Overview
Collects, preserves, and analyzes digital evidence from computers and networks following a security incident or for legal investigations. Recovers data and documents findings for potential court use.
Responsibilities
- Collect
- preserve
- and analyze digital evidence from computers
- networks
- and mobile devices related to security incidents or legal investigations
- recover deleted data
- document findings for legal proceedings
- testify as an expert witness
Required Skills
- Digital forensics tools (EnCase, FTK, Autopsy, Cellebrite)
- file system analysis (NTFS, FAT, HFS+, ext4)
- memory analysis (Volatility)
- mobile forensics
- data recovery techniques
- chain of custody procedures
- legal understanding
- report writing
Salary Expectations
$70,000 - $125,000+ USD
Relevant Certifications
Common Career Pathway
Can be an entry point with specialized training, or progress from IT support, system administration, or law enforcement with a tech focus. Incident Responders often have strong forensic skills.
Learning Roadmap
IT Fundamentals -> OS Internals -> File Systems -> Learn Forensics Tools -> Understand chain of custody/legal aspects -> Memory/Mobile Forensics -> Certifications (GCFA/GCFE/EnCE).