CLACKAMAS COUNTY

CLASSIFICATION NO. 131
Established: 10/13
FLSA: Non-Exempt
EEO: 3

COMPUTER FORENSICS INVESTIGATOR

CLASS CHARACTERISTICS

Under direction, to conduct advanced and highly specialized computer forensic analyses; to find, identify and extract computerized files and other data of evidentiary value to criminal investigations and the prosecution of crimes; to provide technical guidance and assistance to law enforcement officials involved in investigations; to provide expert testimony in courts regarding electronically stored information; and to do other work as required.

DISTINGUISHING CHARACTERISTICS

The Sheriff's Department provides police protection and law enforcement services to the residents of Clackamas County by enforcing the laws of the State of Oregon. The Department is organized into four major divisions: the Civil Division; Operations Division; Service Division; and Corrections Division.

The Computer Forensics Investigator analyzes and interprets computer-based evidence such as e-mail, accounting data, various database extracts, and other information stored on electronic devices.  Incumbents assist investigators, pursuant to a search warrant or consent, with the proper seizure of computers, storage medium, peripherals, and/or other items  functionally reliant upon computer components in an accepted technical manner that insures the preservation of or prevents the destruction of potential evidence.

The Computer Forensics Investigator differs from the Detective and the Evidence Technician classifications which are sworn positions responsible for performing complex or specialized criminal investigative work. It also differs from Sergeant which acts as a functional supervisor/leadworker for a team of law enforcement officers.

TYPICAL TASKS

Duties may include but are not limited to the following:

1. Examines and performs comprehensive technical analyses of computer-related evidence including but not limited to media storage devices, hard drives, network drives, cell phones, and video and still cameras.

2. Takes custody of seized items following accepted evidentiary procedures and policies for the storage of computers or computer related items or components; maintains proper chain of custody.

3. Assist investigators, pursuant to a search warrant or consent, with the proper seizure of computers, storage medium, peripherals and other items functionally reliant upon computer components such as cell phones, video and still cameras, and other items utilizing a micro processor(s) and/or with data storage capability in an accepted technical manner that insures the preservation of or prevents the destruction of potential evidence.

4. Conducts training for police personnel on the preservation of electronically stored information; provides information about changes in techniques, technology, and crime scene investigation as it relates to computer forensics.

5. Provides ongoing analysis of technology trends to incorporate proven forensic investigation and supporting technologies into practice; attends periodic training to maintain competency and remain current with evolving technologies.

REQUIRED KNOWLEDGE AND SKILLS

Thorough knowledge of:  Principles, methods, and procedures of characteristics of a wide variety of microcomputer systems, including the characteristics of computer equipment, internal computer processes, operating systems, application software, utility programs and magnetic media storage devices; information systems security; network architecture; general database concepts; document management; hardware and software troubleshooting; electronic mail systems; Microsoft Office applications; intrusion tools and computer forensic methodologies, protocols, and tools; methods of security assessments, penetration testing, and ethical hacking; evidence collection, preservation and chain of custody rules/laws.

Skill to:  Establish and maintain effective working relationships with law enforcement officials, outside agencies and the public; dismantle, according to manufactures guidelines and procedures, the components and sub-components of a computer or computer related items as necessary for a forensic examination; recover electronic data that has been deleted, erased, fragmented, hidden or encrypted from data storage devices; evaluate and maintain hardware and software necessary for the performance of computer related investigations; conduct security assessments; manage multiple tasks and competing priorities; handle confidentiality appropriately; analyze data and prepare clear, accurate, and comprehensive written and oral reports; follow oral and written instructions; follow Sheriff’s Office directives, regulations, procedures, and operations; testify in court; take proper safety precautions, anticipate unsafe circumstances, and act accordingly to prevent accidents; communicate effectively, both orally and in writing.

WORKING CONDITIONS

Duties are typically performed indoors, involving sedentary activities. The Computer Forensic Investigator must understand that through their examinations they will be exposed to viewing emotionally disturbing visual and audible images such as, but not limited to, explicit sex or the sexual or physical abuse of children.

OTHER REQUIREMENTS

Positions within the County's Criminal Justice agencies must successfully pass an extensive background investigation which may include national fingerprint records check.

All positions within the County's Criminal Justice agencies must pass a pre-employment drug test.

Driving is required for County business on a regular basis or to accomplish work. Incumbents must possess a valid driver's license, and possess and maintain an acceptable driving record throughout the course of employment.

MINIMUM RECRUITING STANDARDS

Any satisfactory combination of experience and training that demonstrates possession of the required knowledge and skills.