May direct and oversee the investigation of criminal and civil legal issues using information derived from forensic analysis of digital media. Provides computer forensic and intrusion support to high technology investigations in the form of computer evidence seizure, computer forensic analysis, data recovery and network assessments.
· May supervise a team of digital forensic analysts.
· Case assignment, case management, scene management, and other similar duties of a first line supervisor.
· Operates at a senior level, applying industry accepted digital forensics principles in acquiring, collecting, preserving, and processing structured and unstructured data per established procedures and protocols.
· Provides forensic data acquisition; non-forensic collection/capture of electronically stored information (ESI) from various file structures and sources; full forensic examination/analysis; data recovery, and seizure of Windows- and MAC-based desktop/laptop computer systems, servers to include Exchange and Files Shares, mobile devices, and related digital storage media; documentation and reporting; and expert witness testimony for investigations and litigations.
· As a digital forensics expert, serves as a source of technical counsel and advice for forensic collection/processing activities.
· Responsible for managing digital forensics examinations through the entire lifecycle (case planning, intake, acquisition, examination, presentation and disposition).
· Uses knowledge and experience of a wide variety of advanced computer technologies and forensic theories to conduct forensic examinations and analysis with the goal of developing forensically sound evidence.
· Utilizes industry accepted forensic tools such as EnCase, FTK, and NUIX.
· Responsible for performing large-scale digital forensic examinations to include collection in a live client-server environment utilizing validated remote forensic software such as EnCase® Enterprise Edition.
· Researches and maintains proficiency in tools, techniques, and trends.
· Prepares clear and comprehensive notes and reports of findings.
· Provides oral and written communications to legal staff concerning results of examinations to include legal declarations as well as testimony at trial.
· Acts as a source of reference for junior analysts and possesses the ability to lead forensic investigations in the field.
· Reviews and approves reports, notes, and case files of junior analysts.
· Collaborates with other forensic analysts, law enforcement officers, and legal experts to identify methods and procedures for recovery, preservation, and presentation of computer evidence.
· Provides technical guidance and assistance to legal staff while ensuring that proper precautions are taken in the preservation and prevention of spoliation of electronic evidence.
· Complies with standards, policies, and procedures established for the forensics laboratory including accreditation requirements, supplements, criteria, and interpretations as it applies to digital evidence.
EDUCATION & EXPERIENCE:
· An Undergraduate degree in Digital Forensic Science, Computer Science/Engineering, Computer Information Systems, Mathematics, or a related field and 7 to 9 years' current digital forensics collection and processing experience is required. 10-12 years current, active digital forensics experience may be accepted in lieu of degree.
· Must possess extensive enterprise level experience conducting digital forensics collections and processing across a variety of hardware and software architectures.
· Must possess and maintain the following certifications: CompTIA„¢ A+; CompTIA„¢ Network+ or CompTIA„¢ Server+ or similar hardware and network specific certification; IACIS® Certified Forensic Computer Examiner (CFCE) or ISFCE Certified Computer Examiner (CCE) or similar non-vendor specific certification; and EnCase® Certified Examiner (EnCE), AccessData Certified Examiner (ACE) or similar vendor specific certifications.
· Must have demonstrated senior-level experience in the use of industry standard forensic tools such as EnCase® Forensic and Enterprise Editions, Forensic Toolkit®, NUIX Investigator, etc. and be able to articulate the processes being conducted by these automated forensic tools.
· Must have demonstrated knowledge of LAN/WAN/MAN network environments.
· Must have demonstrated experience in dead box, live and hybrid data acquisition methodologies.
· Must have demonstrated experience in the forensic, forensically sound, and non-forensic collection and processing of a wide variety of enterprise e-mail systems such as Exchange, Lotus, etc., archiving systems, and backup systems.
· Must have demonstrated experience in the manual reconstruction of a RAID array.
· Must have demonstrated experience in the processing of large data volumes.
· Must have demonstrated working knowledge of and ability to apply the Federal Rules of Evidence (FRE) as they apply to electronic evidence as well as demonstrated experience in applying these rules to the framework of an investigation or litigation.
· Must have demonstrated experience testifying and taking testimony in a civil, criminal, regulatory or administrative proceeding. Declarations, affidavits, or other types of written testimony may be accepted in lieu of oral testimony.
· Must have demonstrated strong project management skills with the ability to multitask and manage several projects at one time.
· A Master's degree in Digital Forensic Science, Computer Science/Engineering, Computer Information Systems, Mathematics, or a related field is preferred.
Agility and coordination in handling equipment and evidence as required by laboratory protocol. May be required to lift items up to 75 pounds
CACI is an Equal Opportunity Employer: Females / Minorities / Individuals with Disabilities / Protected Veterans.