Computer Forensic Analyst
Minimum Qualifications
Bachelor of Science Degree in Computer Forensics, Computer Science, or related field AND a minimum of (24) months of satisfactory experience performing the duties of a Computer Forensic Analyst 2 or its equivalent in another computer forensic environment; AND possession of a Computer Forensics certification such as EnCE, CFCE, ACE or similar certification. Certification may be substituted with a minimum of (128) hours of Computer Forensics training; AND completion of verifiable training with computer forensic tools such as Encase, Access Data FTK and ASR SMART. Preference will be given to those candidates who have gained experience in testimony as an expert witness and have established his or her credentials as an expert in various courts of record.
Substitution: (4) years of work-related experience in the field of Computer Forensics may be substituted for the required Bachelor’s Degree.
Duties Description
Under the general direction of the Director or a higher-level Computer Forensic Analyst, the Computer Forensic Analyst 3 performs the following duties:
• In accordance with Department policy, rules and regulations, office guidelines and industry standards, conducts data acquisition and archival; hardware, software and tool testing and validation; and physical examinations of computers, electronic devices and various Department computer network systems
• Copies data from multiple operating systems and mobile computing devices.
• Verifies the integrity of the forensic copies to be used for analysis. Use computer forensics and information technology utilities to verify the integrity of data to ensure that no data is lost or modified during the acquisition or copying process.
• Prepares copied data for archiving into digital media.
• Conducts physical examinations of computer and other electronic computing devices by inspecting the hardware peripherals in devices submitted as evidence. Document the physical condition of evidence computers and devices.
• Disassemble and reassemble various types of electronic data or communication devices.
• Test and validate computer hardware, software and forensic analytical tools using established procedures and guidelines.
• Prepare and submit required documentation for admittance into evidence in court proceedings.
• Perform computer hardware, software, network and internet related research to troubleshoot and maintain computer forensic laboratory equipment and network.
• Testifies in court and other proceedings regarding casework involving routine laboratory processes such as acquisition, archival and analysis.
• Prepare comprehensive analysis reports to be used in the course of investigations and entered into evidence during court proceedings.
• Research industry standards and assist Department Investigators in developing procedures for the various stages of computer forensic processes, such as acquisition, archival and analysis of data.
• Properly maintains the chain of custody and meets evidence handling requirements.
• Recommends changes in operating procedures, equipment, and personnel.
• Assists with the implementation of hardware and software, as well as modifications to the laboratory equipment and network as requested by management.
• Analyzes the most complex cases which may involve multiple operating systems and mobile computing devices.
• Advise Department Investigators of possible alternative methods of analysis that would increase accuracy, efficiency and timeliness.