Cyber Defense Forensics Analyst Job Profile

What is a Cyber Defense Forensics Analyst?

The Cyber Defense Forensics Analyst analyzes digital evidence and investigates computer security incidents to derive useful information in support of system/network vulnerability mitigation.

Professional Certification

Cyber Defense Forensics Analyst must know:

  • computer networking concepts and protocols, and network security methodologies.
  • risk management processes (e.g., methods for assessing and mitigating risk).
  • laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • cybersecurity and privacy principles.
  • cyber threats and vulnerabilities.
  • specific operational impacts of cybersecurity lapses.
  • encryption algorithms
  • data backup and recovery.
  • incident response and handling methodologies.
  • operating systems.
  • system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • server and client operating systems.
  • server diagnostic tools and fault identification techniques.
  • physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).
  • file system implementations (e.g., New Technology File System [NTFS], File Allocation Table [FAT], File Extension [EXT]).
  • processes for seizing and preserving digital evidence.
  • hacking methodologies.
  • investigative implications of hardware, Operating
  • Systems, and network technologies.
  • legal governance related to admissibility (e.g. Rules of Evidence).
  • processes for collecting, packaging, transporting, and storing electronic evidence while maintaining chain of custody.
  • types and collection of persistent data.
  • web mail collection, searching/analyzing techniques, tools, and cookies.
  • which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files.
  • types of digital forensics data and how to recognize them.
  • deployable forensics.
  • security event correlation tools.
  • electronic evidence law.
  • legal rules of evidence and court procedure.
  • system administration, network, and operating system hardening techniques.
  • applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures.
  • network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • data carving tools and techniques (e.g., Foremost).
  • reverse engineering concepts.
  • anti-forensics tactics, techniques, and procedures.
  • forensics lab design configuration and support applications (e.g., VMWare, Wireshark).
  • debugging procedures and tools.
  • file type abuse by adversaries for anomalous behavior.
  • malware analysis tools (e.g., Oily Debug, Ida Pro).
  • malware with virtual machine detection (e.g. virtual aware malware, debugger aware malware, and unpacked malware that looks for VM-related strings in your computer’s display device).
  • system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems.
  • binary analysis.
  • network architecture concepts including topology, protocols, and components.
  • packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
  • concepts and practices of processing digital forensic data.
  • and understanding of operational design.
  • of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)

Key skills of the Cyber Defense Forensics Analyst include:

  • developing, testing, and implementing network infrastructure contingency and recovery plans.
  • preserving evidence integrity according to standard operating procedures or national standards.
  • analyzing memory dumps to extract information.
  • identifying and extracting data of forensic interest in diverse media (i.e., media forensics).
  • identifying, modifying, and manipulating applicable system components within Windows, Unix, or Linux (e.g., passwords, user accounts, files).
  • collecting, processing, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or destruction of data.
  • setting up a forensic workstation.
  • using forensic tool suites (e.g., EnCase, Sleuthkit, FTK).
  • using virtual machines. (e.g., Microsoft Hyper-V, VMWare vSphere, Citrix XenDesktop/Server, Amazon Elastic Compute Cloud, etc.).
  • physically disassembling PCs.
  • conducting forensic analyses in multiple operating system environments (e.g., mobile device systems).
  • deep analysis of captured malicious code (e.g., malware forensics).
  • using binary analysis tools (e.g., Hexedit, command code xxd, hexdump).
  • one-way hash functions (e.g., Secure Hash Algorithm [SHA], Message Digest Algorithm [MD5]).
  • analyzing anomalous code as malicious or benign.
  • analyzing volatile data.
  • identifying obfuscation techniques.
  • interpreting results of debugger to ascertain tactics, techniques, and procedures.
  • analyzing malware.
  • conducting bit-level analysis.
  • processing digital evidence, to include protecting and making legally sound copies of evidence.
  • performing packet-level analysis.
    • Cyber Defense Forensics Analyst must be able to:/strong>

      • decrypt digital data collections.
      • conduct forensic analyses in and for both Windows and Unix/Linux environments.

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?