Digital forensic technician

This occupation is found in all organisations that require a digital investigation/analysis of devices. These roles can be found in different public and private sector bodies and organisations that include digital forensics and criminal investigations within their service delivery. There is a significant demand on policing to examine digital devices making this a primary service offered by forensic service providers to policing. Within the public sector across the UK (and international) broader than just policing bodies this role is relevant to Security and Defence teams including the National Crime Agency, Ministry of Defence, Border Force, and other aspects of the Criminal Justice System. Private forensic service providers service all public sector requirements for device examinations as well as other investigation types not just criminal. Including internal corporate and intellectual property theft investigations. These companies vary in size and breadth of digital capability. This role works independently but with the support of other team members within an organisation that will vary in size. They are expected to work with investigators to formulate strategies. Some examiners will work in a police station or other government building, private sector examiners will work in a secure building.

The broad purpose of the occupation is for a Digital Forensic Technician to support the appropriate capture, preservation, and initial processing of digital evidence. They will provide triage and early decision-making for criminal investigations that will ensure the integrity of any digital evidence. This technical knowledge would apply to a range of digital material primarily from mobile devices and computer peripherals. Once experienced they will also apply this knowledge to identifying digital items suitable for further analysis utilising an appropriate technical method providing advice and support about the detection, preservation, seizure, gathering and processing of digital material. This role supports a range of case types that emphasis the need for individuals to have the ability to adapt and conduct dynamic risk assessments. Cases could include ‘live’ incidents, laboratory submissions, and in other proactive and/or reactive investigations where digital technology and data acquisition opportunities exist. The titles of the roles may vary across different organisations including police forces, but the core skills required of the role remain the same. This is an entry level role into Digital Forensics where the role develops the principles of digital device examinations whilst ensuring the data chain of custody for evidential use. Other roles will provide the more complex decision making and problem-solving aspects of the discipline. Individuals will work flexibly within an organisation utilising a range of standard tools and equipment. This maybe office based or more mobile/operational depending on the role/organisation. There is a requirement that this role will always be expected to adhere to relevant Health and Safety, for example wearing personal protective equipment and appropriate handling of electrical equipment. This role introduces a level of autonomy once the initial training is complete, to examine devices, but they would always have associated team support when required. The size of this team can vary depending on the organisation. They could be expected to work with investigators and broader investigation teams especially within an operational setting. The location they work will vary with some expected to work flexibly across several settings including at a crime scene, in a police force building or laboratory whereas commercial providers may offer a more conventional office environment. Some digital forensic departments are accredited laboratories, so individuals will be trained to understand the limitations and expectations of work within an accredited environment. Statement writing is expected of individuals working in the criminal justice system including court room training and report writing included. The role holder will be expected to monitor their own wellbeing with the aid of a range of tools including management support. The nature of digital forensic activities can often focus on high risk and harm cases, as such individuals need to be prepared that inevitably this role could be exposed to potentially distressing or upsetting digital data.

In their daily work, an employee in this occupation interacts with their local forensics team. This will include a clear reporting structure above this role including practitioners, team leaders or manager, and specialists. They will be part of regular conversations with supervisors/managers to identify ways to improve and receive support to achieve internal performance indicators and expectations. The investigative requirements of the role mean that all examiners would interact with a range of roles included in an investigation and/or forensics leads. They will also work with other team members within the department assisting others, sharing ideas, and conveying technical knowledge. Some organisations would also require them to present their findings at court, hearings/ tribunals and/or work with other experts. They may also work with legal teams including solicitors and barristers.

An employee in this occupation will be responsible for their own workload, being expected to technically problem solve and prioritise there time effectively. This would include planning their own working day. Utilising digital forensic capture tools. These are specialist capability tools designed to meet the expectations of processing material whilst ensuring evidential integrity and data management/extraction. Consideration would be given to ensuring all data handling meets the requirements of General Data Protection Regulations, Data protection: The Data Protection Act - GOV.UK (www.gov.uk) and appropriate forensic legislation for example Authorised Professional Practice, Extraction of material from digital devices (college.police.uk). It is a task driven role that will predominantly work to local or national standard operating procedures and quality standards. They are responsible for recognising the limitations of their competence and escalate activity if additional evidence is discovered or expertise is needed. They would need to be able to produce notes to an evidential standard that would support witness statement or report writing, replication by another suitably trained person, and court attendance if necessary. Take all reasonable steps to maintain and develop professional competence, taking account of material research and developments within the relevant field. The role requires security vetting and an expectation to work to an ethical framework, professional policing standards and Forensic Science Regulator Codes of Practice and Conduct. Forensic science providers: codes of practice and conduct - GOV.UK (www.gov.uk).