free or as trial versions. You can even get a demo copy of Encase with the purchase of the Encase ENCE Study guide that will get you some hands on experience.
While many people think that computer forensics means firing up the forensic software and clicking away, that is not the case at all. There are many things one must learn to practice forensics. Both technical and legal.
If you are interested in the field and want a nice overview, I highly recommend "Computer Forensics for Dummies". It does a good job of giving a general overview of the field without being so technical you cannot understand it. Bear in mind, reading that book will not make you an examiner, but it will give you enough information to dig deeper if you are so inclined.
On the topic of internships, I would like to see more companies and agencies offering them. However, bear in mind that providing a decent internship experience to someone is time consuming. Also, bear in mind that as an intern, you may get very little practical experience the first time around. You may spend a significant portion of the internship doing guided learning specific to the field. The positive aspect of doing an internship is that you get face time with a company or agency that may hire you permanently. At the very least, you are bolstering your resume for future employment prospects.
I offer internships at my company because I want to help people get into the field and also it gives me a chance to have a good look at potential future employees. I only take on two interns at a time and only pay a stipend for the intern period. But, in exchange, I try to make it the best experience I can for the interns and allow them to get some practical experience along the way.
I encourage my fellow examiners to do the same as I believe it will make the field stronger and also provide opportunities for aspiring computer forensics examiners.