JOB TITLE: Computer Forensic Examiner
LOCATION: San Ramon, CA-94583
TYPE OF HIRE: Contract 6+ Months
JOB CODE: BHCAITE13662
PAY RATE: $30\Hr. to $35/Hr. on W2
-Contractor has been engaged to provide an on-site IT forensics consultant resource, more specifically a Subject Matter Expert (“SME”) - Level 3.
-Expected responsibilities for the SME Level 3 consist of the following:
-Visit to client site(s) as directed by Company.
-Collection of data using forensic technology methods in accordance with evidence handling procedures, including collection of hard copy and electronic documents.
-Maintenance of an audit trail (i.e., chain of custody) and/or evidence of integrity.
-Receive data from Company and use approved tools and methods (e.g., EnCase Enterprise and Company methodology) with the assistance of Company resources to analyze data based on keywords.
-Liaison with Company field IT resources as needed.
DATA EXAM AND EVALUATION:
-Examination of data obtained via forensic data capture process.
-Identification of data, images and/or activity which may be the target of an internal investigation.
-Detailed evaluation of the data and any evidence of activity in order to analyze the full circumstances and implications of the event.
-Process mapping of events or transactions in order to understand any remedy that may be required to restore systems integrity.
-Support for process design to prevent and detect reoccurrence.
-Control recommendations and support for remediation activities.
-Provision of threat intelligence and key learning points to support pro-active profiling and scenario modeling.
-Provide technical and evidential support for disciplinary interviews, dispute resolution, legal action and recovery activity.
-Summarize information obtained in interviews and from hard copy documents.
-Keyword searches including using target words or phrases advised by Company.
-Searches of unallocated space to identify previous activity.
-Searches of file slack space where PC type technologies are employed.
-File MAC times (Modified, Accessed, and Create dates and times) as evidence of access and event sequences.
-File type vs. file header information.
-A review of e-mail communications; including web mail and Internet Instant Messaging programs.
-Where applicable, internet browsing history and a list of password protected and password cracked files.
-Review for indicators of massive deletion of files or data destruction (disk wipe, etc.).
-Generate reports which detail the approach and an audit trail which documents actions taken in order to support the integrity of the internal investigation process.