Sign in
Sign up
Description
Investigate cybercrimes and technology-enabled offenses by collecting, preserving, and analyzing digital evidence to identify offenders, mitigate harm, and support prosecution under applicable laws.
  • • Conduct initial triage of victim networks and systems for active compromise and ongoing threats.
  • • Interview complainants, witnesses, and suspects; record and preserve digital statements and chats.
  • • Secure compromised devices, servers, and cloud accounts to prevent tampering before forensic imaging.
  • • Document investigative actions, maintain case files, and draft affidavits for digital search and seizure warrants.
  • • Prepare charging recommendations and case packets in accordance with digital evidence procedures.
  • • Preserve, image, and analyze digital evidence; maintain chain of custody and dispose of evidence per policy.
  • • Obtain incident summaries from responders or reporting agencies without altering evidence.
  • • Capture screenshots, metadata, and timestamps; map network topologies and collect relevant logs.
  • • Prepare detailed reports of findings and timelines of cyber events.
  • • Query databases and agency records to identify suspects, aliases, and infrastructure.
  • • Control access to affected environments and coordinate to prevent evidence contamination.
  • • Provide forensics labs with context, suspected vectors, and requested examinations.
  • • Review incident and patrol reports to determine gaps and next investigative steps.
  • • Corroborate evidence through interviews, log analysis, OSINT, and transactional records.
  • • Draft and execute search warrants and subpoenas for devices, ISPs, cloud providers, and blockchain data.
  • • Conduct online surveillance and validate identities across platforms and services.
  • • Define offense elements and the digital artifacts required to prove them.
  • • Assist with on-site digital evidence seizure during raids and arrests.
  • • Lead digital crime scene operations, assigning imaging, triage, and log collection tasks.
  • • Coordinate victim assistance and incident response resources.
  • • Notify command and request specialized technical support when needed.
  • • Testify before grand juries and in court regarding cyber investigations and findings.
  • • Isolate networks, disable accounts, and preserve volatile data to secure the digital scene.
  • • Notify prosecutors and obtain guidance on legal process and charging decisions.
  • • Collect artifacts such as logs, memory, disk images, malware samples, and network captures.
  • • Set investigative scope, priorities, and timelines based on threat and legal constraints.
  • • Monitor threat actor infrastructure, domains, forums, and dark web marketplaces.
  • • Coordinate with federal, state, local, and international partners and ISACs.
  • • Conduct undercover online operations and monitor authorized intercepts.
  • • Analyze linkages among accounts, IPs, crypto wallets, and transactions to build chains of evidence.
Interview options
Interview options
Interviewee gender
Interviewee accent
Interview time
Related Pathways
Public Service & Safety View
Source
Tasks & skills: O*NET occupational data (work activities, skills, knowledge). Learn more
Sources & Standards: This site includes information from O*NET by the U.S. Department of Labor, Employment and Training Administration (USDOL/ETA), used under the CC BY 4.0 license. Career Clutch has modified some of this information for student readability. USDOL/ETA has not approved, endorsed, or tested these modifications. O*NET® is a trademark of USDOL/ETA.
Last reviewed: Jan 2026
Share this job