The candidate should have:

• minimum 4 years of professional experience in Digital Forensics and Incident Response
• language skills to communicate in English
• background in IT Security
• relevant certifications for DFIR and security
• knowledge about operating systems (Windows, Linux), memory forensics, networking, and core TCP/IP protocols
• a basic understanding of core processes in DFIR like the “Cyber Kill Chain” and others

 Host Forensics

 Understanding Windows, Active Directory, and Linux/ Unix core functions like:

• processes and services/ daemons
• file systems (NTFS, ext3, ext4, APFS, and others)
• registry on Windows and core files in /etc/ on Unix
• event logging on Windows and Unix/ Linux

Any candidate must be able to analyze core evidence on Windows systems like:

• prefetch, shimcache, LNK files, and shellbags
• timestamps in the file system and in NTFS files like $MFT, $J and $Logfile
• common autostart locations in the registry and the Windows operating system

 Host forensics can be done on the live operating system or on forensic hard drive images. The applicant must be able to perform both and should know the right processes to preserve, gather and analyze evidence in both scenarios.

Memory Forensics

Experience in:

• creating memory dumps with various tools
• analyzing memory dumps with Volatility, Rekall, or other products

Job Details

Preferred Candidate