Job Duties
Required Skills:
- Serves as a Cyber Forensics Analyst responsible for conducting detailed digital forensics, host-based analysis, including imaging, digital media processing, and memory capture and data log analysis. Locates and identifies digital evidence.
- Extracts and carves files from collected evidence.
- Analyzes intrusion techniques and tradecraft. Assists in root cause and attribution analysis.
- Identifies, collects, and analyzes relevant host-based artifacts.
- Maintains cyber hygiene of forensic media and analysis environment.
- Supports chain of custody throughout incident lifecycle.
- Configures and utilizes virtualized and/or forensics computer system environments.
- Create and maintain chain-of-custody documentation throughout incident response.
- Perform forensically sound evidence collection and analysis.
- Provide technical summary of findings in accordance with established reporting procedures.
- Knowledge of host communications to include common ports, default services of common operating systems.
- Collect and review artifacts (such as media, live system memory, images, equipment, network traffic, logs, or software).
- Conduct initial analysis of log files, evidence, and other information.
- Perform file system forensic analysis to include recovery of hidden and deleted content such as pagefiles, volume shadow copies, or unallocated space.
- Utilize appropriate tools to decrypt seized data from sources such as full disk encryption and collected malware.
- Carve data using manual and techniques for tools such as Forensic Tool Kit (FTK), EnCase, and other open-source tools and scripts.
- Generate, research, and identify content based on file hashes.
- Search and analyze Windows registry-related content.
- Perform forensic incident handling tasks (such as forensic collections, host analysis, intrusion correlation and tracking, threat analysis, and direct system remediation) as part of flyaway Incident Response Teams (IRTs).
- Perform file signature and timeline forensics analysis.
- Recognize obfuscation and encryption detection techniques along with and understands applicable decoding methods to advance evidence processing during analysis.
- Possess knowledge of data carving tools and techniques to include restoring deleted artifacts from unallocated disk storage and from system memory (RAM).
- Detect anti-forensics techniques and tactics.
Required Skills:
- US Citizens Only
- Active TS/SCI Clearance and Polygraph required
- Minimum of Two (2) years of demonstrated experience as a Cyber Forensics Analyst in programs of similar scope, type and complexity is required.
- Two (2) years of demonstrated experience using at least two forensic tool suites similar to EnCase, Sleuthkit, FTK, X-WAYS, REKALL, or Axiom.
- Three (3) years of demonstrated experience working on Windows and Linux operating systems as a Systems administrator or in Software Development and Information Technology Systems (DevOps).
- Requires DoD 8570 compliance with CSSP Analyst baseline certification, Information Assurance Technical (IAT) Level I or Level II certification, and Computing Environment (CE) certification. The CE certification requirements can be fulfilled with either Microsoft OS, Cent OS/Red Hat OS CE certifications.
- Requires Global Information Assurance Certification Forensic Analyst (GCFA) or Global Information Assurance Certification Forensic Examiner (GCFE).