Digital Forensic Analyst

POSITION SUMMARY

Guardian Forensics is seeking a detail-oriented and technically proficient Digital Forensics Analyst to join our team at the Junior, Intermediate, or Senior level. This role is a step above the Technician position and is designed for an examiner who can move beyond evidence handling into investigative forensics, defensible analysis, timeline development, investigative reporting, and direct support to attorneys, corporate clients, and internal leadership.

The Analyst will work with computers, mobile devices, cloud data, removable media, and related digital evidence both in the laboratory and, when needed, in the field. Case assignments span criminal, civil, corporate investigation, incident response, eDiscovery, insider threat, intellectual property, and white-collar matters. As the Analyst advances in level, they assume increasing autonomy, report ownership, and responsibility for mentoring junior staff.

Evidence Handling & Chain of Custody

• Collect, preserve, image, process, and document digital evidence from computers, mobile devices, removable media, cloud platforms, and related sources using legally defensible methods.
• Maintain accurate chain-of-custody records, evidence logs, intake documentation, processing notes, and case activity records throughout the evidence lifecycle.
• Ensure forensic integrity through verified acquisition using hardware write-blockers (Tableau TX1 and equivalent) and validated imaging workflows.
• Oversee evidence storage, lab organization, and deployment kit readiness; assist in maintaining forensic workstation and hardware currency.

Forensic Examination & Analysis

• Conduct forensic examinations to identify user activity, file access, timeline events, communications, application usage, external device activity, cloud synchronization, and other artifacts relevant to the scope of work.
• Use forensic tools including Cellebrite, Magnet AXIOM, FTK, EnCase, Tableau hardware, MetaSpike, and Intella to acquire, parse, validate, and review data across computer, mobile, and cloud environments.
• Perform advanced analysis including timeline reconstruction, artifact correlation, deleted/encrypted data recovery, and mobile application artifact interpretation.
• Support incident response engagements including endpoint triage, log analysis, and breach scoping.
• Execute eDiscovery workflows including data processing, culling, tagging, and production in coordination with legal teams.
• Assist with trade secret and intellectual property matters, insider threat investigations, business email compromise, and white-collar engagements.

Reporting & Expert Testimony

• Prepare clear, written reports, examiner notes, case summaries, and supporting exhibits suitable for attorney review, corporate stakeholders, and potential court use — authored to legally defensible standards.
• Translate complex technical findings into accessible language for non-technical audiences including juries, executives, and opposing counsel.
• Author or contribute to white papers, How-To documentation, and internal research projects as assigned by senior examiners or leadership.
• Peer-review reports and examiner notes produced by Technicians; provide constructive, standards-based feedback.
• Provide expert witness testimony in depositions, hearings, and trials as proficiency and experience level permit.

Investigative Support & Team Development

• Assist senior examiners and leadership with investigative strategy, issue spotting, quality review, and follow-up analysis on active matters.
• Participate in field collections, on-site preservation work, and remote response activity as assigned, lead field deployments at the Senior level.
• Mentor and guide Digital Forensics Technicians in tools, methodology, documentation standards, and professional conduct.
• Contribute to the development and refinement of standard operating procedures, forensic protocols, training materials, and quality control processes.
• Stay current on operating systems, forensic tools, mobile ecosystems, cloud platforms, legal precedents, and evolving investigative techniques through structured training and independent study.

QUALIFICATIONS

Required Qualifications

Preferred Qualifications

• Associate's or Bachelor's degree in Digital Forensics, Cybersecurity, Information Technology, Computer Science, or a related field; equivalent technical experience may be considered.
• Working knowledge of Windows, macOS, iOS, and Android operating systems, file systems, user profiles, and common digital evidence sources.
• Demonstrated ability to document findings carefully and communicate technical concepts clearly in writing.
• Strong analytical, organizational, and problem-solving skills with superior attention to detail.
• Ability to work independently, manage case tasks, and follow direction in a high-trust, confidential environment.
• Professional appearance and demeanor; ability to interface with clients, attorneys, and law enforcement with confidence.
• Reliable transportation; willingness to travel regionally across Oklahoma, Arkansas, and Texas.
• Ability to lift and transport equipment weighing up to 50 pounds.
• Must pass background checks, drug screening, and maintain ongoing compliance with company security policies.
• 1–3 years of hands-on digital forensics, cyber investigation, eDiscovery, incident response, or closely related technical experience.
• MUST HAVE — Training and direct experience with one or more platforms: Cellebrite, Magnet AXIOM, FTK, EnCase, Tableau, MetaSpike, or Intella.
• MUST HAVE OR PURSUING — Relevant certifications: Cellebrite CCO/CCPA/CCME, Magnet MCFE, EnCE, CFCE, GCFE, GCFA, or comparable credentials.
• MUST HAVE — Demonstrated experience with report writing timeline analysis, artifact interpretation, and evidence presentation.
• Exposure to field collections, business email compromise, insider threat, data theft, mobile device forensics, or cloud evidence review.
• Experience authoring or contributing to white papers, SOP documentation, How-To guides, or forensic checklists.
• Comfort conducting independent technical research and converting findings into repeatable investigative workflows.
• Prior experience in law enforcement, military intelligence, legal support, or corporate security investigations.
• Willingness to participate in structured onboarding, hands-on mentoring, independent study, and tool-specific training consistent with Guardian Forensics standards.
• Ability to conduct independent technical research and convert findings into practical investigative methods, checklists, or SOP improvements.
• Commitment to maintaining confidentiality, objectivity, defensible methodology, chain-of-custody integrity, and professional ethics at all times.
• Must be able to have flexibility to work outside standard hours during active digital forensics investigations, incident response engagements or time-sensitive investigations.
• Demonstrated interest in long-term growth within Guardian Forensics, with potential advancement toward Specialist, Senior Analyst, Examiner, and Investigator roles as proficiency increases.

APPLICATION PROCESS

Interested candidates should submit a resume, curriculum vitae (CV), and a brief cover letter describing their qualifications, technical background, and interest in digital forensics to:

Alvey Matlock |

Priority Consideration: Candidates who submit a 2–4 minute introduction video describing themselves and their experience in the DFIR field will be given priority in the interview process.

Pay: $45,000.00 - $85,000.00 per year

Benefits:

• 401(k)
• 401(k) matching
• Flexible schedule
• Paid time off

Work Location: In person

Salary : $45,000 - $85,000