Computer Forensic Analyst
| Closing date: 02/26/2020 |
Duties & Responsibilities:
State Police Computer Forensic Analysts are non-competitive, technical positions performing a full range of complex analyses of various types of electronic and digital evidence received at the New York State Police Crime Laboratory and handled by the Computer Forensic Laboratory. These positions are located only in the Division of State Police and are located at the Computer Forensic Laboratory in Albany, New York.
DUTIES
Computer Forensic Analyst 1, SG-14
Abide by and follow all procedures relating to the proper handling and chain-of-custody of evidence in computer forensic laboratories.
Use computer forensic software to forensically copy data found on electronic devices so that the integrity of original evidence is preserved and the copy can be used for forensic analysis.
Verify the integrity of the forensic copies to be used for analysis per State Police and National Institute of Standards for Technology standards. Use computer forensic and information technology utilities to verify the integrity of data to ensure that no data is lost or modified during the acquisition or copying process.
Use automated technology to prepare copied data for archiving. Archival process will preserve and prevent data loss by providing a stable long-term storage medium.
Conduct physical examinations of computer and other electronic computing devices by inspecting the hardware peripherals in devices submitted to the laboratory as evidence. Inspection will encompass device functionality, including date and time verification of circuit board of computer or devices. Document the physical condition of evidence computers and devices by means of digital photography and completion of appropriate examiner reports.
Disassemble and reassemble various types of electronic data or communication devices including but not limited to personal computers, laptops, and cellular phones during the examination process.
Test and validate computer hardware, software, and forensic analytical tools using established laboratory procedures and National Institute of Standards for Technology guidelines. Testing and validation is conducted to verify the integrity of computer forensic software, data acquisition and archival hardware and to ensure tools do not report high rate of errors.
Prepare and submit to superiors required documentation that catalogues and describes acquired data for admittance into evidence in court proceedings. Reports shall be prepared and submitted by all analysts after performing laboratory processes such as acquisition, archival and analysis.
Perform computer hardware, software, network, and Internet related research to troubleshoot and maintain computer forensic laboratory equipment and network.
Review current scientific literature and attend seminars, courses, or professional meetings to stay abreast of developments within the field of Computer Forensics and Digital Evidence.
Be willing to participate in a Psychological Wellness Program, which includes a baseline psychological evaluation and which may include MMPI-2RF, Diagnostic Assessment of Post-Traumatic Stress Disorder, a clinical interview and periodic evaluations with a psychologist, to determine suitability for being exposed to images and videos of child sexual exploitation.
Computer Forensic Analyst 2, SG-18
Will be proficient in all the duties of a State Police Computer Forensic Analyst 1.
Examine computers and other electronic storage devices submitted as evidence using non-intrusive forensic tools and methods to extract data for analysis.
Analyze data found in electronic devices by using computer forensic utilities and State Police laboratory analytical techniques to parse, locate and extract case relevant data with evidentiary value pursuant to investigative details and search warrant parameters.
Testify in court proceedings regarding casework involving routine laboratory processes such as acquisition, archival and analysis.
Using State Police report writing standards, prepare comprehensive analysis reports to be used in the course of investigations, and to be entered into evidence during court proceedings.
Research industry standards and assist State Police Investigators in developing Standard Operating Procedures for the various stages of computer forensic processes, such as, acquisition, archival, and analysis of data.
Perform other laboratory forensic processes using State Police procedures and industry standards and techniques, such as Secure Erase and Hard Drive Restoration pursuant to judicial requests, such as court orders.
Be willing to participate in a Psychological Wellness Program, which includes a baseline psychological evaluation and which may include MMPI-2RF, Diagnostic Assessment of Post-Traumatic Stress Disorder, a clinical interview and periodic evaluations with a psychologist, to determine suitability for being exposed to images and videos of child sexual exploitation.
Computer Forensic Analyst 3, SG-20
Will be proficient in all the duties of a State Police Computer Forensic Analyst 2.
Provide technical assistance to State Police Investigators during the extraction of multimedia digital evidence from crimes scenes, computer networks and other technical forensic processes in the field.
Testify in court proceedings regarding casework involving advanced laboratory processes in complex cases such as network data acquisitions and advanced data recovery and analysis.
Under the guidance of State Police Investigators in the laboratory and prosecutor’s office, prepare computer and multimedia digital evidence for court presentations. Preparation of court presentations involve the review of case relevant data and conversion into human readable format that may be displayed during court proceedings, whether in digital form or in printable form.
Assist State Police Investigators in the review and preparation of evidentiary material pursuant to Rosario and Discovery court motions. May include the copying of multimedia digital data into media to be released to court recognized experts for the purpose of validation, court presentations and possible legal challenges.
Testify in court regarding analytical processes and resulting findings for a wider range of evidence.
Review the examinations and analyses completed by other State Police Computer Forensic Analysts according to technical peer review guidelines to ensure that quality assurance standards are being met.
Recommend changes in operating procedures, equipment, and personnel based on results of technical peer review.
Assist the lab supervisor in the implementation of hardware, software, as well as modifications to the laboratory equipment and network.
Be willing to participate in a Psychological Wellness Program, which includes a baseline psychological evaluation and which may include MMPI-2RF, Diagnostic Assessment of Post-Traumatic Stress Disorder, a clinical interview and periodic evaluations with a psychologist, to determine suitability for being exposed to images and videos of child sexual exploitation.
Computer Forensic Analyst 4, SG-23
Will be proficient in all the duties of a State Police Computer Forensic Analyst 3.
Analyze complex cases based on State Police investigative and forensic procedures and search warrant parameters.
Document analysis of laboratory findings in comprehensive reports.
Testify in court regarding: the validity of analysis performed by lower-level State Police Computer Forensic Analysts; the processes used when analyzing digital evidence; and the relation of said evidence to the overall investigation.
Advise State Police Investigators of possible alternative methods of analysis that would increase accuracy, efficiency and timeliness.
Perform peer review of technically complex cases and report any unexpected quality control developments that may occur to the lab supervisor.
Analyze the most complex cases, which may involve multiple operating systems and mobile computing devices.
Testify in court proceedings regarding casework in complex cases, which may involve computer networks, multiple operating systems and mobile computing devices.
Administer competency and proficiency tests to all levels of Computer Forensic Analysts to ensure that analysts possess the necessary training and experience to adequately analyze multimedia digital evidence.
Be willing to participate in a Psychological Wellness Program, which includes a baseline psychological evaluation and which may include MMPI-2RF, Diagnostic Assessment of Post-Traumatic Stress Disorder, a clinical interview and periodic evaluations with a psychologist, to determine suitability for being exposed to images and videos of child sexual exploitation.
Minimum and/or Preferred Qualifications:
Computer Forensic Analyst 1, SG-14
Bachelor of Science degree in Computer Forensics, Computer Science, or related field.
OR
Four (4) years of work-related experience in the field of Computer Forensics.
Preference will be given to those candidates who:
Have completed or received verifiable training with digital Forensic tools such as EnCase, Access Data FTK, Cellebrite or industry recognized digital forensic tools.
Computer Forensic Analyst 2, SG-18
Bachelor of Science degree in Computer Forensics, Computer Science, or related field.
OR
Four (4) years of work-related experience in the field of Computer Forensics.
AND
A minimum of twenty-four (24) months of satisfactory experience performing the duties of a State Police Computer Forensic Analyst 1 or its’ equivalent in another computer forensic environment.
Preference will be given to those candidates who:
Possess Digital Forensic certifications such as EnCE, CFCE, ICMDE, CCME or similar certification from Industry Recognized Digital Forensic Tools. Certification may be substituted with a minimum of 64 hours of Digital Forensic training or completion of verifiable training with digital forensic tools such as EnCase, Access Data FTK, Cellebrite or Industry Recognized Digital Forensic Tools.
Computer Forensic Analyst 3, SG-20
Bachelor of Science degree in Computer Forensics, Computer Science, or related field.
OR
Four (4) years of work-related experience in the field of Computer Forensics.
AND
A minimum of twenty-four (24) months of satisfactory experience performing the duties of a State Police Computer Forensic Analyst 2 or its’ equivalent in another computer forensic environment.
AND
Possess Digital Forensic certification such as EnCE, CFCE, ICMDE, CCME or similar certification from Industry Recognized Digital Forensic Tools. Certification may be substituted with a minimum of 128 hours of Computer Forensic training.
AND
Completion of verifiable training with digital Forensic tools such as EnCase, Access Data FTK, Cellebrite or Industry Recognized Digital Forensic Tools.
Preference will be given to those candidates who:
Have gained experience in testimony as an expert witness and have established his/her credentials as an expert in various courts of record.
Computer Forensic Analyst 4, SG-23
Bachelor of Science degree in Computer Forensics, Computer Science, or related field.
OR
Four (4) years of work-related experience in the field of Computer Forensics.
AND
A minimum of twenty-four (24) months of satisfactory experience performing the duties of a State Police Computer Forensic Analyst 3 or its’ equivalent in another computer forensic environment.
AND
Possess Digital Forensic certifications such as EnCE, CFCE, ICMDE, CCME or similar certification from Industry Recognized Digital Forensic Tools.
AND
Completion of verifiable training with digital Forensic tools such as EnCase, Access Data FTK, Cellebrite or Industry Recognized Digital Forensic Tools.
AND
A minimum of 160 hours of verifiable Computer Forensic training.
AND
Significant Computer Forensic casework experience, and experience testifying before a court of law or administrative hearing as a Computer Forensic Analyst.
Preference will be given to those candidates who:
Have completed two (2) years of work-related experience in training and administering proficiency or competency examinations in a Computer Forensic Laboratory or similar work environment.