Job Description: What Does a Computer Forensic Investigator Do?

A Forensics Analyst retrieves and analyzes data, network traces and other evidence from computers, networks and data storage devices. Those devices may be physically damaged or corrupted, accidentally or intentionally. The results of the investigations might be used as evidence in a criminal investigation, to resolve a business or legal dispute, to uncover specific targets or to detect suspicious activity. The scope of the analysis can sometimes cover many devices, including large amounts of data. At the conclusion of the investigation, the Investigator prepares and delivers detailed reports, including testifying as to the results in court, if required.

A Computer Forensics Investigator may also perform studies to identify breaches in a firm’s security or track the source of an unauthorized intrusion. This specialist advises the client on ways to protect their systems and produces any evidence which could be used against the intruder.

This position has many titles for the same duties:

  • Information Security Crime Investigator
  • Computer Forensics Engineer /Investigator /Specialist /Analyst /Examiner /Technician
  • Digital /Computer Crime Specialist
  • Computer Hacking Forensic Investigator

Forensic Investigator Responsibilities & Duties:

For legal and law enforcement forensic assignments, the Analyst must:

  • Identify, gain access and secure any necessary devices or systems to be examined;
  • Reconstruct damaged hardware, if necessary;
  • Copy or use other means to ensure data is not changed during the analysis;
  • Recover the target information and assess the credibility and completeness of the data;
  • Identify and document any metadata associated with the files, such as date of creation, owner, etc;
  • Document any other findings or discovered files or communications which may be relevant;
  • Ensure that all work is done in compliance with local and federal laws and forensic standards;
  • Collect the information in a legally admissible way;
  • Provide an audit trail;
  • Compile and secure the evidence and write structured reports acceptable for court;
  • Provide testimony when called; and
  • Advise and train law enforcement and legal staff on forensics.

For security monitoring and testing:

  • Stay current in all areas of information technology concerning security breaches or malicious attacks;
  • Conduct investigations after breaches or incidents, including identifying any other systems impacted or involved;
  • Advise businesses and agencies on IT system vulnerability and protection against malware and hackers;
  • Keep all computer forensic skills up to date and share information learned about threats to peers.