Page 1 of 5 Position Code #P10260 POSITION TITLE: Computer Forensics DEPT./DIV.: Investigative Services Support Technician REPORTS TO: Sergeant, Technological Crimes Unit BRANCH: Forensic Identification - Technological Crimes Unit ASSOCIATION: Civilian LOCATION: Headquarters GRADE LEVEL: E DATE CREATED: January 2013 SALARY PER ANNUM: HOURS OF WORK: 35 hrs/wk Mon-Fri Day Shift GENERAL PURPOSE: Under the direction of the Sergeant of the Technological Crimes Unit, the Computer Forensics Support Technician is primarily responsible for providing technical support to computer forensic investigators in the Technological Crimes Unit. MAJOR RESPONSIBILITIES: Receives exhibits from internal and external clients and ensures they are photographed and recorded pursuant to Waterloo Regional Police Service procedures. Prepares forensic acquisitions from seized media and stores information on Technological Crimes Unit server for further investigation by forensic investigators. Processes and prepares exhibits and acquisitions as received or occasionally on a priority basis as directed by the Sergeant. Archives computer investigative data upon case conclusion for retention to the expiration of their authorized retention periods. Installs, configures and troubleshoots computer workstations, peripheral equipment, and software applications using Microsoft Windows, Linux, Apple Macintosh, and other related operating systems for the Technological Crimes Unit. Identifies and resolves operational and connectivity problems with computer and workstations and peripheral equipment. Performs application upgrades and ensures adequate backup, storage and recovery procedures on local servers. Fields phone calls from investigators throughout the police service, along with personnel from other Police, Government departments, and the general public, answering general inquiries and referring phone calls requiring decisions to the Sergeant of the Technological Crimes Unit. Conducts examinations of computers, cellular phones, global positioning systems (GPS), and other corresponding electronic media to secure and recover data as digital evidence. Provides technical assistance and advice in evaluating cases where computers, cellular phones, GPS and other corresponding electronic media are potential evidence.
Page 2 of 5 Position Code #P10260 Determines the most appropriate method of protecting original evidence and recovering deleted, erased, hidden and encrypted digital evidence. Maintains strict adherence to chain of custody for all evidence and ensuring the integrity of each item of evidence handled and analyzed. Maintains records, documentation, and/or reports such as a log book concerning activities performed which may be referred to for court purposes. Prepares formal written reports suitable for presentation in court that states the methods of analysis and results. May be required to provide expert testimony in the field of computer forensics; prepare evidence and present expert testimony in court on results of seizure and handling of evidence, and results of analysis conducted. Attends training, workshops and seminars as approved to maintain current knowledge of trends and developments in the field of computer forensics. Maintains current knowledge of computer technology as it relates to hardware, software, operating systems and networking. Performs other related duties as assigned. RESPONSIBILITIES FOR MATERIAL/FINANCIAL RESOURCES: Ensures that a personal computer and digital camera used for own work is maintained in good working condition. Does trouble shooting and maintenance of specialized computer resources and equipment used by Technological Crimes Unit members. Performs servicing, repairs and installation as required. Maintains and updates the storage of computer investigative data for easy retrieval by others in the Branch, while protecting the integrity of the data for future use in court. NATURE & IMPACT OF ERROR: Errors in following the procedures of receiving, photographing, logging, processing digital evidence and continuity of evidence could result in damage to or loss of evidence. Errors such as mishandling of evidence or incorrect technical advice regarding which evidence to process may impact on personal credibility as an expert witness and may result in trial acquittals. RESPONSIBILITY FOR SUPERVISION OF STAFF & OTHERS: The incumbent has no formal responsibilities for supervision of staff and others, but provides technical assistance and advice to others in the Division regarding which items collected during an investigation should be processed for digital evidence. Provides technical support to investigators within the Division on the use and operation of hardware and software computerized systems.
Page 3 of 5 Position Code #P10260 CONTACTS & HUMAN RELATIONS: Internal: Receives daily direction and guidance from the Sergeant of the Technological Crimes Unit. Has daily contact with immediate co-workers within the branch to receive exhibits, answer general inquiries, and to provide technical assistance as required. Has regular contact with staff from all areas of the police service in person, by phone and e-mail to obtain, provide and clarify information. External: Has regular contact with other police services, government departments and the general public to answer general inquiries. May be required to testify in court. EFFORT (Mental/Physical): Follows clear instructions and internal procedures regarding the recording and photographing of received exhibits, examining and analyzing electronic media, and providing technical assistance. Maintains the integrity of data storage systems so data can be searched. Follows strict guidelines to process evidence. Responds to calls for assistance with computer systems within the Division. Assesses and gathers information to troubleshoot and repair computer systems and network problems. Schedules and organizes own work according to ongoing projects and volume of work. Occasionally works toward strict deadlines as directed by Sergeant. Receives work assignments from the Sergeant of the Technological Crimes Unit. Refers nonroutine queries or inquiries requiring decisions to the Sergeant. Maintains current knowledge and skill level through self-study, reading journals, and through formal outside courses. Periods of prolonged sitting, mental concentration, manual dexterity and attention to detail required to process evidence. Incumbent is exposed to long periods of time viewing a computer monitor. Frequently lifts and/or moves objects weighing up to 10 pounds; occasionally lifts up to 30 pounds. May be required to kneel, crouch, crawl, climb, bend, twist, reach, and manipulate objects when processing electronic evidence or working on computer workstations and peripheral equipment. Majority of work is performed sitting at a desk. WORKING CONDITIONS: Work is performed in a small, confined server room, subject to occasional interruptions from staff and other police services requesting information. Work environment is moderately noisy and may occasionally be very loud. Work is performed to meet deadline requests which requires multi-tasking. Contacts are occasionally impatient and unreasonable, requiring the incumbent to be polite and tactful as well as informative. May be exposed to evidence of a graphic or disturbing nature.
Page 4 of 5 Position Code #P10260 May be required to travel within and outside of Canada when attending training and educational sessions. SKILL: a) Knowledge: Knowledge of computer science or a related discipline, normally acquired through a degree, diploma or certificate in computer science or a related discipline from a recognized college or university, or related work experience. Preference may be given to an applicant who has a Certified Information System Security Professional (CISSP) certification; CompTIA certifications in A+, Network+, Security+, or Server+; six months of experience in technological crime investigations and/or computer forensic analysis; and has completed a course, training, or has related experience in basic digital photography and terms. Certification and/or working knowledge of the following required: - CompTIA A+ certification or a strong knowledge of hardware and software; - CompTIA Network+ certified or a strong knowledge of computer network technologies, infrastructure and protocols; - CompTIA Security+ certified or a strong knowledge of network security, threats and vulnerabilities, and cryptography; - CompTIA Server+ certified or a strong knowledge of server issues and technology, including disaster recovery. Strong working knowledge of database design, implementation, performance tuning, debugging, optimization, monitory and replication required. Must have a strong understanding of programming languages including C/C++, Visual Basic.net, PEARL, PHP, Python, Java and Javascript, XML and HTML. Must have the ability to preserve and process evidence, document and preserve continuity of evidence, examine and analyze evidence, observe minute detail, manage equipment and supplies, and prepare documents for court. Required to explain complex computer functionality and structure in lay terms, multi-task and work independently with minimal supervision. Must have excellent interpersonal skills. Skill in the operation of a personal computer, digital camera and knowledge of software programs such as Microsoft Windows, Linux, Apple Macintosh and other related operating systems. Ability to reference procedures of the Identification of Criminals Act, the Criminal Code, the Youth Criminal Justice Act, the Occupational Health and Safety Act WHMIS requirements, to consistently perform data entry and task functions and to comply with the Records Retention Schedule and the Freedom of Information & Protection of Privacy Act and disclosure protocol.
Page 5 of 5 Position Code #P10260 Familiarity with police records file keeping, storage and query methods, the judicial system and related paper flow processes, court related terminology and processes and police related agencies. Knowledge of WRPS organizational structure, chain of command, branch functions and related paper flow processes and procedures. A valid Class G Ontario Driver s Licence with no more than six demerit points required to travel within and outside of Canada to attend WRPS Divisions, attend meetings, seminars, training and conferences. Required to participate in ongoing training and self-development. Must be able to physically able to lift and move heavy computer equipment on a regular basis. Must be mentally able to perform the duties of the position including dealing with difficult clients, subject matter, and graphical images. Ability to meet testing requirements for the position, including a psychological examination and report satisfactory to the Chief of Police. Ability to meet police security clearance requirements and to maintain confidentiality. Ability to participate as an effective team member. Must have an understanding of the WRPS Shared Vision Statement, including the Ideals of Excellence, and mission statement. Must know and display throughout daily activities the WRPS core values. b) Language Communication (Written & Verbal): Ability to verbally respond to inquiries in person and by telephone to provide information in a polite and courteous manner. Proficient in spelling, grammar and composition to send routine messages by fax and e-mail and to submit reports internally and to other police agencies.