California Department of Justice – Sacramento County, CA


Job Description and Duties

The California Department of Justice (DOJ) announces an exceptional career opportunity to work in an exciting program committed to providing outstanding electronic discovery, incident response and digital forensics & investigation services to a large, statewide law enforcement agency. The mission of the California Justice Information Services Division, Cybersecurity Branch, Office of Digital Investigations (ODI) is to assist law enforcement and DOJ legal divisions with best-in-class information technology incident response, digital investigation, and forensically sound preservation, acquisition and analysis of complex computing environments.   

DOJ is seeking a highly motivated and analytical individual to serve as a non-sworn Digital Forensic Investigator. The ITS I serves on a team of advanced digital forensics investigators, specializing in digital forensics, big data, cloud, Internet of Things (IoT), electronic information systems and social media forensics. The incumbent performs a variety of tasks within the digital investigations and cybersecurity incident response lifecycle, as well the Electronic Discovery Reference Model (EDRM). Activities include digital forensic examinations of computers, servers, networks, mobile devices and other digital devices with the purpose of identifying, collecting, and presenting data for preservation and later introduction as evidence in court or other legal proceedings. The ITS I demonstrates knowledge pertaining to data storage and management, installation, configuration, security, maintenance, troubleshooting, backup, and recovery, relating to personal computing, application, server, security, storage, and network infrastructure. Incumbent plans, develops and implements technology solutions for state and local law enforcement agencies on issues relating to the seizure, operation and forensic examination of information technology, both alone and as part of a team of digital investigations professionals.

This position requires a steep level of confidentiality as information that the ITS I will have access to can be very private, privileged or sensitive in nature.  Willingness to travel throughout the state is a must.

Desirable Qualifications

In addition to evaluating each candidate’s relative ability, as demonstrated by quality and breadth of experience, the following factors will provide the basis for competitively evaluating each candidate:

  • Established analytical, writing, communication and interpersonal skills.
  • Knowledge of concepts and practices for capturing and processing digital forensic data and Electronically Stored Information (ESI).
  • Knowledge of Electronically Stored Information (ESI) data types and how to recognize possible locations of stored ESI for collection of data, such as computer systems and their components, access control devices, digital cameras, handheld devices, electronic organizers, memory cards, network components, removable storage devices, multifunction office devices, credit card skimmers, vehicle infotainment systems and other miscellaneous Internet of Things (IoT) devices.
  • Knowledge of network architecture concepts including topology, protocols, and components.
  • Knowledge of data backup, types of backups and recovery concepts and tools.
  • Knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).
  • Knowledge of electronic evidence law and legal governance related to admissibility (e.g. Rules of Evidence and court procedure).    
  • Knowledge of processes and required documentation for collecting, seizing and preserving digital evidence, including chain of custody, proper evidence handling and general legal proceedings such as Motions, Affidavits, Subpoenas, Warrants, etc.
  • Skill in preserving evidence integrity according to standard operating procedures per national standards.
  • Skill in collecting, processing, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or destruction of data.
  • Skill in setting up a forensic workstation and using digital forensic hardware and software tools to acquire and process digital evidence to find forensic artifacts such as cookies, browser history, firewall records, etc.
  • Skill in using virtual machines. (e.g., Microsoft Hyper-V, VMWare vSphere, Citrix XenDesktop/Server, Amazon Elastic Compute Cloud, etc.).  
  • Ability to recognize and interpret various data types to analyze patterns, discrepancies and anomalies to reach conclusions.
  • Ability to administer (install, configure, maintain & troubleshoot) Unix/Linux/Mac and/or Windows operating systems.
  • Ability to learn new concepts, procedures and practices in a culture of constant research and discovery.
  • Ability to be thorough and detail-oriented.
  • Ability to work under pressure to meet deadlines and service levels.