Forensics Analyst Job Profile

Discover more salary details for

What is a Forensics Analyst?

The Forensics Analyst Conducts detailed investigations on computer-based crimes establishing documentary or physical evidence, to include digital media and logs associated with cyber intrusion incidents.

Forensics Analyst must know:

  • computer networking concepts and protocols, and network security methodologies.
  • risk management processes (e.g., methods for assessing and mitigating risk).
  • laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • cybersecurity and privacy principles.
  • cyber threats and vulnerabilities.
  • specific operational impacts of cybersecurity lapses.
  • concepts and practices of processing digital forensic data.
  • data backup and recovery.
  • incident response and handling methodologies.
  • operating systems.
  • system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • server and client operating systems.
  • server diagnostic tools and fault identification techniques.
  • Insider Threat investigations, reporting, investigative tools and laws/regulations.
  • physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).
  • file system implementations (e.g., New Technology File System [NTFS], File
  • Allocation Table [FAT], File Extension [EXT]).
  • processes for seizing and preserving digital evidence.
  • hacking methodologies.
  • investigative implications of hardware, Operating Systems, and network technologies.
  • legal governance related to admissibility (e.g. Rules of Evidence).
  • processes for collecting, packaging, transporting, and storing electronic evidence while maintaining chain of custody.
  • types and collection of persistent data.
  • web mail collection, searching/analyzing techniques, tools, and cookies.
  • which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files.
  • types of digital forensics data and how to recognize them.
  • deployable forensics.
  • security event correlation tools.
  • electronic evidence law.
  • legal rules of evidence and court procedure.
  • system administration, network, and operating system hardening techniques.
  • applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures.
  • network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • data carving tools and techniques (e.g., Foremost).
  • reverse engineering concepts.
  • anti-forensics tactics, techniques, and procedures.
  • forensics lab design configuration and support applications (e.g., VMWare, Wireshark).
  • debugging procedures and tools.
  • file type abuse by adversaries for anomalous behavior.
  • malware analysis tools (e.g., Oily Debug, Ida Pro).
  • malware with virtual machine detection (e.g. virtual aware malware, debugger aware malware, and unpacked malware that looks for VM-related strings in your computer’s display device).
  • data concealment (e.g. encryption algorithms and steganography).
  • Application Security Risks (e.g. Open Web Application Security Project Top 10 list)

Key skills of the Forensics Analyst include:

  • developing, testing, and implementing network infrastructure contingency and recovery plans.
  • performing packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
  • preserving evidence integrity according to standard operating procedures or national standards.
  • analyzing memory dumps to extract information.
  • identifying and extracting data of forensic interest in diverse media (i.e., media forensics).
  • identifying, modifying, and manipulating applicable system components within Windows, Unix, or Linux (e.g., passwords, user accounts, files).
  • collecting, processing, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or destruction of data.
  • setting up a forensic workstation.
  • using forensic tool suites (e.g., EnCase, Sleuthkit, FTK).
  • using virtual machines. (e.g., Microsoft Hyper-V, VMWare vSphere, Citrix XenDesktop/Server, Amazon Elastic Compute Cloud, etc.).
  • physically disassembling PCs.
  • conducting forensic analyses in multiple operating system environments (e.g., mobile device systems).
  • deep analysis of captured malicious code (e.g., malware forensics).
  • using binary analysis tools (e.g., Hexedit, command code xxd, hexdump).
  • one-way hash functions (e.g., Secure Hash Algorithm [SHA], Message Digest Algorithm [MD5]).
  • analyzing anomalous code as malicious or benign.
  • analyzing volatile data.
  • identifying obfuscation techniques.
  • interpreting results of debugger to ascertain tactics, techniques, and procedures.

Forensics Analyst must be able to:

  • decrypt digital data collections.
  • examine digital media on multiple operating system platforms.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel