IT Forensics Specialist Job Description
Job Summary IT Forensics Specialist Job Description
Responsible for conducting forensic IT investigations into fraud, theft, abuse of IT systems, malicious communications, staff harrassment and leaks of confidential information, as directed.
Main responsibilities-IT Forensics Specialist job description
1. Investigative Activities
a) Investigation of IT aided criminal activity and/or incidents amounting to breaches of policiy including: theft, fraud, computer abuse, malicious communications, harassment etc and forensic investigation of security incidents.
b) Provide an effective IT forensic investigation service by conducting examinations of computers and media generated by computers.
c) Responsible for effective management and performance of forensic IT examinations including other associated digital media and devices, in particular those involving high technology internet and IT security cases.
d) Conduct detailed forensic examination of disk images and other hardware peripherals to enable information retrieval, breaking passwords, finding hidden or otherwise "invisible" information on the media to extract evidence of misuse / criminal activity
e) Conduct forensic examinations of (suspected) compromised computers and mobile devices to understand how/if the machines were compromised.
f) Use experience and knowledge of a wide variety of advanced computer technologies and theories to conduct analysis of evidential sources
g) In data recovery cases, determine the most appropriate method of protecting original evidence and recovery of deleted, erased, hidden and encrypted data
h) Engage in proactive and reactive use of investigative tools or the identification of offenders and prevention of crime including the use of covert surveillance techniques
i) Prepare case files, expert reports and evidence for use in court, internal disciplinary hearings or other dispute resolution forums.
j) Management of exhibits, including electronically recorded material in connection with investigations
k) Prioritise case load in accordance with departmental objectives
l) Perform other related duties as required by management to meet the needs of the organisation
m) Ensure that all relevant legislation is adhered to when conducting investigations
Theft Act, Employment Law etc. and Disciplinary Procedure
2. Working with Investigations
a) Work closely with the Investigation Service as required, ensuring a fully joined up approach to any investigation.
b) Prepare reports with sufficient detail and analysis to allow the Investigating Officer to conclude the investigation.
c) Attend meetings/liaise with other departments within the comapany where necessary in support of an investigation, and where directed by the Investigating Officer/Senior Investigating Officer for a given case.
d) Attend meetings/liaise with external organisations, including law enforcement, where directed by the Investigating Officer/Senior Investigating Officer for a given case.
3. Provide an effective liaison with internal departments and external agencies
a) Liaise with service partners, management, human resources and legal as necessary to secure evidence in the pursuit of ongoing investigations.
4. Internal training and supervision
a) Supervise SOC analysts working on forensic investigations and ensure correct procedures are followed.
b) Review reports produced by SOC analysts working on forensic investigations to ensure they meet the standards required, before submitting them to the Investigation Service.
c) Preparation and presentation of in-house staff training for Internet & Forensic investigations alongside day to day advice and guidance on such matters
d) Maintain Forensic process and procedures documentation.
Knowledge, Skills and Experience-IT Forensics Specialist
Considerable forensic IT investigative experience in a Police Force, other law enforcement agency or in a corporate security environment
Good working knowledge of criminal and civil law
Experience in applying knowledge and offering practical advice on their application.
In-depth knowledge and experience of computer crime investigations using various computer forensic software tools to independently conduct comprehensive analysis of all types of forensic platforms, networks and devices.
Knowledge of computer science and relevant guidelines relating to computer evidence recovery as well as procedures for the collection, preservation and presentation of computer evidence, which may have been deleted/erased, fragmented, hidden, or encrypted from data storage devices.
Highly IT literate with knowledge and experience of Excel and the ability to manipulate data
Highly effective inter-personal and communications skills, including the ability to:
-Write clear and concise reports and other professional documentation.
-Communicate effectively and deal appropriately with all levels of staff, both technical and non- technical.
-Establish good working relationships with a broad range of departments and teams across the company
-Work independently, schedule and prioritise own work;
-Work in a team and have a flexible attitude to working, including taking on other non-IT related assignments and occasionally changing working hours to accommodate securing, documenting, and seizing technology evidence.
-Use tact, initiative, sound judgement and discretion
-Demonstrable ability to handle sensitive / confidential information
-Experience of investigating information security related incidents
-Knowledge of programming skills e.g. Python, SQL and Java
-Working knowledge of Splunk and/or NUIX
-Knowledge of the latest computer hardware and software technology, which impact upon computer related investigations
-Demonstrable ability to evaluate and maintain hardware and software necessary for the performance of computer related investigations
-Experience giving evidence in court, disciplinary hearings and/or provide written statements when and where required
-Experience supervising and training more junior forensics staff