Uses leading edge technology and industry standard forensic tools and procedures to provide insight into the cause and effect of suspected cyber intrusions
Follows proper evidence handling procedures and chain of custody protocols
Produces written reports documenting digital forensic findings
Determines programs that have been executed, finds files that have been changed on disk and in memory
Uses timestamps and logs (host and network) to develop authoritative timelines of activity
Finds evidence of deleted files and hidden data
Identifies and documents case relevant file-system artifacts (browser histories, account usage and USB histories, etc.)
Creates forensically sound duplicates of evidence (forensic image) to use for data recovery and analysis
Performs all-source research for similar or related network events or incidents
Skill in identifying different classes of attacks and attack stages
Knowledge of system and application security threats and vulnerabilities
Knowledge in proactive analysis of systems and networks, to include creating trust levels of critical resources
Requirements
(7-9 years host investigations or digital forensics experience with a High school diploma; or a Bachelor's degree in a technical discipline from an accredited college or university in Computer Science, Cybersecurity, Computer Engineering, or related discipline, and with 5-7 years of host-based investigations or digital forensics experience)
Proficiency level III includes all skills defined at level II in addition to the following:
Assists with leading and coordinating forensic teams in preliminary investigation
Plans, coordinates and directs the inventory, examination and comprehensive technical analysis of computer related evidence
Distills analytic findings into executive summaries and in-depth technical reports
Serves as technical forensics liaison to stakeholders and explains investigation details to include forensic methodologies and protocols
Tracks and documents on-site incident response activities and provides updates to leadership throughout the engagement
Evaluates, extracts and analyzes suspected malicious code