Cyber Forensics
Develop and manage digital forensic investigation and reporting plan which specifies the tools, methods, procedures and practices to be used. This includes the collection, analysis and preservation of digital evidence in line with standard procedures and reporting of findings for legal proceedings
Type
Domain
Competency Area
Operations and User Support
Levels
Scan, retrieve and preserve digital evidence from various sources, following authorised protocols
Access evidence from electronic devices using various forensic tools
Extract digital evidence from various sources, following authorised protocols
Use forensic tools to back up and preserve evidence to prevent tampering
Store original and copied evidence in safe environments with limited access
Coordinate the collection and preservation of evidence and analyse forensic evidence to draw inferences
Monitor a range of internal and external data sources to identify relevant information to incident at hand
Coordinate the collection and preservation of digital evidence
Examine digital evidence to identify patterns and suspicious or unauthorised activity
Analyse forensic evidence and document inferences
Analyse patterns and correlations of events data to draw conclusions
Present digital forensic findings in an appropriate format which complies to legal and company regulations
Develop a digital forensic investigation plan, and integrate analysis of evidence
Develop a digital forensic investigation plan, including the tools, processes and methodologies to be used
Assess suitability of new and emerging forensic tools, given investigation requirements
Determine the key tasks, timelines, milestones and accountabilities for a specific forensic investigation
Perform robust investigation activities and forensic analysis to determine the underlying causes and effects of incidents
Lead forensic investigations, involving interaction with large data sets, operating systems or networks
Review multi-source evidence and conclusions drawn in light of broader trends and contextual considerations
Develop a report to documents the findings, conclusions and recommendations
Establish digital forensic investigation policies and protocols for the organisation, and manage multiple investigations
Establish digital forensic investigation policies and standards for the organisation
Develop protocols and Standard Operating Procedures (SOP) for investigation procedures
including guidelines for interviews, data handling, surveillance etc.
Manage plans for multiple digital forensic investigations and large- scale forensic investigation activities for forensic teams
Present reports and outcomes in significant investigations or legal proceedings
Define new cyber forensics tools, techniques and methodologies and lead cyber forensics investigations
Chart direcrtion for new cyber forensics techniques and methodologies
Establish cyber or digital forensic tools for adoption
Review robustness of protocols and SOPs for investigation procedures
Lead cyber forensics investigations on an international scale