Here is the information for this type of role…
Digital Forensics Analyst
- Recover data from computer hard drives and other data storage devices that have been deleted, damaged or otherwise manipulated
- Use forensic tools and investigative methods to find specific electronic data
- Analyze data and evaluate its relevance to the case under investigation
- Document each stage of the investigation and maintain a focus on case logs, repeatability and chain of custody
- Present findings via written reports and orally to key stakeholders in clear and concise language
- Testify in court when required
- Case assignment and MI reporting when required
- Risk management
- EnCE (Encase Certified Examiner) is essential
- CFCE (The International Association of Computer Investigative Specialists) – Foundation Level knowledge
- CCE (The International Society of Forensic Computer Examiners) – Foundation Level Knowledge
- ACE (Access Data Certified Examiner) is desired
- Bachelors in Computer Science is desired
- Excellent Communications skills to enable rapport to be built with Stakeholders and colleagues
- Technical skills to allow a process to be followed methodically and systematically as well as troubleshooting
- An investigative mind to be able to learn and discover how unfamiliar technology works
- Excellent organizational skills to manage caseload, projects and ad hoc requests
- Ability to present both in the written form and orally and adapt communication style to the audience
- Report writing skills
- Project Management skills
- Responsive, reactive and proactive
- Able to switch mindset and wear many hats (e.g investigator, interviewer, trouble-shooter) without impacting performance
To perform technical work in the examination, identification, and preservation of digital evidence including computers, cellular phones, digital media, electronic data storage, and related materials pertaining to law enforcement investigations; to log in evidence and maintain records; and do related work as required.
Distinguishing Characteristics: This is the entry-level class in the Digital Forensics Technician series. Positions in this class typically have limited work experience and work under immediate supervision while learning job tasks progressing to general supervision as procedures and processes of assigned area of responsibility are learned. The Digital Forensics Technician I is distinguished from the Digital Forensics Technician II by the level of duties performed and the full range of duties assigned to the Technician II level.
Essential Functions: Functions may include, but are not limited to, the following (under immediate supervision while learning job tasks): conduct forensic examinations of digital devices, computer systems, storage media and electronic storage devices to obtain evidence contained within; determine methods and techniques appropriate for extracting data from a variety of digital evidence items; use forensic software applications to analyze electronic media; extract digital information from cellular telephones using a variety of approved methods and tools; preserve and copy original media; restore recoverable deleted files; access password-protected and secured files; use digital forensic extraction and analysis equipment including the use of digital camera and video capture software to acquire electronic images; maintain specialized equipment assigned to the Crime Laboratory; prepare reports documenting examination procedures and results; maintain inventory records, repairs, maintenance, upgrades, and modifications of digital devices and equipment maintained by the Police Department such as cellular phones and body worn cameras; provide basic training to department personnel on digital devices used in the course of their duties such as cellular phones and body worn cameras; provide support to the Police Department with utilizing digital imaging techniques including video capture and enhancement; build and maintain positive working relationships with co-workers, other City employees and the public using principles of good customer service; and performs related duties as assigned.
Training: College level courses from an accredited college in Computer Science, Information Technology, Criminal Justice, Computer Forensics or a related field.
License or Certificate: Possession of a valid California driver’s license.
Knowledge, Skills and Abilities / Physical Demands and Working Conditions:Knowledge of: basic investigative techniques related to computer and digital device forensics; methods and techniques used to access, recover, review, validate, and preserve electronically stored data files; the principles and practices of evidence collection, preservation and handling; methods of restoring deleted files and accessing secured unencrypted data; exercise independent judgment and initiative without close supervision; applicable laws, codes, ordinances and regulations; English usage, spelling, grammar, and punctuation; and computer equipment and software applications related to assignment.
Ability to: learn police procedures, court testimony procedures and techniques; learn to examine and analyze computer hardware, software, and electronically stored data pertaining to law enforcement investigations; learn to use digital forensic extraction and analysis equipment including the use of digital camera and video capture software; find and extract electronically stored information to be used as evidence; restore deleted files; learn to access secured data; find and extract electronically stored information to be used as evidence; learn to prepare and present reports of findings; learn to prepare and maintain accurate records and files; learn to redact and enhance video/photos; testify in court; learn, understand, interpret and apply basic laws, rules and regulations; prepare clear, detailed, and concise reports; work nights, holidays and weekends and be available for stand-by and call outs after regular working hours; operate computer equipment and software applications related to assignment; communicate clearly and concisely, both orally and in writing; establish and maintain effective working relationships with those contacted in the course of work and work with various cultural and ethnic groups in a tactful and effective manner.
The CGI Federal Cyber Threat Analysis Center (CTAC)is seeking a Junior-level Digital Forensic Analyst to support intrusion and insider threat investigations for internal and external customer incidents. The Digital Forensic Analyst will be responsible for using a wide variety of forensic tools and investigative methods to find: specific electronic data, locate malicious code, determine the infection vector, scope of the compromise, malware artifacts, possible data ex-filtration activity, documents, photos and e-mails from computer hard drives and other data storage devices, such as zip and flash drives that have been deleted, damaged or otherwise manipulated
Your future duties and responsibilities:
- Conducting data forensic investigations for enterprise computer security incidents including but not limited to internal and external intellectual property theft, attacks/intrusions, computer abuse and insider threat investigations
- Perform forensically sound imaging of multiple types of data sources
- Demonstrated skill performing operational software/hardware testing on digital equipment and other electronic devices.
- Ability to follow through on leads until all possible avenues in investigating a case have been exhausted.
- Performing log, memory and RAW analysis.
- Maintain full chain of custody and evidence tracking
- Demonstrated skill in performing post-incident computer forensics in a forensically sound manner.
- Organize all relevant case information in easy-to understand format
- Prepare reports and document case details, development and outcome.
- Provide expert analysis and interpretation of forensic artifacts, including expert opinions when necessary
- Successfully complete initial competency and annual proficiency testing
- Maintain knowledge and understanding of new developments in the field of digital forensics
Required qualifications to be successful in this role:
- Must be a US Citizen.
- Ability to work greater than 40 hours per week as needed
- Ability to act as full-time on-call for escalation of cyber security incidents
- Experience with forensic data acquisition using a variety of imaging types and methods
- Knowledge of forensic analysis and proper investigation techniques pertaining to compromised systems
- Knowledge of forensic best practices pertaining to chain of custody and preservation of evidence procedures
- Familiarity with forensic artifacts typically found in Windows operating systems
- Experience in team oriented environments, leveraging other teams’ experience and specialties as required
- Technical report writing experience
- Experience with Autopsy, TSK, EnCase, FTK, X-Ways or other computer forensic tools
- Experience troubleshooting, maintaining, and repairing computer hardware
- Familiarity with identification of malicious software
- Knowledge of programming and scripting languages (e.g., Python, Perl, EnScript, etc.)
- Experience with ISO 17025 Accreditation requirements
- Ability to read and interpret PCAP data
- Digital Forensic and Incident Response Certifications such as GCFE, GCFA, CHFI, CCE, CFC, EnCE, CFCE, CART/FE, FET, or DeXT, NCFI BICEL, BCERT, and/or AFT
- Incident Response
- Malware Engineering
What you can expect from us:
Build your career with us.
It is an extraordinary time to be in business. As digital transformation continues to accelerate, CGI is at the center of this change—supporting our clients’ digital journeys and offering our professionals exciting career opportunities.
At CGI, our success comes from the talent and commitment of our professionals. As one team, we share the challenges and rewards that come from growing our company, which reinforces our culture of ownership. All of our professionals benefit from the value we collectively create.
Be part of building one of the largest independent technology and business services firms in the world.
Learn more about CGI at www.cgi.com.
No unsolicited agency referrals please.