Sign in
Sign up

Computer Forensics Technician (Computer Forensics Tech)

Forensic Science Technicians
Description
Collect, preserve, and analyze digital evidence from computers, mobile devices, networks, and cloud sources to support investigations. Perform forensic imaging, data recovery, and artifact analysis; document procedures and findings; and testify as an expert on digital evidence and laboratory techniques. May specialize in mobile, network, malware, cloud, or e‑discovery.
  • • Testify in court about digital forensic methods and findings.
  • • Interpret forensic artifacts and timelines to identify user actions, malware, or data exfiltration.
  • • Operate and maintain forensic hardware and software, including write blockers and analysis platforms.
  • • Prepare forensic images, hash sets, keyword lists, and boot media for examinations.
  • • Collect and preserve digital evidence onsite or remotely, maintaining chain of custody and integrity.
  • • Identify contraband data, stolen PII, financial fraud indicators, or illicit content on digital media.
  • • Reconstruct user activity and intrusion sequences from logs, timestamps, and system artifacts.
  • • Capture and analyze system, application, and network logs for evidentiary value.
  • • Recover deleted, hidden, or encrypted data using carving, decryption, and artifact analysis.
  • • Conduct onsite triage of devices and coordinate with investigators, custodians, ISPs, or cloud providers to obtain data.
  • • Examine devices for tampering, anti-forensics, or jailbreak/root status and document lawful bypass methods.
  • • Collaborate with specialists in malware analysis, network forensics, mobile forensics, cloud, and legal teams.
  • • Compare file hashes, signatures, and metadata to known datasets and intelligence sources.
  • • Maintain detailed case notes and write clear forensic reports with methods, hashes, and findings.
  • • Use forensic tools to image media, verify integrity with cryptographic hashes, and validate tool output.
  • • Train new technicians or stakeholders on digital evidence handling and forensic workflows.
  • • Acquire and analyze volatile memory to identify running processes, injected code, or credential theft.
  • • Document device conditions and collection steps with photos, screenshots, and logs.
  • • Peer review casework and reports for technical accuracy and defensibility.
  • • Classify malware families, attack tools, and tactics, techniques, and procedures linked to incidents.
  • • Map and diagram network, account, and data flows relevant to incidents.
  • • Analyze external device, geolocation, browser, and application usage artifacts for attribution and timelines.
  • • Examine file systems, email stores, cloud artifacts, and mobile backups for relevant evidence.
  • • Analyze data from computers, mobile devices, cloud services, removable media, and IoT sources for criminal activity.
Interview options
Interview options
Interviewee gender
Interviewee accent
Interview time
Related Pathways
Public Service & Safety View
Source
Tasks & skills: O*NET occupational data (work activities, skills, knowledge). Learn more
Sources & Standards: This site includes information from O*NET by the U.S. Department of Labor, Employment and Training Administration (USDOL/ETA), used under the CC BY 4.0 license. Career Clutch has modified some of this information for student readability. USDOL/ETA has not approved, endorsed, or tested these modifications. O*NET® is a trademark of USDOL/ETA.
Last reviewed: Jan 2026
Share this job