Description
Investigate cybercrimes and technology-enabled offenses by collecting, preserving, and analyzing digital evidence to identify offenders, mitigate harm, and support prosecution under applicable laws.
- • Conduct initial triage of victim networks and systems for active compromise and ongoing threats.
- • Interview complainants, witnesses, and suspects; record and preserve digital statements and chats.
- • Secure compromised devices, servers, and cloud accounts to prevent tampering before forensic imaging.
- • Document investigative actions, maintain case files, and draft affidavits for digital search and seizure warrants.
- • Prepare charging recommendations and case packets in accordance with digital evidence procedures.
- • Preserve, image, and analyze digital evidence; maintain chain of custody and dispose of evidence per policy.
- • Obtain incident summaries from responders or reporting agencies without altering evidence.
- • Capture screenshots, metadata, and timestamps; map network topologies and collect relevant logs.
- • Prepare detailed reports of findings and timelines of cyber events.
- • Query databases and agency records to identify suspects, aliases, and infrastructure.
- • Control access to affected environments and coordinate to prevent evidence contamination.
- • Provide forensics labs with context, suspected vectors, and requested examinations.
- • Review incident and patrol reports to determine gaps and next investigative steps.
- • Corroborate evidence through interviews, log analysis, OSINT, and transactional records.
- • Draft and execute search warrants and subpoenas for devices, ISPs, cloud providers, and blockchain data.
- • Conduct online surveillance and validate identities across platforms and services.
- • Define offense elements and the digital artifacts required to prove them.
- • Assist with on-site digital evidence seizure during raids and arrests.
- • Lead digital crime scene operations, assigning imaging, triage, and log collection tasks.
- • Coordinate victim assistance and incident response resources.
- • Notify command and request specialized technical support when needed.
- • Testify before grand juries and in court regarding cyber investigations and findings.
- • Isolate networks, disable accounts, and preserve volatile data to secure the digital scene.
- • Notify prosecutors and obtain guidance on legal process and charging decisions.
- • Collect artifacts such as logs, memory, disk images, malware samples, and network captures.
- • Set investigative scope, priorities, and timelines based on threat and legal constraints.
- • Monitor threat actor infrastructure, domains, forums, and dark web marketplaces.
- • Coordinate with federal, state, local, and international partners and ISACs.
- • Conduct undercover online operations and monitor authorized intercepts.
- • Analyze linkages among accounts, IPs, crypto wallets, and transactions to build chains of evidence.
Related specializations
Interview options
Interview options
Interviewee gender
Interviewee accent
Interview time
Related Pathways
Public Service & Safety
View
Source
Tasks & skills:
O*NET occupational data (work activities, skills, knowledge).
Learn more
Sources & Standards:
This site includes information from O*NET by the U.S. Department of Labor, Employment and Training Administration (USDOL/ETA), used under the CC BY 4.0 license. Career Clutch has modified some of this information for student readability. USDOL/ETA has not approved, endorsed, or tested these modifications. O*NET® is a trademark of USDOL/ETA.
Last reviewed: Jan 2026