Law Enforcement /CounterIntelligence Forensics Analyst
Conducts detailed investigations on computer-based crimes establishing documentary or physical evidence, to include digital media and logs associated with cyber intrusion incidents.
Knowledge of computer networking concepts and protocols, and network security methodologies.
Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
Knowledge of cybersecurity and privacy principles.
Knowledge of cyber threats and vulnerabilities.
Knowledge of specific operational impacts of cybersecurity lapses.
Knowledge of concepts and practices of processing digital forensic data.
Knowledge of data backup and recovery.
Knowledge of incident response and handling methodologies.
Knowledge of operating systems.
Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
Knowledge of server and client operating systems.
Knowledge of server diagnostic tools and fault identification techniques.
Knowledge of Insider Threat investigations, reporting, investigative tools and laws/regulations.
Knowledge of physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).
Knowledge of file system implementations (e.g., New Technology File System [NTFS], File Allocation Table [FAT], File Extension [EXT]).
Knowledge of processes for seizing and preserving digital evidence.
Knowledge of hacking methodologies.
Knowledge of investigative implications of hardware, Operating Systems, and network technologies.
Knowledge of legal governance related to admissibility (e.g. Rules of Evidence).
Knowledge of processes for collecting, packaging, transporting, and storing electronic evidence while maintaining chain of custody.
Knowledge of types and collection of persistent data.
Knowledge of web mail collection, searching/analyzing techniques, tools, and cookies.
Knowledge of which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files.
Knowledge of types of digital forensics data and how to recognize them.
Knowledge of deployable forensics.
Knowledge of security event correlation tools.
Knowledge of electronic evidence law.
Knowledge of legal rules of evidence and court procedure.
Knowledge of system administration, network, and operating system hardening techniques.
Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures.
Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
Knowledge of data carving tools and techniques (e.g., Foremost).
Knowledge of reverse engineering concepts.
Knowledge of anti-forensics tactics, techniques, and procedures.
Knowledge of forensics lab design configuration and support applications (e.g., VMWare, Wireshark).
Knowledge of debugging procedures and tools.
Knowledge of file type abuse by adversaries for anomalous behavior.
Knowledge of malware analysis tools (e.g., Oily Debug, Ida Pro).
Knowledge of malware with virtual machine detection (e.g. virtual aware malware, debugger aware malware, and unpacked malware that looks for VM-related strings in your computer's display device).
Knowledge of data concealment (e.g. encryption algorithms and steganography).
Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
Skill in developing, testing, and implementing network infrastructure contingency and recovery plans.
Skill in performing packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
Skill in preserving evidence integrity according to standard operating procedures or national standards.
Skill in analyzing memory dumps to extract information.
Skill in identifying and extracting data of forensic interest in diverse media (i.e., media forensics).
Skill in identifying, modifying, and manipulating applicable system components within Windows, Unix, or Linux (e.g., passwords, user accounts, files).
Skill in collecting, processing, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or destruction of data.
Skill in setting up a forensic workstation.
Skill in using forensic tool suites (e.g., EnCase, Sleuthkit, FTK).
Skill in using virtual machines. (e.g., Microsoft Hyper-V, VMWare vSphere, Citrix XenDesktop/Server, Amazon Elastic Compute Cloud, etc.).
Skill in physically disassembling PCs.
Skill in conducting forensic analyses in multiple operating system environments (e.g., mobile device systems).
Skill in deep analysis of captured malicious code (e.g., malware forensics).
Skill in using binary analysis tools (e.g., Hexedit, command code xxd, hexdump).
Skill in analyzing anomalous code as malicious or benign.
Skill in analyzing volatile data.
Skill in identifying obfuscation techniques.
Skill in interpreting results of debugger to ascertain tactics, techniques, and procedures.
Ability to decrypt digital data collections.
Ability to examine digital media on multiple operating system platforms.
Develop a plan to investigate alleged crime, violation, or suspicious activity utilizing computers and the Internet.
Establish relationships, if applicable, between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law enforcement agencies, vendors, public relations professionals).
Resolve conflicts in laws, regulations, policies, standards, or procedures.
Analyze incident data for emerging trends.
Perform file and registry monitoring on the running system after identifying intrusion via dynamic analysis.
Acquire and maintain a working knowledge of constitutional issues which arise in relevant laws, regulations, policies, agreements, standards, procedures, or other issuances.
Maintain deployable cyber defense toolkit (e.g., specialized cyber defense software/hardware) to support Incident Response Team mission.
Read, interpret, write, modify, and execute simple scripts (e.g., Perl, VBScript) on Windows and UNIX systems (e.g., those that perform tasks such as: parsing large data files, automating manual tasks, and fetching/processing remote data).
Identify and/or develop reverse engineering tools to enhance capabilities and detect vulnerabilities.
Analyze organizational cyber policy.
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.