Forensics Analyst - Intermediate
Clearance: US Citizen with TS/SCI with Poly
Apply for this position: Send a Microsoft Word copy of your resume to: HR@zavda.com
Zavda was founded in 2006 and is an SDB certified, Service Disabled Veteran Owned, and Woman-owned small business that offers leading IT management, Intel, and Cyber opportunities in both the private and public sectors. Zavda is looking for a Forensics Analyst that is responsible for conducting detailed digital forensics, host-based analysis, including imaging, digital media processing, and memory capture and data log analysis. Locates and identifies digital evidence. Extracts and carves files from collected evidence. Analyzes intrusion techniques and tradecraft. Assists in root cause and attribution analysis. Identifies, collects, and analyzes relevant host-based artifacts. Maintains cyber hygiene of forensic media and analysis environment. Supports chain of custody throughout incident lifecycle. Configures and utilizes virtualized and/or forensics computer system environments.
- Create and maintain chain-of-custody documentation throughout incident response.
- Perform forensically sound evidence collection and analysis.
- Provide technical summary of findings in accordance with established reporting procedures.
- Knowledge of host communications to include common ports, default services of common operating systems.
- Collect and review artifacts (such as media, live system memory, images, equipment, network traffic, logs, or software).
- Conduct initial analysis of log files, evidence, and other information.
- Perform file system forensic analysis to include recovery of hidden and deleted content such as pagefiles, volume shadow copies, or unallocated space.
- Utilize appropriate tools to decrypt seized data from sources such as full disk encryption and collected malware.
- Carve data using manual and techniques for tools such as Forensic Tool Kit (FTK), EnCase, and other open-source tools and scripts.
- Generate, research, and identify content base on file hashes.
- Search and analyze Windows registry-related content.
- Perform forensic incident handling tasks (such as forensic collections, host analysis, intrusion correlation and tracking, threat analysis, and direct system remediation) as part of flyaway Incident Response Teams (IRTs).
- Perform file signature and timeline forensics analysis.
- Recognize obfuscation and encryption detection techniques along with and understands applicable decoding methods to advance evidence processing during analysis.
- Possess knowledge of data carving tools and techniques to include restoring deleted artifacts from unallocated disk storage and from system memory (RAM).
- Detect ani-forensics techniques and tactics.
Education / Experience:
- Two (2) years of demonstrated experience as a Cyber Forensics Analyst in programs of similar scope, type and complexity is required.
- Two (2) years of demonstrated experience using at least two forensic tool suites similar to EnCase, Sleuthkit, FTK, X-WAYS, REKALL, or Axiom.
- Three (3) years of demonstrated experience working on Windows and Linux operating systems as a Systems administrator or in Software Development and Information Technology Systems (DevOps).
- Requires DoD 8570 compliance with CSSP Incident Responder baseline certification, Information Assurance Technical (IAT) Level II or Level III certification, and Computing Environment (CE) certification. The CE certification requirements can be fulfilled with either Microsoft OS, Cent OS/Red Hat OS CE certifications.
- Requires Global Information Assurance Certification Forensic Analyst (GCFA) or Global Information Assurance Certification Forensic Examiner (GCFE).
Zavda is a small business and an equal opportunity employer- Veteran/Female/Minorities/Individuals with Disabilities. With Zavda you have the opportunity to provide dependable solutions and support that benefit the national security missions. Zavda prides itself to providing continual professional growth and success for the Zavda Team.