Skip navigation

Digital Forensics Analysts - 15-1299.06

O*NET-SOC Description

Conduct investigations on computer-based crimes establishing documentary or physical evidence, such as digital media and logs associated with cyber intrusion incidents. Analyze digital evidence and investigate computer security incidents to derive information in support of system and network vulnerability mitigation. Preserve and present computer-related evidence in support of criminal, fraud, counterintelligence, or law enforcement investigations.

Sample of Reported Job Titles

No information available.

SOC Occupation Groups

Related Occupations

No information available.

Tasks

  • Adhere to legal policies and procedures related to handling digital media.
  • Analyze log files or other digital information to identify the perpetrators of network intrusions.
  • Conduct predictive or reactive analyses on security measures to support cyber security initiatives.
  • Create system images or capture network settings from information technology environments to preserve as evidence.
  • Develop plans for investigating alleged computer crimes, violations, or suspicious activity.
  • Develop policies or requirements for data collection, processing, or reporting.
  • Duplicate digital evidence to use for data recovery and analysis procedures.
  • Identify or develop reverse-engineering tools to improve system capabilities or detect vulnerabilities.
  • Maintain cyber defense software or hardware to support responses to cyber incidents.
  • Maintain knowledge of laws, regulations, policies or other issuances pertaining to digital forensics or information privacy.
  • Perform file signature analysis to verify files on storage media or discover potential hidden files.
  • Perform forensic investigations of operating or file systems.
  • Perform web service network traffic analysis or waveform analysis to detect anomalies, such as unusual events or trends.
  • Preserve and maintain digital forensic evidence for analysis.
  • Recommend cyber defense software or hardware to support responses to cyber incidents.
  • Recover data or decrypt seized data.
  • Write and execute scripts to automate tasks, such as parsing large data files.
  • Write cyber defense recommendations, reports, or white papers using research or experience.
  • Write reports, sign affidavits, or give depositions for legal proceedings.
  • Write technical summaries to report findings.

Detailed Work Activities

  • Analyze security of systems, network, or data.
  • Analyze traffic data.
  • Compile technical information or documentation.
  • Develop technical methods or processes.
  • Enter codes or other information into computers.
  • Establish operational policies.
  • Examine records or other types of data to investigate criminal activities.
  • Identify information technology project resource requirements.
  • Maintain computer equipment or software.
  • Maintain knowledge of laws or regulations.
  • Maintain records, documents, or other files.
  • Monitor the security of digital information.
  • Plan production or operational procedures or sequences.
  • Provide recommendations to others about computer hardware.
  • Recommend changes to improve computer or information systems.
  • Record images needed to address work issues.
  • Testify at legal or legislative proceedings.
  • Translate information for others.
  • Write computer programming code.
  • Write reports or evaluations.

Military Crosswalk Titles

No information available.

Apprenticeship Crosswalk Titles

No information available.

DOT Crosswalk Titles

No information available.