Digital Forensics Examiner (Level III)

Job Description

Job Description

The CI Digital Forensic Examiner is tasked to produce, on average per annum, 48 weekly status reports and 12 final digital forensics reports, while providing expert support to CI Cyber Threat and Technical Analyst requirements.

Responsibilities include but are not limited to:

• Produce 48 weekly status reports and 12 final digital forensics reports, while providing expert support to CI Cyber Threat and Technical Analyst requirements.

• Perform Digital Media Acquisition and Digital Forensic Review of various platforms to include Windows, Linux, and Mac OS based systems using a variety of digital forensic tools.

• Investigate suspected instances of computer, mobile device, and network penetrations.

• Ingest media into an archive, copy media images, and employ advanced media forensics tools during a forensic examination (ENCASE and Windows Forensic Toolkit are two of the many tools used for media forensics).

• Investigate computer viruses and malicious code and prepare, write, and present reports and briefings.

• Provide weekly status updates when conducting forensics

• Provide a written report at the conclusion of each forensics examination. Reports will include, at a minimum, the following information (a template and standard operating procedures will be made available on site to provide additional guidance):

o Case File Number

o Computer Name

o User Name, File Names, etc…

o Background

o Investigation Details

o Status/Disposition

o Recommendations

• Intelligence Information Report (if deemed necessary by government lead)

o Case File Number

o Computer Name

o User Name

o Background

o Investigation Details

o Status/Disposition

• Personnel will support CI Incident Assessments to determine possible foreign intelligence entity involvement with an NGA computer system. In the process of supporting an Incident Assessment, reports must be produced and updated weekly. Reports will include, at a minimum, the following information (a template and standard operating procedures will be made available on site to provide additional guidance):

• Perform in-depth forensics examinations of computers, mobile devices, networks and other electronic and digital devices.

• Possess experience conducting computer forensics analysis within the Department of Defense and/or Intelligence Community.

• Attend periodic CI and law enforcement community cyber investigations awareness briefings.

• Brief CI cyber products and CI cyber service results to senior NGA leadership.

• Collaborate with internal and external Intelligence Community partners to share and gather technical threat information to enhance forensics examinations.

• Integrate information from forensics examinations and compile results into reports as required.

• Prepare and present forensic findings in the form of briefings and/or reports, to government leads and managers as required.

• Participate in Intelligence Community and Department of Defense technical exchange and collaboration meetings as required.

• Produce detailed CI cyber forensics reports as required.

• Provide support to all CI mission functions as required.

• Participate in IC Community and NGA technical meetings and working groups to address issues related to computer security and vulnerabilities.

• Investigate suspected instances of computer, mobile device, and network penetrations.

• Effectively utilize all applications and common analytic software tools (i.e., Word, Excel, PowerPoint, Analyst Notebook).

• Coordinate CI Cyber activities originating from Enterprise Incident Response Events.

• Conduct liaison between CI Office, Insider Threat, Cyber Security Operations Center (CSOC), and other NGA Offices as applicable to conducting the CI Cyber Mission

Minimum Qualifications:

• Shall possess a minimum of 7 years forensic experience in CI or law enforcement investigations

• Gain and maintain a digital forensic examiner certification within six months of assignment. Qualifying certification sources include government, military, and industry.

• Possess or obtain certification to comply with DoD 8570.01-M Information Assurance (IA) requirements within one calendar year of assignment. Shall possess or obtain and maintain IA III certification.

Desired Qualifications:

• Be a credentialed graduate of an accredited federal CI, federal law enforcement, DoD CI, or DoD Law Enforcement training academy (ex. FBI Academy).

• Possess a Bachelor’s degree in a Science, Technology, Engineering or Mathematics discipline.

• Possess and demonstrate knowledge and understanding of foreign adversaries’ security and intelligence services, terrorist organizations, and cyber threats posed to NGA, DoD, and IC partners.

• Possess a DoD Cyber Crimes Investigator certification.

• Experience with the latest forensic technologies such as Access Data Forensic Toolkit (FTK).

• Possess a digital forensic examiner certification. Qualifying certification sources include government, military, and industry.

• Possess ability to coach teammates to achieve objectives.

• Possess ability to monitor and track progress towards achievable measures.

Clearance Requirements:

· Must have a TS/SCI with the ability to pass a CI Poly

Physical Requirements:

• The person in this position must be able to remain in a stationary position 50% of the time. Occasionally move about inside the office to access file cabinets, office machinery, or to communicate with co-workers, management, and customers, via email, phone, and or virtual communication, which may involve delivering presentations.