Member log on: Username Password

Digital CELLEX/ MEDEX Examiners (Tampa, FL) (Requires TS/SCI clearance) – POC in Listing

Posted by on May 22, 2020

To apply to this job, contact .

Job Title:  Digital CELLEX/ MEDEX Examiners

Location:  Tampa, FL with multiple short OCONUS deployments per year to hostile fire areas

Clearance:  Current DoD TS/SCI required

 

Quiet Professionals, LLC (www.QuietProfessionalsLLC.com ) is seeking multiple TS/SCI Cleared Deployable CELLEX/ MEDEX Examiners who shall leverage deep preexisting technical knowledge, supported by a variety of commercially-available, government-provided, and in-house developed digital forensic tools and techniques to fully exploit mobile devices and report findings.

 

CELLEX Examiners must possess a thorough understanding of the technical fundamentals behind digital forensics as they relate to CELLEX including: mobile file systems, mobile operating system internals, mobile applications, binary file formats, encryption/encoding/hashing algorithms, Wi-Fi, Bluetooth, nearfield, and cellular communication protocols and artifacts, roots/jailbreaks/vulnerabilities,  the inner workings of bootloaders, firmware, the baseband, patches, permissions, and common locations of artifacts of interest. Examiners must be able to display unquestionable proficiency with the process of forensic imaging, being able to reliably produce forensically-sound images using a wide variety of tools, like the ADB shell itself, Cellebrite UFED Touch 2 and 4PC, XRY, AXIOM Acquire, etc. They must be innately familiar with various imaging formats (RAW, E01, Vendor Proprietary) imaging types (Physical, File System, Logical), hashing algorithms (MD5, SHA, etc.), and know what to do when commercial tools fail. They must also be familiar with the principles of chain-of-custody, the importance of following Standard Operating Procedures (SOP)s in a reliable and repeatable manner and taking detailed notes that are courtroom ready in the event that it ever becomes necessary. Further, they must be proficient in handling various types of hardware devices, cables, chargers and associated removable storage (if applicable). They must also be able to identify and assess damaged hardware for escalation to hardware teams without further jeopardizing recovery efforts.

 

MEDEX Examiners shall leverage deep preexisting technical knowledge, supported by a variety of commercially-available, government-provided, and in-house developed digital forensic tools and techniques to fully exploit digital media and report findings. Examiners must possess a thorough understanding of the technical fundamentals behind digital forensics including: file systems, operating system internals, binary file formats, encryption/encoding/hashing algorithms, and an understanding of Windows registry analysis (for Windows examinations). Examiners must be able to display unquestionable proficiency with the process of forensic imaging, being able to reliably produce forensically-sound images using a wide variety of tools, from DD to FTK Imager. They must be innately familiar with various imaging formats (DD, E01, AFF, etc.) imaging types (i.e. Logical vs. Physical), hashing algorithms (MD5, SHA, etc.), and hidden disk areas like HPA/DCO. They must also be familiar with the principles of chain-of-custody, the importance of following Standard Operating Procedures (SOP)s in a reliable and repeatable manner and taking detailed notes that are courtroom ready in the event that it ever becomes necessary. Further, they must be proficient in dismantling various types of hardware devices (desktops, laptops, game consoles, drones, and other enclosures or devices) in a non-descriptive manner to access the storage media that must be imaged. They must also be able to identify and assess damaged hardware for escalation to hardware teams without further jeopardizing recovery efforts.

 

Requirements:

 

  • Current DoD TS/SCI security clearance
  • Must be willing and able to assist in the conduct of Site Exploitation (SE), providing the full-gamut of aforementioned technical exploitation services anywhere in the world that the customer operates, be medically deployable, and willing to deploy multiple times a year OCONUS to locations that may include hostile fire areas
  • Bachelor of Science Degree (or higher) is preferred in Computer Science, Electrical Engineering, Computer Engineering, Data Science, Computer Information Systems, Math, Computer Forensics/Digital Investigations, Information Technology, Criminal Justice, Intelligence Studies, or another degree. An applicable Master of Science degree may be counted as two additional years of experience
  • CELLEX Examiners must be fluent in at least one, but preferably multiple, core commercial forensic analysis platform such as, Physical Analyzer (from Cellebrite), XRY (from MASB), and AXIOM (from Magnet Forensics®).
  • MEDEX Examiners must be fluent in at least one, but preferably multiple, core commercial forensic analysis platform such as, EnCase® Forensic (from opentext™), X-Ways Forensics (from X-Ways Software Technology AG), Forensic Toolkit [FTK®] (from ACCESSDATA®), MAGNET Axiom™ (from Magnet Forensics®) and fluency in at least one, but preferably multiple, core commercial forensic imaging tools such as DD (or DC3dd), FTK Imager, EnCase Imager, AXIOM Acquire, Imaging for Operations (IO)
  • Examiners must be able to conduct detailed full-scope forensic examinations without having to rely on any particular tool or set of tools.
  • Must be proficient in the use of the shell and a hex editor, have a strong understanding of how SQlite databases work, understand the nuances of foreign text/language encoding methods, and be able to craft SQL statements.
  • Must be familiar with all core elements of technical exploitation examinations
  • Able to conduct targeted searches for information of immediate operational relevance, Large dataset analysis to include conducting foreign-language keyword searches, Advanced app and internet history analysis, Logical file and related metadata extraction, deduplication, and ranking/pruning, Deleted data recovery (carving), basic binary-level file repair, and sector-level entity extraction, The identification of encrypted files, containers, and volumes, The identification of anti-forensic practices, i.e. steganography, data hiding apps, hidden or protected messing applications, free-space wiping tools, and other generic data hiding tricks
  • Have a general understanding of how mobile malware operates, be able to detect its existence, and extract relevant artifacts for escalation to Reverse Engineering teams
  • Examiners must be able to act as subject matter expert-level technical resources to federated partners, internal customers, and forward-deployed elements. They must provide timely and on-demand remote support to various operational and non-operational elements in order to ensure mission success
  • Examiners must be able to rapidly produce and concisely brief technically proficient triage-level, analyst targeted and deep-dive reporting products, intelligently prioritizing the depth of examination based upon current operationally imposed time constraints
  • Examiners must be able to generate professional technical exploitation reports of interest to the U.S. Government (USG) and their partners,  Develop device, collection, and cross-collection based reports to meet mission demands
  • Examiners must be willing and able to design, plan, integrate, support, and execute full-spectrum technical exploitation training and exercises
  • Demonstrated understanding of the technical fundamentals and core forensic principles required to perform all the aforementioned tasks with competency and accuracy
  • Demonstrated fluency in at least one, but preferably multiple, core commercial forensic imaging tools such as Cellebrite UFED products, XRY, AXIOM Acquire
  • Demonstrated fluency in at least one, but preferably multiple, core commercial forensic analysis platform such as UFED Physical Analyzer (from Cellebrite), XRY (from MASB), MAGNET Axiom™ (from Magnet Forensics®)
  • Possess at least one active industry or DoD standard forensic certification (i.e. CCME, CCO, CCPA, CMFF, CUFO, XRY Certification, MCFE, EnCE, ACE, CCE, GIAC, CFCE, DC3/DCITA Certified Digital Forensic Examiner)
  • Experience conveying highly technical information effectively and concisely to a wide range of audiences via both briefings and technical reports
  • 2+ years of technical exploitation experience (or directly related experience). Examples of qualifying experience includes, but is not limited to, conducting digital forensic investigations, providing technical MEDEX/CELLEX/DOMEX/TECHEX services, targeted forensic software development, binary file or application reverse engineering

 

Send resumes to:  Dave@QuietProfessionalsLLC.com

Info

  • Location:
  • Salary: Not provided
  • Clearance Required: No
  • Spouse Friendly: No

To apply to this job, contact .