|
Commonwealth of Pennsylvania |
|
|
POSITION DESCRIPTION FOR JOB POSTING |
|
|
Position Number: 50694190 |
Description Activated On: 3/8/2024 11:48:44 AM |
Position Purpose: Describe the primary purpose of this position and how it contributes to the organization’s objectives. Example: Provides clerical and office support within the Division to ensure its operations are conducted efficiently and effectively. Performs digital forensic analysis of computer-related evidence seized by law enforcement officers. Work involves advanced analysis of casework that includes examining various operating and file system environments and network communications found in diverse technology; recovering deleted, encrypted, and damaged file information; and providing expert testimony at court proceedings. |
|
Description of Duties: Describe in detail the duties and responsibilities assigned to this position. Descriptions should include the major end result of the task. Example: Types correspondence, reports, and other various documents from handwritten drafts for review and signature of the supervisor. 60% Receives computer and electronic equipment (e.g. computer towers, laptops, tablets, smartphones, routers, servers, printers, external hard drives, digital media players, GPSs, thumb drives) seized as part of a criminal investigation. Under the direct supervision of a technical superior, conducts examinations of digital equipment and media to include preserving original evidence and producing an image for analysis purposes, connecting to and accessing systems, and using various specialized forensic tools and techniques to identify and gather case-pertinent electronic data. Receives instruction in the tools and techniques used in the forensic discipline, conducts examinations on the less complex casework, and assists experienced examiners with technically complex casework (e.g. deleted/corrupt files, password protected and encrypted files, hidden data, tracing network communications, hacking, damaged evidence, varied/rare operating systems and equipment). Participates in identifying and securing forensic acquisition and analysis equipment which may be unique to particular evidence. Interacts with criminal investigators regarding evidence to be examined and the results of analysis. Maintains evidence chain of custody. Prepares general investigation reports documenting evidentiary analysis and findings. 20% Receives classroom and practical training and pursues necessary computer investigation certifications in data recovery and analysis, various operating systems, various network and wireless communication devices, testifying in court, and related topics. Conducts research, through a variety of means, in order to acquire knowledge needed to access electronic evidence from unfamiliar digital equipment, software systems, and media encountered during investigations. 5% Accompanies and assists investigators in field investigations. Participates in determining which equipment should be seized and how it should be field-examined. Participates in disconnecting/collecting equipment while maintaining its integrity and establishing an evidentiary chain of custody. 5% Participates in providing network support used by Computer Crimes examiners. This includes assisting with user accounts, security updates and service patching as required; maintaining and upgrading undercover internet service provider network utilized by analysts and investigators to conduct online investigations; maintaining and servicing networking equipment including switched Ethernet, ATM and packet switching; installing network operating systems on infrastructure devices; and installing, configuring, and managing routers, switches, and other components. 5% Testifies, when required, on digital evidence, the procedures used to obtain the evidence, and the findings of digital forensic examinations. Assists in court preparation of evidence and media used during prosecution. 5% Perform other related work as required. Requirements Profile: 1. Certified Forensic Computer Examiner (obtained within one year from starting the certification process with the International Association of Computer Investigative Specialists.) |
Decision Making: Describe the types of decisions made by the incumbent of this position and the types of decisions referred to others. Identify the problems or issues that can be resolved at the level of this position, versus those that must be referred to the supervisor. Example: In response to a customer inquiry, this work involves researching the status of an activity and preparing a formal response for the supervisor’s signature. In response to an investigator’s request, the incumbent locates and extracts relevant data from digital equipment that serves as evidence in ongoing criminal investigations. After preparing General Investigation Reports, which document the analysis of all evidence discovered and retrieved from electronic devices or media, the incumbent forwards the reports to the supervisor for their review prior to sharing the findings with the assigned investigator. Work is performed with increasing independence as experience is gained. |
||||||||||||||||||||
Requirements Profile: Identify any specific experience or requirements, such as a licensure, registration, or certification, which may be necessary to perform the functions of the position. Position-specific requirements should be consistent with a Special Requirement or other criteria identified in the classification specification covering this position. Example: Experience using Java; Professional Engineer License Experience: Licenses, registrations, or certifications: 1. OTHER 2. N/A 3. N/A 4. N/A 5. N/A 6. N/A |
||||||||||||||||||||
Essential Functions: Provide a list of essential functions for this position. Example: Transports boxes weighing up to 60 pounds.
|