i2EC Forensic Analyst


Forensic Analysts shall:   

  • Provide forensic and analytical PED support (which includes processing, exploitation and dissemination of latent fingerprints, digitized latent prints, forensic reports, production statistics for management status reporting and standard operating procedures / SOPs).
  • Provide Digital Media and CELLEX processing and analytical support to ensure rapid and accurate exploitation of captured enemy materials.
  • Devise a Digital Media Enabled Watch List (WL) for media of interest in accordance with all applicable SOPs. Manage the Digital Media WL in coordination with NMEC and SOF components to include SOF nominations with all applicable SOPs.
  • Provide DOMEX capability briefings to supported military units and visiting senior leaders.
  • Provide DOMEX production statistics to the COR weekly.
  • Deliver to the COR standardized weekly reporting to include metrics and vignettes of all WL encounters and i2 information of interest collected globally during the week and any future requirements gathering and process development.


  • Bachelor’s degree (BSEE, BSCS, BSCE) B.S. in Electrical Engineering (BSEE), or B.S. in Computer Science, or B.S. in Civil Engineering or equivalent Forensic degree from a four-year college or university; or equivalent combination of forensic training, certifications (from other DoD or USG training sources), and 3 years of experience with current forensics hardware, software, and methodologies.
  • Top Secret/SCI Clearance.

A minimum 1-year experience in a combination of the following:

  • Using FTK 1x/3x, EnCase 5x or 6x, iLook, P2 Commander, or similar forensic examination toolsets.
  • With new technologies and programming techniques for multiple software languages, including, but not limited to SQL programming, C#, C/C++, Perl, Python.
  • Using regular expression patterns in order to conduct bit-by-bit live searches on media.
  • Producing forensically sound images of digital media, i.e., SATA, IDE, flash drives using imaging software, such as FTK imager or other command line tools, both internal & external write block hardware.
  • Wiping, verifying, and validating media before and after conducting an examination.
  • Using virtual platforms such as VMware Server / Workstation in order to mount & view media in its native operating system.
  • Data recovery/carving experience using WinHEX, X-Ways Forensics or similar tool.
  • Using regular expression patterns in order to conduct bit-by-bit live searches on media.
  • Understanding Basic Unix commands for study of CACHE Flow Logs & of hexadecimal code, file structures to include file headers and footers.
  • Using Web filtering, Spam Filtering, and Message Capturing Technologies.
  • Conducting cell phone exploitation and extracting pertinent data using cell phone analysis tools such as Device Seizure, Neutrino, BitPim, .XRY/.XACT and other open source tools.
  • Using Hyper Terminal to communicate with cell phones using AT commands.
  • Using cell phone analysis tools such as Device Seizure, BitPim, .XRY/.XACT.
  • 24/7 shift work is required for contractors at HQ USSOCOM and is based on 4-rotating, 12/flex hour shifts that balance out between two 80-hour 2-week pay periods A 30 – 60 minute lunch break is allowed each shift

For more than 36 years, MacAulay-Brown, Inc. (MacB) has been solving some of the Nation’s most complex National Security challenges. Defense, Intelligence Community, Special Operations Forces, Homeland Security and Federal agencies rely on our advanced engineering services and product solutions to meet the challenges of an ever-changing world.  Join MacB where you will work a with team of highly experienced professionals in the areas of Intelligence, Cybersecurity, Research Development Test and Evaluation, Information Operations, fabrication, IT solutions, Logistics and Acquisition Management.  MacB has won multiple workplace awards, offers generous salaries and benefits, and has outstanding growth opportunities.


. . . . . . . .

Leave a Reply