Job Description :
Duration: 12 months


Contractor has been engaged to provide an on-site IT forensics consultant resource, more specifically a Subject Matter Expert ( "SME”) - Level 3.
Expected responsibilities for the SME Level 3 consist of the following:

Project Services:

Data capture

Visit to client site(s) as directed by Company
Collection of data using forensic technology methods in accordance with evidence handling procedures, including collection of hard copy and electronic documents
Maintenance of an audit trail (i.e., chain of custody) and/or evidence of integrity

Data cleansing

Receive data from Company and use approved tools and methods (e.g., EnCase Enterprise and Company methodology) with the assistance of Company resources to analyze data based on keywords
Liaison with Company field IT resources as needed

Data exam and evaluation

Examination of data obtained via forensic data capture process
Identification of data, images and/or activity which may be the target of an internal investigation
Detailed evaluation of the data and any evidence of activity in order to analyze the full circumstances and implications of the event
Process mapping of events or transactions in order to understand any remedy that may be required to restore systems integrity
Support for process design to prevent and detect reoccurrence
Control recommendations and support for remediation activities
Provision of threat intelligence and key learning points to support pro-active profiling and scenario modeling
Provide technical and evidential support for disciplinary interviews, dispute resolution, legal action and recovery activity


? Summarize information obtained in interviews and from hard copy documents
? Keyword searches including using target words or phrases advised by Company
? Searches of unallocated space to identify previous activity
? Searches of file slack space where PC type technologies are employed
? File MAC times (Modified, Accessed, and Create dates and times) as evidence of access and event sequences
? File type vs. file header information
? A review of e-mail communications; including web mail and Internet Instant Messaging programs
? Where applicable, internet browsing history and a list of password protected and password cracked files
? Review for indicators of massive deletion of files or data destruction (disk wipe, etc
? Generate reports which detail the approach and an audit trail which documents actions taken in order to support the integrity of the internal investigation process

Key Skills: IT Forensic Examiner