WILTSHIRE POLICE
Job Description
Post Title: Mobile Device Examiner / Department: Digital ForensicsPost Number: TBC / Work Location: Devizes
Grade: W8 / Security Vetting Level: SC
Responsible to: Data Forensics Team Leader / Date: Feb 2015
Reporting Structure:
Mobile Device Examiner
Job Purpose
To provide SW Regional Forces with an evidential Data Investigation capability. Through examination of a broad range of complex and technical equipment is used to forensically examine digital devices including mobile telephones, memory cards, GPS devices and other submissions as appropriate. The majority of the examinations will be undertaken at the request of the Investigating Officer to provide intelligence and evidence to prosecute offenders.
Maintain the integrity and continuity of evidence with subsequent presentation at judicial proceedings.
Main Responsibilities
1. Forensic and Technical Examination of Digital Devices
To carry out forensic examination of new and redundant digital devices including mobile phones, pc tablets, SIM cards, memory cards, GPS devices, Modems and media devices and, where applicable, secure, retrieve and examine data in accordance with national guidelines utilising multiple complex specialist software. Work independently to manage mobile device examinations including risk management, and problem solve the complexities of forensically examining mobile devices to indentify evidence of criminal offences. Conduct physical examinations of items submitted: disassemble, carry out forensic acquisition of data in accordance with best practice and national guidelines. Re-assemble as required. Using testing and problem solving techniques conduct hexadecimal dumps and write scripts for recovery of all potential data. Record all processes contemporaneously with accuracy in written or electronic format, and also by photography. To work alongside specialist unit and assist with their operations.
2. Examination/Interpretation of Data
To examine processed data in accordance with agreed criteria set by investigators and unit supervisor. Identify geo-tagged photos and plot them on a map. Locate and interpret traces of Bluetooth, Wi-Fi and VPN, Google Maps, You Tube and Safari usage. Use complex reverse engineering and Flashing techniques to recover additional forensically sound data. Be innovative and creative using problem solving skills and techniques to recover and interpret deleted data from a raw image including hexadecimal analysis and present in an appropriate format. Conduct testing and validation techniques to produce verifiable evidential reports. Examine unrecognised files for potential evidence. Use specialist technical and analytical skills to establish the provenance of the evidence and the user’s interaction with it. Assess submitted exhibits and decide the best methods, software and techniques to achieve the best evidential results. Assess recovered data for its evidential content and grade according to the specific relevant legislation and guidance. Independently assess the recovered data and decide upon the appropriate method of progression / reporting.
3. Reporting of Data and Intelligence
Process recovered data into a form suitable for investigators to examine for evidential content relative to the investigation, which can be readily understood and evaluated by third parties and/or independent experts or authorised persons. Have a good working knowledge and understanding of the rules of evidence relating to the preservation and presentation of evidence in court. Be able to facilitate a viewing of the data by the case officers and advise accordingly to enable a clear understanding of the material. Process and produce image reports in the appropriate format from images captured and recorded using conventional photographic and video or digital means. Take personal responsibility in the preparation of intelligence reports for National/International Law Enforcement Agencies and risk asses the magnitude of impact the information will have and prioritise workloads appropriately where applicable in accordance with Force and National guidelines for further investigation within Force or elsewhere.
4. Continuity, Security and Statements of Evidence
Manage and maintain the continuity of evidential exhibits, reports and working-copy information. Record the handling and processing of images/data used as evidential material. Take personal responsibility in the preparation of statements of evidence and attend court/ judicial proceedings when required to give evidence on results of the examinations undertaken and the complex processes involved. Present evidence in court, in a professional and technically competent manner in a capacity of an ‘expert witness’ as directed by the court. Attend pre-trial conferences with prosecution counsel and present briefings and guidance on the technical aspects of forensic evidence and the complex processes involved. Knowledge of legislation to identify illegal content to enable correct handling of data and advise Investigators. Maintain and record the continuity of exhibits and report on this within witness statements. Take personal responsibility to ensure any relevant data supplied to defence experts and/or other agencies is correctly documented in relation to the memorandum of undertaking. Ensure all sensitive and/or illegal data which leaves the unit is encrypted in accordance to unit/Force policies.
5. Specialist Technical Advice and Assistance
Provide specialist advice and knowledge regarding processing equipment and its operation, including ACESO units on division, train visiting police staff in use of designated items of equipment within the Department. Provide specialist advice and guidance for the viewing and interpretation of recovered material in line with current legislation. To attend operational briefings to provide guidance and professional opinions on data, mobile devices and computer related matters. Assist with major crime (MCIT) Investigations. Advise on seizure, packaging storage and submission of digital devices. To liaise with specialist units, The Crown Prosecution Service, prosecution and defence solicitors, forensic organisations, other police forces and suppliers.
6. Knowledge/Legislation
Maintenance of ongoing professional personal development for Technical / Criminal law and Procedural aspects of the forensic computing arena. Knowledge of legislation in relation to Hi-Tech Crime, including Regulation of Investigatory Powers Act, Computer Misuse Act, Data Protection Act and ACPO Guidelines for Computer Based Evidence and how this interacts with digital evidence and Freedom of Information Act 2000, The European Convention on Human Rights and Management of Police Information in relation to all work processes.
7. Research, Training and & Development
Liaise on a regular basis with colleagues in other Law Enforcement Agencies and other forensic practitioners in order to share and learn best practice. Develop and maintain specialised and up to date technical knowledge of both general and forensic procedures, keeping abreast of developments by attending courses, conferences and exhibitions as required within the digital forensics industry in order to secure the success of future investigations and to further develop the Data Investigations. Research and develop new systems for the improvement of services and facilities to the organisation and integration of exhibits submitted. Train staff in use of designated items of imaging equipment and policy/processes within the department. Provide training to officers on related policies and procedures. Maintain ongoing professional development. Conduct other associated tasks that are considered appropriate given the rapid changes in technology and the amendment of practices to take these into account thus assisting in the criminal justice process. Maintain quality of end product produced for investigating officers.
8. Management and Maintenance of Equipment
Take responsibility of the management and maintenance of the unit’s forensic equipment, systems and storage including licensing and maintenance issues. Carry out routine maintenance and minor repairs on equipment within the unit. Undertake first line servicing/ repairs/ maintenance of computer equipment and systems within the unit, acknowledging health and safety requirements. Manage and maintain ACESO units on division for level 1 examination of mobile devices. Provide expert advice on system functions, capabilities and queries internally and externally. Arrange, provide and install latest software version updates. Ensure audit trails are kept up to date and available. Manage stock and consumables of CD’s/HAC cards and related items. Ensure lines of communication are open with ACESO trained officers and Radio Tactics.
Financial:
Non-Financial:
Person Specification
Mobile Device Examiner
Attributes / On Appointment / CriteriaQualifications: / Qualification in information and communication technology/computer sciences or equivalent experience in technical fields such as telecommunications, electronics or digital media.
Knowledge of evidence gathering for mobile devices and technical knowledge of dismantling/re-assembly of mobile devices. / Essential
Essential
Experience: / Proven experience in the field and possession of a good up to date knowledge of mobile communication devices, networks and operating systems including Android, iOS and Microsoft. / Essential
Experience of ICCID, IMEI and phone architecture. / Essential
Previous experience in the field of Forensic Investigations. / Desirabe
Previous experience of reading/analysing hexadecimal and/or binary data.
Experience of having given evidence at court. / Desirable
Skills:
Competent in the use of Microsoft Word, Outlook and Excel.
Computerised databases and other Office software suites. / Desirable
Excellent problem solving skills and the ability to undertake multiple complex technical issues. / Essential
Display tenacity in investigative work and proven ability to make good decisions.
Proven ability to communicate ideas and information where the subject can be complex and technical, both verbally and in writing in a style that is appropriate to the situation and people being addressed. / Essential
Essential
l
The ability to work with graphic and traumatic images and information. Individuals will have the ability to recognise and manage their own stress levels in conjunction with their line manager / Essential
Ability to work within strict protocols using initiative, flair and imagination to identify and recommend improvements. / Desirable
Ability to learn and work with new or unfamiliar complex software systems.
Good planning and organisational/administrative skills in order to meet deadlines and associated timeframes.
Proven ability to work within a team.
A commitment to continuous personal development in digital forensics.
High personal and professional standards and integrity
Ability to work unsupervised, using own initiative in decision making to be accountable for any results and the impact they may have
Ability to maintain accuracy and attention to detail over prolonged periods / Essential
Essential
Essential
Essential
Essential
Essential
Knowledge: / Knowledge of the internet and networks
Knowledge of multiple technical forensic data recovery methods and software packages and how this interacts with digital evidence
General awareness of equality and diversity issues in the working environment
Knowledge and understanding of the rules of evidence and how this interacts with complex technical forensic mobile device examinations / Essential
Essential
Essential
Essential
Essential
Awareness of workplace health & safety issues / Desirable
Maintain a sound knowledge of relevant parts of legislation to included, ACPO Guidance, Police & Criminal Evidence Act 1984, Regulation of Investigatory Powers Act 2000, Criminal Procedure & Investigations Act 1996, Sex Offences Act (Indecent Images of Children), Coroners and Justice Act 2009 (Prohibited Images), Criminal Justice and Immigration Act 2008 (Extreme Pornography) and Misuse of Computers Act 1990. / Essential
Attributes / After Training
Qualifications: / Complete courses as required to forensically examine mobile communications/digital devices and maintain currency in technical advances/developments. Such training must include:
Cellbright Analysis Course
XRY/XACT Logical and Physical Examination Courses
Apple iPhone/products Forensic Course
NPIA Core Skills in Mobile Telephony Forensics
Accredited in the use of multiple Forensic software/packages
Experience: / Assembly and disassembly of technical equipment from various system installations
Provision of evidence and statements for the investigative and judicial process
Presentation of evidence at judicial proceedings
Advanced knowledge in Hexadecimal dumping and analysis
Experience of writing scripts to recover potential evidence.
Experienced in the provision of support and advice to officers in respect of information and data held on mobile devices seized during criminal investigations
Experienced in the maintenance and upgrade of computer systems used in investigations.
Experience in the varying methods used in acquisition and investigation of mobile devices
Skills: / Ability to carry out fault finding and maintenance tasks on equipment and cabling
Ability to train technical and non technical support and operational staff on the correct use of equipment
Ability to train staff on new equipment/systems etc
Ability to solve technical related problems and provide 1st line advice/support to officers within business area
Ability to recognise data recovered for its evidential value
Ability to assimilate training received and cascade it to others.
Ability to develop and adapt to changing working practices in order to meet the demands of Wiltshire Police/SW region, new legislation or new policies introduced within the Wiltshire Police/SW region
Greater understanding and ability to risk assess against necessity proportionally to the investigation and organisational needs
Ability to maintain the forces administration and computerised inventory management systems
Ability to research and develop new technology to develop the role, facilities, and capabilities in the conjunction with mobile devices and software
Ability to liaise with other law enforcement agencies and specialised outside agencies on sensitive high risk operations
Greater understanding and ability to recognise risks and manage them effectively.
Take personal responsibility and be accountable for the examination results and reports
Ability to work unsupervised
Give advice and guidance to internal and external customers
Ability to attend and make presentations to meetings both internally and externally and respond to queries relating to Forensic matters
Knowledge: / Knowledge of the judicial and evidential procedures for the collection and presentation of evidence
Knowledge of legal and procedural issues involved in preparation of case papers for prosecution.
Knowledge of relevant Force processes and procedures
Greater understanding and knowledge of the relevant parts of legislation in relation to digital forensics crime including the interception of communication, photographs of children, data protection and ACPO guidelines, Sexual Offences Act 2003 (Indecent Images of Children), Criminal Justice and Immigration Act 2008 (Extreme Pornography), Coroners and Justice Act 2009 (Prohibited Images) Sound knowledge of legislation in relation to the Sex Offenders Act sentencing.
Knowledge of the processes around seized mobile phones
An in-depth knowledge of mobile device file systems evidence gathering and device investigation
In-depth knowledge of mobile device Forensic Recovery and presentation
Greater knowledge of computer software and working of computers
Understanding of your responsibility under Equal Opportunities and the way in which your role and the organisation may impact on minority and more vulnerable communities within Wiltshire
Greater understanding of relevant health & safety issues within your working environment. Undertake and maintain Officer Safety Training as and when required.
Understanding of the impact of the Human Rights Act on the organisation and the role that you undertake
Greater understanding of Data Protection and Freedom of Information issues within your working environment
Sound knowledge of Force databases and systems
Knowledge and identification of varying digital devices and their connectivity
Basic knowledge and understanding of digital technology and terminology
1