Job Code Pay Scale Group Pay Scale Type Bargaining Unit Civil Service or Non-Civil Service Last Executive Board Change Executive Board Change History
01508 08 ST B4 C 816-03 05/10/2023

JOB TITLE: DIGITAL FORENSIC EXAMINER 1

JOB CODE: 01508

SERIES NATURE OF WORK: The Digital Forensic Examiner job series describes work in the forensic analysis of digital evidence gathered by law enforcement authorities as part of a criminal investigation.

DEFINITION: This is beginning level technical work in the acquisition, examination, and analysis of digital criminal evidence within the Pennsylvania State Police (PSP).

An employee in this job participates in training and casework designed to develop proficiency in analyzing computer-related evidence for law enforcement’s use in investigating criminal activity. Training-related work involves receiving instruction in operating and file system environments used by diverse and modern technology, forensic techniques applicable to the technology and scope of investigation, preparing analytical reports associated with evidence processed, maintaining evidence chain of custody, and delivering testimony. Casework involves applying digital forensic techniques to the acquisition and examination of electronic evidence that is limited in variety and scope. Employees will examine various operating systems and technology for file information that is extracted using standardized techniques. Work is performed with increasing independence under the guidance of a State Police sworn officer and is reviewed in progress and upon completion for quality, effectiveness of results, and compliance with policies and guidelines.

EXAMPLES OF WORK: (NOTE: The examples of work are representative of the work, but every position classified to this job may not perform all examples of work listed. Conversely, this is not an all-inclusive list of work examples.)

• Performs routine forensic analysis of casework that involves limited types of digital evidence, standardized examination techniques, and extraction of data.

• Preserves original evidence while producing and validating a working copy.

• Disassembles, reassembles, connects to, and accesses cellular phones and common personal computing devices such as personal computers, laptops, and tablets.

• Examines computer files from common operating systems, identifies data, and performs extraction methods to gather digital evidence.

• Preserves and handles evidence and documents evidence chain of custody.

• Presents evidence in a readable format and prepares reports of analysis and findings that are compliant with laboratory policies and the laws governing the admissibility of evidence in court.

• Assists higher-level staff in installing, configuring, and maintaining hardware and software required for the forensic acquisition and examination of digital evidence.

• Receives training in forensic techniques associated with physical extraction, examination, preservation, and handling of digital evidence stored within diverse and modern technology.

• Receives training in courtroom procedures, courtroom demeanor, and delivering testimony, and participates in mock trials.

• Attends and participates in structured computer forensic certification and professional development programs.

• Travels to crime scenes to observe and participate in the identification, collection, preview, and security of digital evidence.

• Operates motor vehicles.

• Performs related work as required.

ENTRY LEVEL KNOWLEDGES, SKILLS, AND ABILITIES:

• Knowledge of the principles and practices of network communications.

• Knowledge of the functions and capabilities of network hardware and software in a networked environment.

• Knowledge of the processes and procedures involved in installing, configuring, and testing hardware and software on workstations, peripherals, and software in a networked environment.

• Knowledge of information technology security practices.

• Knowledge of the component parts of personal computers, peripherals, mobile devices, and their associated functionality.

• Knowledge of the use and functionality of Microsoft Office Suite software.

• Ability to operate motor vehicles.

• Ability to identify the functionality of various operating systems.

• Ability to analyze and interpret computer file systems and partitioning schemes.

• Ability to prepare reports of analysis and findings.

• Ability to analyze and interpret written information and numerical data.

• Ability to establish and maintain effective working relationships.

• Ability to communicate effectively orally.

• Ability to communicate effectively in writing.

MINIMUM EXPERIENCE AND TRAINING: (NOTE: Based on the Entry Level Knowledges, Skills, and Abilities):

• A bachelor’s degree in digital forensics, cyber forensics, forensic science, computer science or any information technology field that includes 3 college credits in computer networking and 3 college credits in information technology security, network security, or cyber security;

or

• An equivalent combination of experience and training that includes 3 college credits in computer networking and 3 college credits in information technology security, network security, or cybersecurity.

SPECIAL REQUIREMENTS:

• All positions require possession of an active motor vehicle license.