Under limited supervision, analyzes support requests and determine tools and procedures required to preserve, collect and analyze electronically stored information (ESI) in a forensically sound manner. Performs expert collection, processing, and analysis of collected ESI in accordance with Forensics laboratory and ISO standards; deliver processed data and reports. Perform required reporting and documentation and maintain chain of custody of computer forensics evidence. Capable of independently handling complex, large volume, and previously un-encountered situations and examinations. Guides, assists, and mentors less experienced Computer Forensic Specialists.
Duties and Responsibilities:
Serves as a source of technical counsel and advice for forensic collection and processing activities.
Responsible for planning, organizing, conducting, and directing forensic and non-forensic data collections and processing on Windows-, Linux-, and MAC-based desktop/laptop computer systems, servers to include SQL, Exchange and Files Shares, mobile devices, and related digital storage media.
Responsible for managing digital forensics examinations through the entire lifecycle (case planning, intake, acquisition, examination, presentation and disposition).
Uses knowledge and experience of a wide variety of advanced computer technologies and forensic theories to conduct forensic examinations and complex analysis with the goal of developing forensically sound evidence.
Operates at a senior level, applying industry accepted digital forensics principles in acquiring, collecting, preserving, and processing structured and unstructured data according to established procedures and protocols. Utilizes industry accepted forensic tools such as EnCase, FTK, and NUIX.
Responsible for performing complex, large-scale digital forensic examinations to include collection in a live client-server environment utilizing validated remote forensic software (e.g. EnCase® Enterprise Edition, etc.).
Researches and maintains proficiency in tools, techniques, and trends.
Prepares clear and comprehensive notes and reports of findings. Provides oral and written communications to legal staff concerning results of examinations to include legal declarations as well as testimony at trial.
Acts as a source of reference for junior analysts and possess the ability to lead forensic investigations in the field.
Reviews and approves reports, notes, and case files of junior analysts.
Collaborates with other forensic analysts, law enforcement officers, and legal experts to identify methods and procedures for recovery, preservation, and presentation of computer evidence.
Provides technical guidance and assistance to legal staff while ensuring that proper precautions are taken in the preservation and prevention of spoliation of electronic evidence.
Complies with standards, policies, and procedures established for the forensics laboratory including ASCLD/LAB accreditation requirements, supplements, criteria, and interpretations as it applies to digital evidence.
Performs related work as required.
Bachelor's degree in Digital Forensic Science, Computer Science/Engineering, Computer Information Systems, Mathematics, or a related field and 12 -“ 15 years professional experience with 5 to 8 years current digital forensics collection and processing experience.
Must possess enterprise level experience conducting digital forensics collections and processing across a variety of hardware and software architectures. Performs work at full performance level.
Must possess and maintain 1 non-vendor specific Digital Forensics Certification (e.g., IACIS® Certified Forensic Computer Examiner (CFCE) or ISFCE Certified Computer Examiner (CCE)) and 1 tool-Specific Digital Forensics Certifications (e.g., EnCase® Certified Examiner (EnCE). AccessData Certified Examiner (ACE), or Cellebrite Certified Mobile Examiner (CCME))
Demonstrated expert-level experience in the use of forensic tools (e.g. EnCase® Forensic and Enterprise Editions, Forensic Toolkit®, NUIX Investigator, Cellebrite UFED, Linux based tools, etc.) and be able to articulate, in detail, the processes being conducted by these automated forensic tools.
Demonstrated knowledge of LAN/WAN/MAN network environments.
Demonstrated experience in dead box, live, and hybrid data acquisition methodologies.
Demonstrated experience in the forensic, forensically sound, and non-forensic collection and processing of a wide variety of enterprise e-mail systems (e.g. Exchange, Lotus, etc.), archiving systems, and backup systems.
Demonstrated experience in the forensic, forensically sound, and non-forensic collection and processing of enterprise database systems (e.g. SQL, Oracle, etc.), archiving systems, and backup systems. To include, experience in the design and development of relational databases (e.g. Access, SQL Server, MySQL, etc.) in support of large-scale digital forensic investigations and data-analysis.
Demonstrated experience in the manual reconstruction of a RAID array.
Demonstrated experience in the interpretation, processing and translation of file and operating system artifacts across a variety of platforms.
Demonstrated experience processing of large data volumes.
Demonstrated working knowledge of and ability to apply the Federal Rules of Evidence (FRE) as they apply to electronic evidence as well as demonstrated experience in applying these rules to the framework of an investigation or litigation.
Demonstrated experience testifying and taking testimony in a civil, criminal, regulatory or administrative proceeding.
Demonstrated strong project management skills with the ability to multitask and manage several projects at any given time.
Master's degree in Digital Forensic Science, Computer Science/Engineering, Computer Information Systems, Mathematics, or a related field.
CompTIA„¢ A+, CompTIA„¢ Network+, or CompTIA„¢ Server+ certification
Demonstrated experience in Object-Oriented Programming (e.g. C++, Java, EnScript®, etc.)
Normal demands associated with an office environment; ability to work on computer for long periods and communicate with individuals by telephone, email and face to face.
Agility and coordination in handling equipment and evidence as required. May be required to lift items up to 75 pounds and sit/stand for extended periods of time.
CACI employs a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. Join CACI, where you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. A Fortune magazine World's Most Admired Company in the IT Services industry, CACI is a member of the Fortune 1000 Largest Companies, the Russell 2000 Index, and the S&P SmallCap600 Index. CACI provides dynamic careers for over 20,000 employees worldwide.
CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities.