Position Summary
Guardian Forensics is seeking a detail-oriented and technically proficient Digital Forensics Analyst to join our team at the Junior, Intermediate, or Senior level. This role is a step above the Technician position and is designed for an examiner who can move beyond evidence handling into investigative forensics, defensible analysis, timeline development, investigative reporting, and direct support to attorneys, corporate clients, and internal leadership.
The Analyst will work with computers, mobile devices, cloud data, removable media, and related digital evidence both in the laboratory and, when needed, in the field. Case assignments span criminal, civil, corporate investigation, incident response, eDiscovery, insider threat, intellectual property, and white-collar matters. As the Analyst advances in level, they assume increasing autonomy, report ownership, and responsibility for mentoring junior staff.
Role Emphasis: Approximately 50% evidence processing & quality documentation | 50% analysis, reporting & case support
Analyst Level Tiers
| Junior Analyst | Intermediate Analyst | Senior Analyst | |
|---|---|---|---|
| Compensation | ~$22–$28/hr. | ~$28–$36/hr. | ~$36–$40+/hr. |
| Experience | 0–2 years | 2–4 years | 6+ years |
| Case Autonomy | Supervised; guided workflow | Independent; peer-reviewed reports | Leads cases; mentors team |
| Processing / Analysis | 60% Processing / 40% Analysis | 50% Processing / 50% Analysis | 40% Processing / 60% Analysis |
| Testimony | Observes / assists | Supports and provide expert testimony | Provides expert testimony |
| Field Role | Assists senior staff | Participates independently | Leads field deployments and investigations |
Role Distinction
| Dimension | Technician | Analyst |
|---|---|---|
| Responsibility Split | 70% Processing / 30% Analysis | 50% Processing / 50% Analysis |
| Case Ownership | Works under direct supervision | Manages own case workflow independently |
| Report Authorship | Draft reports — senior-reviewed | Primary author — peer-reviewed |
| Tool Proficiency | Training phase / working knowledge | Advanced; trains and guides Technicians |
| Expert Testimony | Observes / assists | Supports or provides testimony (by level) |
| Field Deployments | Assists senior staff | Participates or leads (by level) |
| eDiscovery | Learns fundamentals | Executes full eDiscovery workflows |
| Research & Writing | Independent study projects | Authors white papers, How-To’s, SOPs |
| Incident Response | Intro-level support | Active IR team participant |
Key Responsibilities
Evidence Handling & Chain of Custody
Collect, preserve, image, process, and document digital evidence from computers, mobile devices, removable media, cloud platforms, and related sources using legally defensible methods.
Maintain accurate chain-of-custody records, evidence logs, intake documentation, processing notes, and case activity records throughout the evidence lifecycle.
Ensure forensic integrity through verified acquisition using hardware write-blockers (Tableau TX1 and equivalent) and validated imaging workflows.
Oversee evidence storage, lab organization, and deployment kit readiness; assist in maintaining forensic workstation and hardware currency.
Forensic Examination & Analysis
Conduct forensic examinations to identify user activity, file access, timeline events, communications, application usage, external device activity, cloud synchronization, and other artifacts relevant to the scope of work.
Use forensic tools including Cellebrite, Magnet AXIOM, FTK, EnCase, Tableau hardware, MetaSpike, and Intella to acquire, parse, validate, and review data across computer, mobile, and cloud environments.
Perform advanced analysis including timeline reconstruction, artifact correlation, deleted/encrypted data recovery, and mobile application artifact interpretation.
Support incident response engagements including endpoint triage, log analysis, and breach scoping.
Execute eDiscovery workflows including data processing, culling, tagging, and production in coordination with legal teams.
Assist with trade secret and intellectual property matters, insider threat investigations, business email compromise, and white-collar engagements.
Reporting & Expert Testimony
Prepare clear, written reports, examiner notes, case summaries, and supporting exhibits suitable for attorney review, corporate stakeholders, and potential court use — authored to legally defensible standards.
Translate complex technical findings into accessible language for non-technical audiences including juries, executives, and opposing counsel.
Author or contribute to white papers, How-To documentation, and internal research projects as assigned by senior examiners or leadership.
Peer-review reports and examiner notes produced by Technicians; provide constructive, standards-based feedback.
Provide expert witness testimony in depositions, hearings, and trials as proficiency and experience level permit.
Investigative Support & Team Development
Assist senior examiners and leadership with investigative strategy, issue spotting, quality review, and follow-up analysis on active matters.
Participate in field collections, on-site preservation work, and remote response activity as assigned, lead field deployments at the Senior level.
Mentor and guide Digital Forensics Technicians in tools, methodology, documentation standards, and professional conduct.
Contribute to the development and refinement of standard operating procedures, forensic protocols, training materials, and quality control processes.
Stay current on operating systems, forensic tools, mobile ecosystems, cloud platforms, legal precedents, and evolving investigative techniques through structured training and independent study.
Core Performance Domains
| Domain | Primary Focus | Examples |
|---|---|---|
| Evidence Handling | Preservation, documentation, intake, imaging, and validation | Chain of custody, hashing, evidence logs, write-blocker setup, workstation preparation |
| Forensic Analysis | Artifact review and issue-oriented examination | User activity, USB/external device usage, mobile app data, cloud sync, timeline correlation |
| Reporting | Clear written work product and supporting exhibits | Examiner notes, client summaries, formal court-ready reports, export sets, white papers |
| Investigative Support | Case strategy, research, and stakeholder collaboration | Issue spotting, SOP development, How-To documentation, quality review, follow-up analysis |
| Operations | Lab readiness and professional development | Tool updates, kit maintenance, SOP compliance, quality control, structured training |
Required Qualifications
Associate’s or Bachelor’s degree in Digital Forensics, Cybersecurity, Information Technology, Computer Science, or a related field; equivalent technical experience may be considered.
Working knowledge of Windows, macOS, iOS, and Android operating systems, file systems, user profiles, and common digital evidence sources.
Demonstrated ability to document findings carefully and communicate technical concepts clearly in writing.
Strong analytical, organizational, and problem-solving skills with superior attention to detail.
Ability to work independently, manage case tasks, and follow direction in a high-trust, confidential environment.
Professional appearance and demeanor; ability to interface with clients, attorneys, and law enforcement with confidence.
Reliable transportation; willingness to travel regionally across Oklahoma, Arkansas, and Texas.
Ability to lift and transport equipment weighing up to 50 pounds.
Must pass background checks, drug screening, and maintain ongoing compliance with company security policies.
Preferred Qualifications
1–3 years of hands-on digital forensics, cyber investigation, eDiscovery, incident response, or closely related technical experience.
MUST HAVE — Training and direct experience with one or more platforms: Cellebrite, Magnet AXIOM, FTK, EnCase, Tableau, MetaSpike, or Intella.
MUST HAVE OR PURSUING — Relevant certifications: Cellebrite CCO/CCPA/CCME, Magnet MCFE, EnCE, CFCE, GCFE, GCFA, or comparable credentials.
MUST HAVE — Demonstrated experience with report writing timeline analysis, artifact interpretation, and evidence presentation.
Exposure to field collections, business email compromise, insider threat, data theft, mobile device forensics, or cloud evidence review.
Experience authoring or contributing to white papers, SOP documentation, How-To guides, or forensic checklists.
Comfort conducting independent technical research and converting findings into repeatable investigative workflows.
Prior experience in law enforcement, military intelligence, legal support, or corporate security investigations.
Additional Requirements & Professional Development
Willingness to participate in structured onboarding, hands-on mentoring, independent study, and tool-specific training consistent with Guardian Forensics standards.
Ability to conduct independent technical research and convert findings into practical investigative methods, checklists, or SOP improvements.
Commitment to maintaining confidentiality, objectivity, defensible methodology, chain-of-custody integrity, and professional ethics at all times.
Must be able to have flexibility to work outside standard hours during active digital forensics investigations, incident response engagements or time-sensitive investigations.
Demonstrated interest in long-term growth within Guardian Forensics, with potential advancement toward Specialist, Senior Analyst, Examiner, and Investigator roles as proficiency increases.
Benefits & Opportunities
401(k) with Company Match
Company-matched retirement plan contributions, subject to company policy.
Paid Time Off
Accrued PTO plus paid holidays.
Performance Bonuses
Merit-based bonuses tied to case outcomes, certifications earned, and contributions to business development.
Wellness Membership
Gym/pool membership
Professional Development
Sponsored access to certifications, forensic tool training, workshops, and industry conferences.
Career Advancement
Defined path: Junior Analyst → Intermediate → Senior Analyst → Specialist → Investigator / Principal Consultant.
Application Process
Interested candidates should submit a resume, curriculum vitae (CV), and a brief cover letter describing their qualifications, technical background, and interest in digital forensics to: Alvey Matlock: Alvey@guardian-forensics.com.
Priority Consideration: Candidates who submit a 2–4 minute introduction video describing themselves and their experience in the DFIR field will be given priority in the interview process.
About Guardian Forensics
Guardian Forensics provides digital forensics and cybersecurity consulting services involving mobile devices, computers, servers, cloud environments, expert testimony, litigation support, incident response, insider threat analysis, intellectual property and trade secret matters, and white-collar or private investigations. The company supports law firms, corporations, financial institutions, individuals, and law enforcement agencies through legally defensible and repeatable forensic processes designed to withstand scrutiny in court and regulatory proceedings.
