Digital Forensic Examiner
- EnCase Certified Examiner (EnCE)
- AccessData Certified Examiner (ACE)
- DCITA DoD Digital Forensic Examiner or FBI Computer Analysis Response Team (CART) certification.
- Must be adjudicated to Top Secret (SCI eligible) clearance level at employment start.
DUTIES INCLUDE BUT NOT LIMITED TO:
- Conduct complex and high-profile, non-destructive evaluations of target computer systems to determine operating and file systems, stored information, user and program logs, ownership and access methodology, as well as security features and usage.
- Provide detailed forensic examinations for NCIS cases when computers or other digital media are instruments of a crime, DoN computer networks are victims, or when computers or other digital media is used to store data of evidentiary or intelligence value.
- Document artifacts and deliverables according to standardized formats and approved templates created through collaboration with NCIS Cyber Divisions.
- Execute cross-division collaboration such that best practices and standards are performed as needed and as required.
- Work collaboratively in a team environment to identify opportunities to provide forensic support via active engagement with Cyber-Referent agents.
- Collect and preserve critical evidence from large data sets.
- Conduct intrusion identification.
- Write SQL queries to verify/retrieve data.
- Perform log analysis in support of NCIS investigations.
- Conduct forensic extraction and analysis of data and electronic evidence from seized digital media.
- Analyze computer network security settings, server, system, router, firewall, intrusion detection system (IDS) and intrusion prevention system (IPS) logs and packet capture data.
- Assist the NCIS Special Agent as a technical consultant, ensuring that the data is seized in compliance with computer forensic standards and in compliance with chain of custody guidelines.
- As required, serve as a subject matter expert (SME) and testify in court proceedings regarding forensic procedures utilized to acquire evidence and the description of any evidence obtained.
- Assist with the computer forensic caseload and continually keep current with emerging technologies and software.
- Analyze and test network monitoring technologies.
- Test and assess new commercial and government-developed network-based investigative tools for reviewing and improving NCIS’ current collection platforms.
- Evaluate and implement new technologies to support the improvement and modernization of the NCIS criminal and intelligence capabilities with regard to the gathering digital evidence.
- Provide emergent forensic response support to internal and external surge requirements.
- When tasked or requested by management, provide informal on-the-job training and guidance to new or less experienced cyber personnel during the execution of forensic examinations, and ensure sound investigative practices are utilized in accordance with NCIS guidelines, policies, and regulations.
- Provide informal on-the-job local area training/familiarization of cyber forensic support to counterpart Geographic Field Offices.
- Configure, install, and maintain Network Intrusion Detection systems and Network Forensic Analysis Tools on locally configured networks.
- Minimum of a bachelor’s degree in a computer science-related field or five year of equivalent work experience.
- Minimum of five years of network security experience, with an emphasis on intrusion techniques and intrusion detection system testing and analysis.
- Minimum of five years computer forensics experience using Guidance Software EnCase and/or AccessData Forensic Toolkit (FTK). Proficiency with AccessData FTK, Helix and other forensic tools.
- Expertise with various computer operating systems to include Windows, Linux/Unix, and Macintosh OS.
- Expertise with a variety of computer hardware to include servers, workstations, desktops, laptops, networking equipment, tablets and cellphones.
- Full understanding of proper forensic data collection procedures, chain of custody, and documentation procedures in a law enforcement environment.
- Expertise with Cellebrite or XRY Cell phone forensics software.
- Strong documentation skills.
- Ability to testify as an expert witness in judicial proceedings.
- Proficient in information security, information assurance, information technology, and cyber defense best practices and principles.
Job Type: Full Time
Salary: $110,000.00 to $120,000.00 /year