State of Maryland

MSP Digital Forensic Examiner (#000264)

- Hourly / - BiWeekly /
- Monthly / $84,229.00-$136,003.00 Yearly


GRADE

21

CLASS ATTRIBUTES

SKILLED SERVICE         BARGAINING UNIT: G         OVERTIME ELIGIBLE

NATURE OF WORK

A Maryland State Police (MSP) Digital Forensic Examiner is the full performance level of work performing complex digital data recovery examinations on computers and other electronic devices in a forensically sound manner in the Technical Investigation Section of the Criminal Enforcement Division of the Maryland State Police crime laboratory.  Employees in this classification collect and preserve digital evidence using specialized hardware and software tools; provide support to and facilitate criminal investigations that involve various forms of cyber-crime and digital evidence; provide comprehensive written reports describing the techniques used and data recovered; apply expertise to render opinions concerning the same; work with investigators and prosecutors to prepare for courtroom hearings; and provide factual courtroom testimony. Employees in this classification do not supervise other positions but may provide advice and guidance to less experienced staff.

Employees in this classification receive general supervision from a lab manager, division commander, official or administrator. Employees in this classification may be required to work overtime. Employees may be exposed to disturbing digital evidence such as graphic images.

Positions in this classification are evaluated by using the classification job evaluation methodology. The use of this method involves comparing the assigned duties and responsibilities of a position to the job criteria found in the Nature of Work and Examples of Work sections of the class specification.

EXAMPLES OF WORK

Uses computer forensic software and robotic tools to forensically copy data found on electronic devices so that the integrity of original evidence is preserved, and the copy can be used for forensic analysis;

Abides by and follows all procedures relating to the proper handling and chain of custody of evidence in computer forensic laboratories;

Maintains strict adherence to chain of custody for all evidence and ensures the integrity of each item of evidence handled and analyzed;

Interacts with other Investigators, Analysts, or outside computer professionals to acquire information necessary to perform forensic examinations;

Verifies the integrity of the forensic copies to be used for analysis according to Maryland State Police and National Institute of Standards for Technology standards;

Uses computer forensics and information technology utilities to verify the integrity of data to ensure that no data is lost or modified during the acquisition or copying process;

Uses automated technology to prepare copied data for archiving into digital media, such as compact disks (archival process will preserve and prevent data loss by providing a stable long-term storage medium);

Conducts physical examinations of computer and other electronic computing devices by inspecting the hardware peripherals in devices submitted to the laboratory as evidence;

Documents the physical condition of evidence, computers and devices by means of digital photography and completion of appropriate examiner reports;

Disassembles and reassembles various types of electronic data or communication devices including but not limited to personal computers, laptops, cellular phones, pagers, and personal digital assistants during the examination process;

Tests and validates computer hardware, software, and forensic analytical tools using established laboratory procedures and National Institute of Standards for Technology guidelines;

Conducts testing and validation to verify the integrity of computer forensic software, data acquisition and archival hardware and to ensure tools do not report high rate of errors;

Prepares and submits required documentation to superiors that catalogues and describes acquired data for admittance into evidence in court proceedings;

Prepares reports to be submitted by all Analysts after performing laboratory processes such as acquisition, archival and analysis;

Performs computer hardware, software, network, and internet related research to troubleshoot and maintain computer forensic laboratory equipment and network;

Reviews current scientific literature and attend seminars, courses, or professional meetings to stay abreast of developments within the field of Computer Forensics and Multimedia Digital Evidence;

Examines computers and other electronic storage devices submitted as evidence using non-intrusive forensic tools and methods to extract data for analysis; 

Testifies in court proceedings regarding casework involving routine laboratory processes such as acquisition, archival and analysis;

Uses Maryland State Police report writing standards to prepare comprehensive analysis reports used in the course of investigations, and to be entered into evidence during court proceedings;

Researches industry standards and assists Maryland State Police Investigators in developing Standard Operating Procedures for the various stages of computer forensic processes, such as acquisition, archival, and analysis of data;

Performs other laboratory forensic processes using Maryland State Police procedures and industry standards and techniques, such as Secure Erase and Hard Drive Restoration pursuant to judicial requests, such as court orders;

Responds to crime scenes and search warrant locations to perform onsite triage or analysis as required;

Attends training, workshops and seminars in order to maintain current knowledge of trends and developments in the field of digital forensics;

Operates an agency vehicle as directed by the Laboratory Manager, Laboratory Supervisor, or Technical Investigations Section Commander;

Performs other related duties.

KNOWLEDGE, SKILLS AND ABILITIES

Knowledge, at the thorough level of proficiency, of computers, operating systems, applications, and hardware devices;

Knowledge, at the thorough level of proficiency, of the tools, methods, and techniques utilized to access, preserve, recover, and present digital evidence in a manner that adheres to the rules of evidence;

Knowledge of criminal law-enforcement digital forensics lab operations;

Skill and troubleshooting ability as it relates to the interrelationship between computer hardware, software applications, and operating systems;

Skill in examining and analyzing computer hardware, software, and electronically stored data pertaining to law enforcement investigations;

Ability to install, maintain, restore, and operate computer systems;

Ability to work as part of a team of computer forensics examiners/ investigators;

Ability to communicate well, both verbally and in writing;

Ability to write comprehensive, narrative, factual reports of findings;

Ability to interact well with various levels of management, other agencies, and personnel;

Ability to stay on task in a production oriented environment;

Ability to collect, transport, process, and secure evidentiary items as needed;

Ability to attend, and successfully complete relevant training courses as assigned;

Ability to work as part of a team in conducting digital forensics exams in the field;

Ability to stay abreast of current trends as it relates to digital forensics and the presentation of digital evidence in court;

Ability to provide support and assistance to other lab personnel and investigators as it relates to the seizure and examination of digital evidence;

Ability to maintain confidentiality concerning the work performed;

Ability to conduct digital forensics investigations in cases that contain objectionable materials, and that are of a highly sensitive nature;

Ability to cope with associated job-related stresses.   

MINIMUM QUALIFICATIONS

Experience: Seven years of experience, three years of experience in computer forensics or information technology related experience and four additional years of experience performing digital recovery examinations on computers.

Note: Candidates may substitute the possession of a Bachelor's degree in information technology, computer science, criminal justice, or a related field and three years of experience in computer forensics or information technology related experience for the required experience.

LICENSES, REGISTRATIONS AND CERTIFICATIONS

Employees in this classification may be assigned duties, which require the operation of a motor vehicle. Employees assigned such duties will be required to possess a motor vehicle operator’s license valid in the State of Maryland 

SPECIAL REQUIREMENTS

1. Candidates for positions in the classification will be subject to a complete criminal background investigation and polygraph examination before permanent appointment can be made. A criminal conviction may be grounds for rejection of the candidate.

2. Employees in this classification are subject to substance abuse testing in accordance with Code of Maryland Regulations 17.04.09, Testing for Illegal Use of Drugs.

3. Employees in this classification must have access to an automobile for use on official business in the event a State vehicle cannot be provided. Standard mileage allowance will be paid for use of a privately owned vehicle.

ACKNOWLEDGEMENTS

Class specifications are broad descriptions covering groups of positions used by various State departments and agencies. Position descriptions maintained by the using department or agency specifically address the essential job functions of each position.

This is a Skilled Service classification in the State Personnel Management System. All positions in this classification are Skilled Service positions.  Some positions in Skilled Service classifications may be designated Special Appointment in accordance with the State Personnel and Pensions Article, Section 6-405, Annotated Code of Maryland.

This classification is assigned to Bargaining Unit G, Engineering, Scientific and  Administrative Professionals classes.  As provided by State Personnel and Pensions Article, Section 3-102, special appointment, temporary, contractual, supervisory, managerial and confidential employees are excluded from collective bargaining. Additionally, certain executive branch agencies are exempt from collective bargaining and therefore, all positions in those agencies are excluded from collective bargaining.

Employees in this classification are eligible to receive overtime compensation. An employee who works more than the normal workweek is entitled to be compensated for that overtime, as provided by the State Personnel and Pensions Article, Section 8-305. 

Date Established

8/1/2018

Date Revised

December 29, 2021

Approved By

Director, Division of Classification and Salary

CLASS: 000264; EST: 8/1/2018; REV: 12/29/2021;

Powered by JobAps