Digital Forensic Analyst
Position Summary
Conducts forensic analysis of computers and other digital/data storage devices such as smart phones, tablets, storage devices/drives, and cloud computing systems and applications. Works cooperatively with Deputy District Attorneys and other law enforcement professionals during all phases of criminal investigation and prosecution and serves as a technical expert during a variety of court proceedings.Essential Functions/Major Responsibilities
a) Serves as the technical expert who responds to crime scenes in order to manage the proper collection and preservation of digital evidence.
b) Conducts forensic analysis of computers and other digital data storage devices (e.g. smart phones, tablets, flash drives, external hard drives, cloud files, applications, etc.) in order to extract, preserve, and present evidence for use in criminal investigations and prosecutions.
c) Works cooperatively with Deputy District Attorneys and other Analysts during all phases of the criminal investigation and prosecution process.
d) Actively manages the collection and extraction of digital evidence, at both crime scenes and conventional office settings; reports to crime scenes as needed and directed.
e) Works with Deputy District Attorneys to prepare criminal cases for all related court processes pertaining to digital evidence including grand jury hearings, motion hearings, and trials.
f) Provides expert credible testimony in a courtroom setting when required.
g) Trains Analysts/Law Enforcement and Deputy District Attorneys on issues related to digital evidence.
h) Provides technical and functional direction to persons assisting with the collection and preservation of digital evidence.
i) Assists with efforts to develop and maintain digital forensic processes within the County for use in law enforcement and criminal prosecution.
j) Maintains expert mastery of software and hardware associated with forensic analysis of digital evidence.
k) Maintains DA Case Management System and is a liaison between the software companies, the DA’s Office, and County IT.
l) Routine day to day review of digital evidence.Typical Qualifications
EDUCATION/EXPERIENCE/LICENSES/CERTIFICATES REQUIRED:
A Bachelor’s Degree in computer science or related field and one (1) year of prior law enforcement experience to include forensic analysis; OR Five (5) years of law enforcement experience conducting digital forensic analysis OR comparable experience with analysis and possession of related industry certifications such as Certified Computer Examiner (CCE), Certified Forensic Computer Examiner (CFCE), Certified Cyber Forensics Professional (CCFP), or equivalent. Must possess a driver’s license valid in the State of Oregon with an acceptable driving record.
KNOWLEDGE OF:
• Principles, methods, procedures, and operational characteristics of a wide variety of computer systems and digital evidence, including computer equipment, internal computer processes, operating systems, application software, utility programs, storage devices, electronic mail systems, Microsoft Office applications, Apple operating system applications, and intrusion tools;
• Information systems security, network architecture, general database concepts, document management, hardware, and software troubleshooting;
• Computer forensic methodologies, protocols, and tools;
• Accepted methods of digital evidence collection, evidence preservation, and chain of custody issues;
• Oregon criminal laws and procedures, including search and seizure laws; and
• Industry certification requirements (e.g. Guidance Encase Certification; SANS/Global Information Security forensics Examiner/Analyst, IACIS Forensic Examiner, or similar certifications)
SKILLS TO:
• Provide timely, effective, and efficient customer service to citizens, clients, and other employees;
• Research, investigate, evaluate, and develop supportable theories based on digital evidence;
• Establish and maintain credibility with professional contacts, which may include, but are not limited to, Deputy District Attorneys, law enforcement professionals, and court staff including judges;
• Access and operate electronic devices representing multiple platforms, software, and hardware to extract digital forensic data; and
• Interact patiently with individuals who may have little or no technical experience or knowledge of the services provided.
ABILITY TO:
• Participate in formal presentations, conduct formal meetings, and explain technical and complex information;
• Develop procedures and methodologies to accomplish job responsibilities;
• Navigate the World Wide Web to obtain forensic evidence, which may require using investigative skills to find and evaluate obscure resources;
• Provide Deputy District Attorneys with credible, reasoned evaluation of digital forensic evidence sufficient to develop a case;
• Complete assigned duties within required timelines;
• Establish and maintain cooperative working relationships with individuals and groups who come from diverse backgrounds and represent members of the public, coworkers, and/or vendors; and
• Communicate effectively, both orally and in writing.Job Conditions and Physical Demands
JOB CONDITIONS:
Normal working hours. Can be called upon for evening or weekends in emergency situations. Working conditions can be somewhat volatile due to threats or intimations of violence by defendants and some witnesses.
PHYSICAL DEMANDS:
The physical demands are typical of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.