DC3 Position Title: Intrusions Digital Forensic Examiner
Alliant II LCAT: SME - Information Technology Project Manager, 284
Task: CFL
Location: DC3, Linthicum Heights, MD
Requirements: BS 8+, MS 6+, PhD 3+
Clearance: TS/SCI
$112,000 - $170.000
Description:
Looking for a Digital Forensic Examiner to analyze electronic media in support of the Defense Cyber Crime Center (DC3) focused on cybersecurity investigations and operations.
Using a wide variety of forensic tools, the Digital Forensic Analyst examines forensic images of servers and clients (physical and virtual) of varying operating systems to determine and extensively report on the presence of malicious activity and artifacts.
- Conducts digital media investigations and operations.
- Examines the hard drives of computers, storage devices, cell phones, PDAs, or any electronic device that may hold evidence that could be used in a court of law.
- Performs forensic analysis of digital information and gathers and handles evidence.
- Performs a variety of forensic and electronic discovery services, including digital evidence preservation, forensic analysis, data recovery, tape recovery, electronic mail extraction, and database examination.
- Uses forensically sound procedures to identify network computer intrusion evidence and identifies perpetrators.
- Employs forensic tools and techniques to support investigation of computer fraud or other electronic crimes, crack files and system passwords, detects steganography and recovers deleted, fragmented, and corrupted data from digital media of all types.
- Observes proper evidence custody and control procedures, documents procedures and findings in a manner suitable for courtroom presentation and prepares comprehensive written notes and reports.
- May be required to testify in federal/military court as expert witnesses.
Qualifications:
• Requires a BA/BS in Computer Science, Forensic Science or related fields with 8-10 years relevant experience; or 6-8 years’ experience with MS/MA; or 3-5 years with PhD.
• At minimum, 5+ years’ experience conducting digital forensics on varying media sources to include; disk images, host-based and/or network logs, physical and virtual disk media within Windows and/or Linux operating system environments.
• Demonstrated experience in the field of digital media forensics using forensics tools such as: EnCase, Forensic Toolkit (FTK), and/or X-Ways.
• Experience identifying and reconstructing malicious activity to distinguish and pattern anomalous events from authorized device usage through logical and/or deleted artifact sources.
• Understanding of common cyber-attack methodologies and exploit techniques in alignment with the cyber kill-chain.
• Ability to research and apply effective indicators of compromise (IOC) to correlate vulnerabilities of known cyber-attack techniques employed during host-based exploitation.
• Familiarity in host-based security log parsing to include Windows Events and/or Linux audit log data sources.
• Experience analyzing and parsing Windows or Linux web service logs via command-line tools and techniques to isolate relevant audited events having been captured.
• Familiarity with client security and/or anti-virus clients’ application logs for threat detections.
• Knowledge and experience of virtual environments and network protocols and topologies.
• Understanding of NTFS and/or ext file systems in respect to their artifact source surface areas.
• Demonstrate and understand how to effectively apply investigative methodology throughout forensic examinations.
• Strong ability to work independently as well as collaboratively as part of a team as required under deadline driven environment.
• Strong writing with experience producing professional report deliverables clearly and concisely articulating relevant forensic analysis findings.
• Strong communicative and professional skills interacting with customers and team members.
• Strong ability to exercise initiative, problem-solving and critical thinking.
• Strong attention to detail required.
• Requires Top Secret/SCI clearance
Desired Skills:
• 5+ years of experience with Windows system administration, to include Windows server and network infrastructure.
• Cloud Forensics experience.
Preferred Additional Skills
• One or more related certifications such as the GIAC, EnCE, CFCE, CCE, CISSP, DOD.
• Knowledge of a programming or scripting language.
• Incident Response experience.
• Mobile iOS and Android device analysis.
