Skip navigation

Digital Forensics Analysts - 15-1299.06

O*NET-SOC Description

Conduct investigations on computer-based crimes establishing documentary or physical evidence, such as digital media and logs associated with cyber intrusion incidents. Analyze digital evidence and investigate computer security incidents to derive information in support of system and network vulnerability mitigation. Preserve and present computer-related evidence in support of criminal, fraud, counterintelligence, or law enforcement investigations.

Sample of Reported Job Titles

No information available.

SOC Occupation Groups

Related Occupations


  • Adhere to legal policies and procedures related to handling digital media.
  • Analyze log files or other digital information to identify the perpetrators of network intrusions.
  • Conduct predictive or reactive analyses on security measures to support cyber security initiatives.
  • Create system images or capture network settings from information technology environments to preserve as evidence.
  • Develop plans for investigating alleged computer crimes, violations, or suspicious activity.
  • Develop policies or requirements for data collection, processing, or reporting.
  • Duplicate digital evidence to use for data recovery and analysis procedures.
  • Identify or develop reverse-engineering tools to improve system capabilities or detect vulnerabilities.
  • Maintain cyber defense software or hardware to support responses to cyber incidents.
  • Maintain knowledge of laws, regulations, policies or other issuances pertaining to digital forensics or information privacy.
  • Perform file signature analysis to verify files on storage media or discover potential hidden files.
  • Perform forensic investigations of operating or file systems.
  • Perform web service network traffic analysis or waveform analysis to detect anomalies, such as unusual events or trends.
  • Preserve and maintain digital forensic evidence for analysis.
  • Recommend cyber defense software or hardware to support responses to cyber incidents.
  • Recover data or decrypt seized data.
  • Write and execute scripts to automate tasks, such as parsing large data files.
  • Write cyber defense recommendations, reports, or white papers using research or experience.
  • Write reports, sign affidavits, or give depositions for legal proceedings.
  • Write technical summaries to report findings.

Detailed Work Activities

  • Analyze security of systems, network, or data.
  • Analyze traffic data.
  • Compile technical information or documentation.
  • Develop technical methods or processes.
  • Enter codes or other information into computers.
  • Establish operational policies.
  • Examine records or other types of data to investigate criminal activities.
  • Identify information technology project resource requirements.
  • Maintain computer equipment or software.
  • Maintain knowledge of laws or regulations.
  • Maintain records, documents, or other files.
  • Monitor the security of digital information.
  • Plan production or operational procedures or sequences.
  • Provide recommendations to others about computer hardware.
  • Recommend changes to improve computer or information systems.
  • Record images needed to address work issues.
  • Testify at legal or legislative proceedings.
  • Translate information for others.
  • Write computer programming code.
  • Write reports or evaluations.

Military Crosswalk Titles

  • Access Network Operator (Navy - Enlisted)
  • ADP Systems Security Officer (Navy - Commissioned or Warrant Officer)
  • AOC Information Operations Team Member (Navy - Commissioned Officer only)
  • Basic Offensive Cyber Operator (Navy - Enlisted)
  • Communication Security Manager (Navy - Enlisted)
  • Communications Officer (Marine Corps - Commissioned Officer only)
  • Computer Network Capability Development (Navy - Commissioned or Warrant Officer)
  • Computer Network Operations (Navy - Commissioned or Warrant Officer)
  • Cryptologic Cyberspace Analyst (Marine Corps - Enlisted)
  • Cryptologic Technicians (Collection) (Navy - Enlisted)
  • Cyber Capabilities Development Officer (Army - Commissioned Officer only)
  • Cyber Defense Analyst (CDA) - Network (Navy - Enlisted)
  • Cyber Defense Analyst (Navy - Enlisted)
  • Cyber Defense Analyst – Host (CDA-Host) (Navy - Enlisted)
  • Cyber Defense Forensics Analyst (Navy - Enlisted)
  • Cyber Defense Incident Responder (Navy - Enlisted)
  • Cyber Defense Operations Manager (Air Force - Enlisted)
  • Cyber Intelligence (Air Force - Enlisted)
  • Cyber Intelligence Apprentice, Analyst (Air Force - Enlisted)
  • Cyber Intelligence Craftsman (Air Force - Enlisted)
  • Cyber Intelligence Craftsman, Analyst (Air Force - Enlisted)
  • Cyber Intelligence Helper (Air Force - Enlisted)
  • Cyber Intelligence Helper, Analyst (Air Force - Enlisted)
  • Cyber Intelligence Journeyman, Analyst (Air Force - Enlisted)
  • Cyber Network Defender (Army - Enlisted)
  • Cyber Network Defense Infrastructure Specialist (CNDIS) (Navy - Enlisted)
  • Cyber Network Operations Officer (Marine Corps - Commissioned Officer only)
  • Cyber RandD Specialist (Navy - Enlisted)
  • Cyber Research and Development Specialist (Navy - Enlisted)
  • Cyber Threat Emulation Operator (CTEO) (Navy - Enlisted)
  • Cyber Warfare Operations (Air Force - Enlisted)
  • Cyber Warfare Operations Manager (Air Force - Enlisted)
  • Cyber Warfare Operations Superintendent (Air Force - Enlisted)
  • Cyber Warfare Technician (Navy - Enlisted)
  • Cyberspace and Electromagnetic Activities (CEMA) Senior Sergeant (CEMA Sr SGT) (Army - Enlisted)
  • Cyberspace Defense Warrant Officer (Army - Warrant Officer only)
  • Cyberspace Warfare Chief (Marine Corps - Enlisted)
  • Cyberspace Warfare Operator (Marine Corps - Enlisted)
  • Defensive Cyberspace Warfare Officer (Marine Corps - Warrant Officer only)
  • Enlisted Frequency Manager (Navy - Enlisted)
  • Host Analyst (Marine Corps - Enlisted)
  • Information Operations Specialist (Marine Corps - Enlisted)
  • Information Systems Technician (Navy - Enlisted)
  • Information Systems Technician Submarines (Navy - Enlisted)
  • Information Technology Manager Submarines (Navy - Enlisted)
  • Intelligence Tactics Instructor (Marine Corps - Commissioned or Warrant Officer)
  • Interactive Operator (Navy - Enlisted)
  • Marine Air Ground Task Force (MAGTF) Communications Planner (Marine Corps - Commissioned Officer only)
  • Navy Interactive On-Net (ION) Operator (Networks) (Navy - Enlisted)
  • Navy Interactive On-Net (ION) Operator (Unix) (Navy - Enlisted)
  • Navy Interactive On-Net (ION) Operator (Windows) (Navy - Enlisted)
  • Navy Interactive On-Net Operator (Navy - Enlisted)
  • Network Analyst (Marine Corps - Enlisted)
  • Network Systems Engineering (Army - Commissioned Officer only)
  • RL - Special Duty Officer - Cyber Warfare Engineer (Navy - Commissioned Officer only)
  • Signals Analyst (Navy - Enlisted)
  • Signals Intelligence/Electromagnetic Warfare Chief (Marine Corps - Enlisted)
  • Signals Intelligence/Electromagnetic Warfare Technician (Marine Corps - Enlisted)
  • Special Investigations (Air Force - Commissioned Officer only)
  • Special Investigations (Air Force - Enlisted)
  • Special Investigations Craftsman (Air Force - Enlisted)
  • Special Investigations Helper (Air Force - Enlisted)
  • Special Investigations Journeyman (Air Force - Enlisted)
  • Special Investigations Superintendent (Air Force - Enlisted)
  • Technical Surveillance Countermeasures (TSCM) Specialist (Marine Corps - Enlisted)
  • Vulnerability Assessment Analyst (Navy - Enlisted)

Apprenticeship Crosswalk Titles

  • Cyber Digital Forensics Analyst

DOT Crosswalk Titles

No information available.