Digital Forensics Analysts

A subset of this occupation's profile is available. Data collection is currently underway to populate other parts of the profile.

Conduct investigations on computer-based crimes establishing documentary or physical evidence, such as digital media and logs associated with cyber intrusion incidents. Analyze digital evidence and investigate computer security incidents to derive information in support of system and network vulnerability mitigation. Preserve and present computer-related evidence in support of criminal, fraud, counterintelligence, or law enforcement investigations.

Occupation-Specific Information

Tasks

  • Adhere to legal policies and procedures related to handling digital media.
  • Analyze log files or other digital information to identify the perpetrators of network intrusions.
  • Conduct predictive or reactive analyses on security measures to support cyber security initiatives.
  • Create system images or capture network settings from information technology environments to preserve as evidence.
  • Develop plans for investigating alleged computer crimes, violations, or suspicious activity.
  • Develop policies or requirements for data collection, processing, or reporting.
  • Duplicate digital evidence to use for data recovery and analysis procedures.
  • Identify or develop reverse-engineering tools to improve system capabilities or detect vulnerabilities.
  • Maintain cyber defense software or hardware to support responses to cyber incidents.
  • Maintain knowledge of laws, regulations, policies or other issuances pertaining to digital forensics or information privacy.
  • Perform file signature analysis to verify files on storage media or discover potential hidden files.
  • Perform forensic investigations of operating or file systems.
  • Perform web service network traffic analysis or waveform analysis to detect anomalies, such as unusual events or trends.
  • Preserve and maintain digital forensic evidence for analysis.
  • Recommend cyber defense software or hardware to support responses to cyber incidents.
  • Recover data or decrypt seized data.
  • Write and execute scripts to automate tasks, such as parsing large data files.
  • Write cyber defense recommendations, reports, or white papers using research or experience.
  • Write reports, sign affidavits, or give depositions for legal proceedings.
  • Write technical summaries to report findings.

back to top

Technology Skills

  • Analytical or scientific software — Guidance Software EnCase Enterprise In Demand
  • Application server software — Kubernetes Hot technology
  • Authentication server software — Single sign-on SSO
  • Cloud-based data access and sharing software — Platform as a service PaaS; Slack Hot technology
  • Configuration management software — IBM Terraform Hot technology
  • Data base user interface and query software — Amazon Web Services AWS software In-Demand Hot technology ; Microsoft Access Hot technology ; ServiceNow In-Demand Hot technology ; Structured query language SQL In-Demand Hot technology
  • Development environment software — Go Hot technology ; Microsoft Azure software In-Demand Hot technology ; Microsoft PowerShell In-Demand Hot technology ; Ruby In-Demand Hot technology ; 1 more
  • Enterprise application integration software — Enterprise application integration EAI software; Extensible markup language XML Hot technology
  • Enterprise resource planning ERP software — Management information systems MIS
  • Enterprise system management software — Splunk Enterprise In-Demand Hot technology
  • Expert system software — Ansible software Hot technology
  • Filesystem software — Computer forensic software
  • Geographic information system — Geographic information system GIS systems
  • Graphical user interface development software — Graphical user interface GUI design software
  • Internet directory services software — Microsoft Active Directory Hot technology ; Network directory services software
  • Network monitoring software — AccessData FTK In Demand ; Cisco Systems Cisco NetFlow Collection Engine; Snort; Wireshark; 1 more
  • Network security and virtual private network VPN equipment software — Firewall software In Demand
  • Network security or virtual private network VPN management software — Intrusion detection system IDS
  • Object or component oriented development software — C# In-Demand Hot technology ; Oracle Java In-Demand Hot technology ; Perl In-Demand Hot technology ; R Hot technology ; 2 more
  • Office suite software — Google Workspace software Hot technology ; Microsoft Office software Hot technology
  • Operating system software — Apple iOS Hot technology ; Apple macOS In-Demand Hot technology ; Bash In-Demand Hot technology ; Microsoft Windows Server Hot technology ; 3 more
  • Presentation software — Microsoft PowerPoint Hot technology
  • Program testing software — Kali Linux; MITRE ATT&CK software In Demand ; System testing software
  • Spreadsheet software — Microsoft Excel Hot technology
  • Storage networking software — Amazon Simple Storage Service S3 Hot technology
  • Switch or router software — Border Gateway Protocol BGP
  • Transaction security and virus protection software — Metasploit; Microsoft Defender Antivirus; OpenVAS; Tenable Nessus In Demand ; 1 more
  • Transaction server software — Web server software In Demand
  • Web platform development software — Hypertext markup language HTML Hot technology ; JavaScript Hot technology ; PHP Hot technology ; Security assertion markup language SAML
Hot technology
Hot Technologies are requirements most frequently included across all employer job postings.
In demand
In Demand skills are frequently included in employer job postings for this occupation.

back to top

Occupational Requirements

Detailed Work Activities

back to top

Experience Requirements

Job Zone

Title
Job Zone Four: Considerable Preparation Needed
Education
Most of these occupations require a four-year bachelor's degree, but some do not.
Related Experience
A considerable amount of work-related skill, knowledge, or experience is needed for these occupations. For example, an accountant must complete four years of college and work for several years in accounting to be considered qualified.
Job Training
Employees in these occupations usually need several years of work-related experience, on-the-job training, and/or vocational training.
Job Zone Examples
Many of these occupations involve coordinating, supervising, managing, or training others. Examples include real estate brokers, sales managers, database administrators, graphic designers, conservation scientists, art directors, and cost estimators.
SVP Range
(7.0 to < 8.0)

back to top

Training & Credentials

State training
Local training
Certifications

back to top

Apprenticeship Opportunities

Example apprenticeship titles for this occupation:

  • Cyber Digital Forensics Analyst

Specific title(s) listed above are vetted by industry and approved by the U.S. Department of Labor for use in a Registered Apprenticeship Program.

Start your career and build your skillset. Visit Apprenticeship.gov external site to learn about opportunities related to this occupation.

back to top

Worker Characteristics

Interests

Interest code: IC
Want to discover your interests? Take the O*NET Interest Profiler at My Next Move.
  • Investigative — Work involves studying and researching non-living objects, living organisms, disease or other forms of impairment, or human behavior. Investigative occupations are often associated with physical, life, medical, or social sciences, and can be found in the fields of humanities, mathematics/statistics, information technology, or health care service.
  • Conventional — Work involves following procedures and regulations to organize information or data, typically in a business setting. Conventional occupations are often associated with office work, accounting, mathematics/statistics, information technology, finance, or human resources.

back to top

Workforce Characteristics

Wages & Employment Trends

Median wage data for Computer Occupations, All Other.
Employment data for Computer Occupations, All Other.
Industry data for Computer Occupations, All Other.
Median wages (2022)
$47.47 hourly, $98,740 annual
State wages
Local wages
Employment (2022)
449,400 employees
Projected growth (2022-2032)
Much faster than average (9% or higher)
Projected job openings (2022-2032)
33,500
State trends
Top industries (2022)

Source: Bureau of Labor Statistics 2022 wage data external site and 2022-2032 employment projections external site. “Projected growth” represents the estimated change in total employment over the projections period (2022-2032). “Projected job openings” represent openings due to growth and replacement.

back to top

Job Openings on the Web

State job openings
Local job openings

back to top

More Information

back to top

Sources of Additional Information

Disclaimer: Sources are listed to provide additional information on related jobs, specialties, and/or industries. Links to non-DOL Internet sites are provided for your convenience and do not constitute an endorsement.

back to top