Digital Forensic Investigator

Role: Digital Forensic Investigator
Location: Near M4 Junction 12
Salary: £34,317 – £40,410 per annum depending on knowledge and experience, plus 5% on call

An exciting opportunity for a skilled Digital Forensic Investigator has opened within the Counter Terrorism Policing South East’s Digital Investigations team.

The role will be varied, often fast paced and challenging. The responsibilities include, but are not limited to:

• Conduct of detailed digital forensic examinations in connection with sensitive ongoing Counter Terrorism investigations.
• Attendance at search warrants to assist in the seizure and ‘live’ examination of a wide range of digital devices and capture or recovery of data from the internet and Cloud based services.
• Production of technical reports and statements in support of investigations.
• Liaison with multiple Counter Terrorism Policing teams, presenting and explaining your findings and any relevant information and intelligence to appropriate persons and departments.
• Preparation and presentation of evidential material in court.

Technical Abilities:

Successful applicants will have proven experience in digital forensic work and/or relevant computing qualifications (e.g. a Computer Forensics degree or Computer Science equivalent).

Applicants should be able to demonstrate their technical abilities which will include knowledge of:

• Internet
• Networking
• Computer Hardware and Software
• PC architecture
• Operating systems
• Principles of data storage
• An understanding of ISO 17025 quality standards and how they affect the role.

This unique role will offer the successful candidate fantastic opportunities to learn and develop skills in a truly specialist environment. The successful candidate will undergo comprehensive training based on the national Counter Terrorism Policing Digital Training Pathway and will have the opportunity to learn additional advanced examination skills such as chip removal; mobile device repair and network investigation. In addition, the successful candidate will undergo training in CBRN (Chemical, Biological, Radiological and Nuclear defence).

Please note that this role is part of a national, regional and local network and as a result you may be required to travel for business purposes mainly across the south east region and occasionally throughout the UK. Therefore, the successful candidate will require a full UK driving licence.

Due to the nature of our work, security is of paramount importance to us and therefore it will be necessary to pass and maintain vetting level SC. In order to achieve this, you must be a British National andhave resided in the UK for the past five years. Exemptions apply for overseas or other diplomatic service (with HM Government), and studying abroad.

Responsibilities

• Working to ISO 17025 standards conduct forensic digital examinations of seized computers, mobile phones and other electronic devices using appropriate processes, methodologies, tools and techniques, in accordance with ACPO guidance and court approved investigative techniques. Assess all immediately available electronic evidence, conduct risk assessments, assess the factors likely to impact on the investigations and check the necessary authorisations. Ensure all submitted items are under necessary authorisation and that exhibit continuity/management procedures are adhered to. This includes the retention and recording of all material for use as part of the investigative process.
• Support investigations and prosecutions by providing written and oral evidence that can be presented to Officers in the Case (OIC), the Crown Prosecution Service (CPS) and Barristers to be given as testimony at Court as an expert witness (as indicated by judiciary). Manage the needs of customers and ensure simplification of evidence to ensure it is fully understood by those that have limited technical forensic knowledge.
• Attend searches of premises to assist in the seizure and ‘live’ examination of computer exhibits including those with encrypted drives or containers, mobile devices and other digital equipment in line with ISO17020 standards. The live capture of computer RAM and use of command line functions to extract and analyse the recovered data in an evidentially secure manner. Identify and secure digital evidence sources to assist with investigations. Identify and mitigate Health and Safety risks associated with electronic devices. Utilise proprietary and bespoke forensic hardware, software and complex investigative techniques.
• In accordance with legislation and policy assist in open source internet investigations and the capture/recovery of data from the internet and Cloud based services. Identify further investigative opportunities such as identifying suspect(s), victim(s) and potential witnesses. Develop techniques or applications for the recovery of data from unusual devices such as games consoles and the recovery of the associated cloud or platform data associated with their use. Recover data associated with the use of cryptocurrency to facilitate the recovery of funds. Understand and extract data relating to the use of the Dark Web and provide in an evidential format for use operationally.
• Maintain knowledge of current changes in technology and innovation in order to effectively support investigations and enhance the Digital Forensic service for the Force. Undertake independent research, (e.g. developing testing methodologies for new tools and products), personal development training and liaise with other forensic practitioners through professional organisations and forums.
• Contribute to the effective and efficient running of Digital Investigations. Support the administrative processes for ISO 17025/17020 and carry out regular checks, equipment verification, software validation and maintenance on equipment held by the Digital Forensic Unit to ensure it remains operational. Apply quality assurance methods and reviews to ensure product produced is to the required standard to adhere to ISO17025 accreditation and FSR codes of conduct and practice. Deal with telephone enquiries in relation to all technical and administrative issues and assist in providing statistical information on the unit’s performance and achievements.
• Attend case conferences and provide expert advice and guidance to investigating officers and prosecutors in relation to evidence from computers, other digital devices and the Internet including urgent operational requirements whilst on call and writing of the Digital Forensic strategy for the case. Offer advice and address issues raised by defendants and defence experts to affect the decisions impacting investigation outcomes.
• Evaluate and report electronic evidence in relation to criminal or civil investigation or to due diligence and maintaining professional standards. Identify further limits of examination as necessary and identify opportunities for further investigation if they exist.
• Perform advanced technical examinations including JTAG, eMMC and Chip-off. Good practical knowledge and skills in software development methodologies and techniques intended to facilitate the structured development of bespoke applications utilising programming languages such as Python, C++ and other scripting mechanisms.
• Develop, test and document new and amended software solutions in accordance with high level solution designs and agreed standards that are capable of meeting defined business needs for Digital Investigations. Implement and maintain high quality, resilient and performing Forensic network systems including domain administration tasks.
• Data analysis and interpretation of multiple data types such as hexadecimal to ensure data integrity and accuracy. Reverse engineering of software to analyse its functions and abilities, leading to accurate representation of recovered data for court presentation. This may include tasks such as the virtualisation of computers and mobile devices through platforms such as Virtual Box, VMWare or Android Studio.
• Able to prepare, present and where possible provide the clarification of both audio and video product for review. Where necessary provide media presentations for court in order to ensure the best representation of the evidence available. Ensure all data recovered and identified is recorded and stored in a manner that maintains continuity and evidential integrity.
• In accordance with national guidelines and policy, assist as required with specialist CCTV work such as the downloading of video and audio product from CCTV systems in commercial and private premises.

Required knowledge/skills for entry level role
Essential

• Previous experience in a Digital Forensic environment including experience of exhibit handling procedures and giving evidence in court. Demonstrating a working knowledge of Digital Forensic techniques and software tools across a wide range of hardware and operating systems. Knowledge or experience of working within a quality system and meeting the requirements of the FSR Codes of Practice and Conduct.
• Proven ability to work unsupervised/prioritise workload in order to meet deadlines and manage demands, frequently working under pressure sometimes dealing with distressing/disturbing material.
• Proven knowledge and experience of a wide range of computer hardware/digital devices (mobile phones, software/operating systems and networks. Demonstrable experience of, or willingness to, investigate and analyse considerable amounts of data; focusing on potential and relevant evidence.
• A good communicator – confident and assertive when required – who is able to deal with people at all levels both internally and external agencies, as well as working well in a team. Reducing highly technical issues into an easy to understand format. Whether within the team or with colleagues from other law enforcement agencies and external providers or advising colleagues, senior officers, barristers and the Judiciary.
• Proven ability to maintain accurate contemporaneous logs and records in a manner that can be easily retrieved by others. Good written skills/previous experience of provision of statistical information to a high level of accuracy, with a methodical approach and ability to analyse and produce solutions to problems.
• Previous experience of computer/mobile phone forensic techniques/software e.g., XWays, Axiom, Cellebrite, XRY, GrayKey etc.
• Previous experience in law enforcement/investigative organisation/s.
• Able to recognise sensitive information and maintain discretion and confidentiality. Maintain a high degree of integrity and trust when dealing with sensitive and Government Security Marked information.
• The post holder must be willing to work flexible hours to suit the requirements of the department and must be willing and able to travel for business purposes, regionally and nationally. Full UK driving licence.
• Familiar with database structure and configuration for formats such as SQL, SQLite, ESE, plist and XML.
• Successful completion of the Core Skills in Data Recovery & Analysis/ Core Skills in Mobile Phone Forensics or industry equivalents.
• Vendor-specific foundation level courses e.g. AccessData Bootcamp, XRY Foundations etc.
• The post holder must be prepared to undertake specialist training to assist with incidents involving Chemical, Biological, and Radiological or Nuclear (CBRN) materials in the United Kingdom.

Job Types: Full-time, Permanent

Salary: £34,317.00-£40,410.00 per year

Benefits:

• Company pension
• Free parking
• On-site parking
• Sick pay

Work Location: One location

Reference ID: 20085