Conduct investigations on computer-based crimes establishing documentary or physical evidence, such as digital media and logs associated with cyber intrusion incidents. Analyze digital evidence and investigate computer security incidents to derive information in support of system and network vulnerability mitigation. Preserve and present computer-related evidence in support of criminal, fraud, counterintelligence, or law enforcement investigations.
A considerable amount of work-related skill, knowledge, or experience is needed for these occupations. For example, an accountant must complete four years of college and work for several years in accounting to be considered qualified.
Most of these occupations require a four-year bachelor's degree, but some do not.
Employees in these occupations usually need several years of work-related experience, on-the-job training, and/or vocational training.
Detailed Work Activities
Monitor the security of digital information.
Examine records or other types of data to investigate criminal activities.
Analyze security of systems, network, or data.
Compile technical information or documentation.
Plan production or operational procedures or sequences.
Establish operational policies.
Record images needed to address work issues.
Identify information technology project resource requirements.
Develop technical methods or processes.
Maintain computer equipment or software.
Maintain knowledge of laws or regulations.
Analyze traffic data.
Maintain records, documents, or other files.
Provide recommendations to others about computer hardware.
Recommend changes to improve computer or information systems.
Translate information for others.
Write computer programming code.
Enter codes or other information into computers.
Write reports or evaluations.
Testify at legal or legislative proceedings.
Tasks
Adhere to legal policies and procedures related to handling digital media.
Analyze log files or other digital information to identify the perpetrators of network intrusions.
Conduct predictive or reactive analyses on security measures to support cyber security initiatives.
Create system images or capture network settings from information technology environments to preserve as evidence.
Develop plans for investigating alleged computer crimes, violations, or suspicious activity.
Develop policies or requirements for data collection, processing, or reporting.
Duplicate digital evidence to use for data recovery and analysis procedures.
Identify or develop reverse-engineering tools to improve system capabilities or detect vulnerabilities.
Maintain cyber defense software or hardware to support responses to cyber incidents.
Maintain knowledge of laws, regulations, policies or other issuances pertaining to digital forensics or information privacy.
Perform file signature analysis to verify files on storage media or discover potential hidden files.
Perform forensic investigations of operating or file systems.
Perform web service network traffic analysis or waveform analysis to detect anomalies, such as unusual events or trends.
Preserve and maintain digital forensic evidence for analysis.
Recommend cyber defense software or hardware to support responses to cyber incidents.
Recover data or decrypt seized data.
Write and execute scripts to automate tasks, such as parsing large data files.
Write cyber defense recommendations, reports, or white papers using research or experience.
Write reports, sign affidavits, or give depositions for legal proceedings.
Write technical summaries to report findings.
Data Source: This page includes information from the O*NET 28.0 Database by the U.S. Department of Labor, Employment and Training Administration (USDOL/ETA). Used under the CC BY 4.0 license. O*NET® is a trademark of USDOL/ETA. This page includes Employment Projections program, Occupational Employment and Wage Statistics program, U.S. Bureau of Labor Statistics.
