Advanced Computer Forensic Analyst
The position provides expert advice and technical services to assist in criminal investigations involving computer forensics, electronic media analysis and analytical case support. The analytical support will be for computer forensic case analysis, field response, and law enforcement program support. This position also works with the Internet Crimes Against Children (ICAC) Task Force. This position is the agency’s subject matter expert on computer forensics.
Provide investigative support by organizing and analyzing computerized information in the area of computer crimes.
Receive and handle items of evidence, following procedures, rules of evidence and guidelines of the computer investigation industry.
Conduct field previews of computers and other digital medium.
Use computer forensic analytical tools to prepare reports, document evidence and search submitted computer(s)/digital devices(s) for files that may be useful in supporting criminal charges.
Prepare and discuss with submitting investigator a programming plan to meet case needs and identify areas in need of further investigative follow-up.
Perform duplicate image backup of evidence received to preserve the state of those materials at time of receipt.
Collect, recover and preserve digital images and video recordings from various devices.
Examines boot record data, system configuration, and operation command files.
Examines the contents of a computer’s CMOS.
Prevents the transference of viruses, destructive programs, and inadvertent writes to and from the original media.
Prepare and organize case materials and create court exhibits for potential court testimony.
Attend advanced level training to develop knowledge and skills in the computer forensics analyst process and the application of proper computer forensic analytical methods and techniques.
Prepare lesson plans for basic computer forensic analysis courses to be presented to law enforcement officers and to other Computer Forensic Analysts.
Work as a team with other members of Computer Forensics Unit to gain new skills and develop proficiency.
Restore recoverable deleted or corrupted files when possible.
Attend related training and conferences to expand job skills and assist in the development of professional contacts.
Research computer forensic topics through publications and articles to expand knowledge of computer forensics methods, tools and techniques.
Apply the appropriate analytical methods and techniques to identify and analyze raw information for the purpose of substantiating alleged criminal activity, and/or generating investigative leads.
Gather, receive and analyze information to produce and disseminate products such as Request for Information returns, bulletins, assessments, etc.
Utilize analytical tools to prepare reports and/or create visual products for the purpose of demonstrating trends in suspicious activity and/or mapping of critical infrastructure.
Possess a high level of proficiency with key analytical software programs:
Cellebrite UFED / UFED 4PC
Cellebrite Physical Analyzer
Cellebrite Inspector SW
Cellebrite Digital Collector
Magnet Axiom Digital Investigation Platform
Adobe Photo Shop
GrayKey Forensic Data Extraction Tool
Participate in multi-jurisdictional meetings or attend tactical operations to brief analytical findings and provide situational awareness or a common operating picture for a particular event.
Establish and maintain professional working relationships with staff from various fusion centers, law enforcement and private sector partners; facilitate open communication while exchanging information; sharing ideas pertaining to analytical methods, tools and techniques.
Must be able to develop and teach digital device investigative techniques for newly encountered devices.
Must be able to review, evaluate and prepare written descriptions of sensitive images or videos which may include recordings of crimes such as homicide, sexual assault and Child Sexual Abuse Materials (CSAM) / child pornography.
Must be able to testify in court.
Ability to complete required training.
Possess a valid Wisconsin Driver’s License and operate department vehicles in a safe manner.
Routine maintenance of department equipment.
Perform additional duties as assigned.
Ensure that investigative materials and the chain of evidence is maintained and documented for all criminal and civil procedures.
Provide accurate, concise and timely reports to the proper authorities.
Maintain a clear background to obtain and maintain access to NCIC, CIB and CJIS Information and agency records.
Minimum Qualifications Required
Education and Experience:
Graduation from an accredited college with a degree in Digital Forensics, Criminalistics, Science/Engineering, Computer Information Systems, or a related field. (Certification as a Computer Forensics Examiner is preferred) OR An Associate’s Degree in Digital Forensics, Computer Information Systems, or a related field and 4 years of experience employed as a certified Computer Forensics Examiner.
Highly qualified candidates will have:
A Bachelors or advanced degree in Digital Forensics or a related field and experience as a certified Computer Forensics Examiner.
Licenses and Certifications (preferred but not required):
Basic Cell Phone Investigation Training
Cellebrite Certified Operator, Physical Analyst or Mobile Examiner
Open Text/EnCase Certified Examiner
Certification or specialized training in iOS, Windows and Linux Cloud architecture and security features.
National Computer Forensic Institute Training
iNPUT-ACE Operator & Examiner Certification
Knowledge, Skills & Abilities
Ability to perform chip off examinations on mobile devices and other flash media.
Knowledge of state and federal statutes, laws, and regulations.
Knowledge of court testimony and case preparation.
Knowledge of investigative practices and procedures.
Knowledge of investigative techniques and investigative skills.
Knowledge of computer networking systems and processes.
Ability to prepare clear and accurate written reports.
Ability to communicate orally in a clear manner.
Ability to follow written and oral instructions. Ability to accept responsibility and exercise sound judgment.
Ability to establish and maintain relationships with the public, other governmental agency personnel or peers.
Knowledge of file encryption.
Advanced digital imaging and video recovery knowledge.