Digital Forensics Lead

Role summary

The role of Digital Forensics is to scope, co-ordinate and undertake forensic activity to gather forensic evidence from devices, systems and the internet in compliance with law and organisational investigation requirements.

Role expectations

Typically, this role level may include the following responsibilities.

• Assess the need for (and co-ordinate) forensic activity within the overall response initiative, including managing a team, ensuring that forensic services are deployed appropriately
• Manage forensic readiness policy and work with other teams to ensure appropriate implementation
• Co-ordinate team scene investigation and capture evidence in accordance with legal guidelines to minimise disruption to the business and preserve evidentiary integrity, using specialist equipment as appropriate
• Review evidence to identify breaches of policy, regulation or law
• Present evidence as appropriate, acting as an expert witness if necessary

Entry route and progression

Internal

Suitable for an individual from the Government Security Profession, Digital, Data and Technology Profession, or Analytics Profession.

External

Suitable for an individual who has worked in digital forensics in the private sector.

Learning pathway

CREST Registered Intrusion Analyst (CRIA)

CyberSec First Responder (CFR)

Certification Training CREST Certified Host Intrusion Analyst (CCHIA)