Cyber Forensics
Collecting, examining, analysing, and preserving digital evidence from computer systems, networks, and devices in a legally admissible manner to investigate cyber incidents or crimes.
Proficiency Level
Level 1 (Follow)
- Follows strict procedures for identifying and isolating potential digital evidence sources under direct supervision.
- Accurately labels and documents the handling of physical media or devices according to instructions.
- Maintains awareness of basic chain of custody principles.
Level 2 (Assist)
- Assists forensic investigators in acquiring forensically sound images of storage media using standard tools and techniques.
- Helps meticulously document all steps taken during evidence handling and acquisition (maintaining chain of custody).
- Performs basic keyword searches or data extraction tasks on acquired images under guidance.
Level 3 (Apply)
- Conducts forensic examinations of common digital devices (computers, mobile phones) and media using standard forensic tools and methodologies.
- Recovers deleted files, analyses file system structures, and examines operating system artefacts (e.g., logs, registry).
- Documents findings clearly and objectively in preliminary reports.
Level 4 (Ensure)
- Plans and leads complex cyber forensic investigations involving multiple systems, networks, or advanced techniques (e.g., memory forensics, network forensics).
- Ensures adherence to legal standards, rules of evidence, and internal procedures throughout the investigation.
- Interprets complex technical findings, correlates evidence from multiple sources, and prepares comprehensive expert reports.
Level 5 (Strategise)
- Develops and maintains the organisation's cyber forensic policies, procedures, and laboratory capabilities.
- Establishes forensic readiness plans to ensure evidence can be effectively captured when needed.
- Provides expert testimony and advises legal counsel or senior management on complex forensic matters.