GENERAL DUTIES:
Conducts digital media investigations and operations.
- Provides computer forensic examination support for the Department of Defense and supporting organizations.
- Receives and maintains the integrity of evidence.
- Inventories, disassembles, and reassembles a variety of hardware devices.
- Conducts imaging and data extraction processes on a variety of media including hard drives, thumb drives, memory cards, gaming devices, and mobile devices to include tablets, cell phones, etc.
- Independently plans, organizes and devises approaches necessary to obtain useful computer forensic information from the evidence submitted, taking into consideration the requirements established by agency regulations, federal law and the Uniformed Code of Military Justice.
- Conducts computer forensic examination processes on a variety of media including hard drives, thumb drives, media/memory cards, gaming devices, mobile devices, [malware, and network or text-based logs] in support of criminal and cyber investigations.
- Creates detailed notes on processes undertaken and develops forensic reports in support of criminal and cyber investigations and prosecution.
- Assists the customer in developing new and innovative forensic processes and procedures. Conducts peer reviews of other examiners’ reporting.
- Provides expert witness testimony in both military and civilian courts regarding the work they have performed.
- Testifies in various court systems as an expert witness, possibly on short notice.
- Travels to various court proceedings worldwide as required.
REQUIRED QUALIFICATIONS:
- Requires a BA/BS in Computer Science, Forensic Science, Cyber Security or related fields with 5-7 years relevant experience; or 3-5 years experience with MS/MA; or 0-2 years with PhD.
- Experience with disassembling and reassembling electronic devices such as computers and associated peripherals.
- Experience with data acquisition/extraction from mobile devices.
- Understanding of hard drive architecture and connection types.
- Understanding of cell phone architecture.
- Experience with forensic media imaging.
- Demonstrated experience in the field of digital media forensics using forensics tools such as: EnCase, Forensic Toolkit (FTK), Xways, dc3dd, Cellebrite UFED, XRY.
- Demonstrated experience in mobile device data extraction and analysis (CELLEX).
- Understanding of cell phone operating systems.
- Understanding of network protocols and networking concepts.
- In-depth experience with file system and memory forensics.
- In-depth experience with registry, Internet history, email, file signature and hash analysis.
- Understanding of steganography and encryption detection and analysis.
- Understanding of managing complex large data set analysis.
- In-depth experience with timeline analysis as it pertains to the types of exam being performed.
- In-depth experience with log analysis to include but not limited to system, web service, firewall and router logs.
- Experience in identifying successful/unsuccessful intrusion attempts and compromises through forensic analysis, allowing reconstruction of events at higher and lower levels.
- In-depth experience with common cyber attacker methodologies and exploit techniques.
- Experience with Static and Dynamic analysis of malicious software.
DESIRED QUALIFICATIONS:
- Familiarization with computer file systems.
- Familiarization with gaming consoles (PlayStation, XBOX etc.)
- Possess hard drive and/or Cell Phone repair skills.
- Ability to reverse engineer binaries of various types including: x86, x64, C, C++, .NET, and Delphi.
- Understanding of x86, ARM, and x64 architectures.
- Capable of Python scripting to automate analysis and reverse engineering tasks.
- In-depth experience with tools used for malware analysis, such as debuggers and disassemblers.
CLEARANCE:
