Responsible for conducting thorough investigations to determine the extent of a breach, how it occurred, and what data or systems may have been compromised. They prepare detailed reports documenting their findings, analysis, and recommendations for remediation or further action. Collaborate with law enforcement agencies to provide evidence and support investigations.
Key Responsibilities:
- Digital Forensic Analysis: Conduct in-depth examinations of digital devices, including computers, servers, mobile devices, and network logs, to identify indicators of compromise (IOCs) and evidence of unauthorized access or malicious activity.
- Evidence Collection and Preservation: Employ forensic methodologies and chain-of-custody protocols to gather and preserve electronic evidence in a forensically sound manner, ensuring its integrity and admissibility in legal proceedings.
- Data Recovery: Utilize specialized tools and techniques to recover deleted files, hidden data, and artifacts from storage devices, aiding in the reconstruction of digital timelines and incident timelines.
- Malware Analysis: Analyze suspicious files and malware specimens to understand their behavior, functionality, and impact on compromised systems, providing insights for threat intelligence and detection improvements.
- Incident Reconstruction: Piece together the sequence of events leading up to and following a security incident, reconstructing digital activities and communications to establish a comprehensive understanding of the incident’s scope and impact.
- Forensic Reporting: Document findings and analysis results in clear, concise forensic reports, detailing the methodology, findings, and conclusions to support incident response efforts, legal proceedings, and management briefings.
- Relevant industry certifications are preferred such as:
- Certified Forensic Computer Examiner (CFCE)
- Certified Cyber Forensics Professional (CCFP)
- Certified Computer Examiner (CCE)
- Certified Forensic Investigation Practitioner (CFIP)
- GIAC Certified Forensic Analyst (GCFA)
- EnCase Certified Examiner (EnCE)
- Certified Digital Forensics Examiner (CDFE)
Tools:
- Disk Imaging and Analysis:
- EnCase Forensic
- FTK Imager
- X-Ways
- Forensics dd (Command-Line Tool)
- Memory Analysis:
- Volatility
- Rekall
- DumpIt
- Mobile Forensics:
- Cellebrite UFED
- Oxygen Forensic
- Detective XRY
- Forensic Analysis Tools:
- Autopsy
- The Sleuth Kit (TSK)
- Volatility
- Network Forensics:
- Wireshark
- NetworkMiner
- tcpdump
- Malware Analysis Tools:
- VirusTotal
- Cuckoo Sandbox
- IDA Pro
- Vulnerability Scanning Tools:
- Nessus
- Qualys
- Rapid7 InsightVM
- Steganography Detection:
- Stegdetect
- Steghide
- OutGuess
Working Conditions: This role may involve occasional on-call duty and availability during non-business hours to respond to emergent forensic investigations.
Job Location: India Remote USA