Position Summary
Guardian Forensics is seeking motivated, detail-oriented individuals to join our team as Digital Forensics Technicians at the Junior, Intermediate, or Senior level. The Technician role is the foundational operational position within Guardian Forensics — responsible for collecting, processing, and beginning to analyze digital evidence from mobile devices and computers in both the lab and the field.
This role is ideal for individuals building their career in digital forensics who want hands-on experience across criminal forensics, civil litigation, corporate investigations, incident response, and cybersecurity. New Technicians enter a structured bootcamp-style training program and progress through defined proficiency levels with increasing autonomy and responsibility. The Senior Technician serves as a peer mentor and prepares for advancement into the Analyst track.
Role Emphasis: 70% evidence handling, documentation & processing | 30% analysis & report writing
Role Distinction
| Dimension | DFIR Assistant | Technician (This Role) | Analyst (Next Role) |
|---|---|---|---|
| Primary Focus | Lab support, supervised triage | Evidence processing & analysis | Independent analysis & case ownership |
| Supervision | Close direct supervision | Supervised; growing independence | Manages own case workflow |
| Processing / Analysis | — | 70% Processing / 30% Analysis | 50% Processing / 50% Analysis |
| Tool Use | Guided/supervised only | Working proficiency; training phase | Advanced independent proficiency |
| Report Writing | Assists with sections only | Draft reports — analyst-reviewed | Primary author — peer-reviewed |
| Field Work | Occasional, supervised | As proficiency grows | Participates or leads by level |
| Expert Testimony | Not applicable | Not typically at this level | Supports or provides (by level) |
| Career Target | → Junior Technician | → Analyst | → Specialist / Examiner |
Key Responsibilities
Evidence Handling & Chain of Custody
Collect and preserve digital evidence from computers, mobile devices, and removable media, ensuring integrity and a fully documented chain of custody.
Perform forensic imaging and data acquisition using write-blocking hardware (Tableau TX1 and equivalent) and validated forensic workflows.
Maintain accurate evidence intake logs, chain-of-custody records, and processing documentation throughout the lifecycle of each case.
Assist in maintaining evidence storage compliance, lab organization, and field deployment kit readiness.
Travel as needed within Oklahoma, Arkansas, and Texas for on-site collections and field assignments as proficiency increases.
Forensic Processing & Analysis
Utilize forensic tools and software — including Cellebrite, Magnet AXIOM, FTK, EnCase, MetaSpike, and Intella — to process and analyze digital evidence from computers and mobile devices.
Perform initial forensic analysis to identify and document relevant information including file system artifacts, user activity, deleted files, and communications data.
Conduct keyword searches, timeline reconstruction, and basic artifact review to support case objectives.
Assist with eDiscovery project workflows including data collection, processing, and organization under analyst direction.
Stay updated with the latest tools, techniques, and trends in digital forensics and apply them to current investigations.
Documentation & Report Writing
Document all forensic processes, examination steps, and findings with precision and in accordance with Guardian Forensics standards.
Prepare detailed examination notes and contribute to forensic reports summarizing findings for attorney review, corporate clients, and potential court use.
Provide expert testimony when required, as proficiency and experience level permit.
Lab Operations & Team Collaboration
Assist in the development and maintenance of forensic procedures, protocols, and standard operating procedures.
Assist in keeping digital forensics lab software, hardware, and forensic workstations up to date and operational.
Collaborate with team members and external stakeholders — including legal counsel, law enforcement, and corporate clients — to support investigative efforts.
Participate in bootcamp-style onboarding, structured training phases, independent study, and assigned research projects to build required skill sets.
Senior Technicians: serve as peer mentors to junior team members and support quality review of processing work.
Core Performance Domains
| Domain | Primary Focus | Examples |
|---|---|---|
| Evidence Handling | Collection, preservation, imaging, and chain-of-custody compliance | Write-blocker setup, hash verification, intake logs, evidence storage |
| Forensic Processing | Operating forensic platforms to acquire and process case data | Cellebrite extractions, AXIOM processing, FTK/EnCase imaging, data validation |
| Initial Analysis | First-pass artifact examination and issue identification | File system review, keyword searches, timeline reconstruction, deleted file recovery |
| Documentation | Precise recording of all forensic processes, steps, and results | Chain-of-custody logs, processing notes, examiner records, case activity entries |
| Report Contribution | Drafting and supporting written case summaries | Examination summaries, exhibit organization, report sections under analyst review |
| Lab & Kit Operations | Maintaining lab readiness, tools, and deployment preparedness | Software updates, hardware maintenance, kit readiness checks, SOP compliance |
Required Qualifications
Associate’s degree in Computer Science, Information Technology, Cybersecurity, or a related field — or currently pursuing. Relevant work experience may be considered.
Basic understanding of computer and mobile device architectures and operating systems (Windows, macOS, iOS, Android).
Working toward familiarity with digital forensics principles and practices.
Strong analytical and problem-solving skills with superior attention to detail.
Superior documentation and organizational skills; effective written, verbal, and in-person communication.
Ability to work both independently and as part of a team in a high-trust, confidential environment.
Willingness to assist with and learn eDiscovery project workflows.
Clean criminal history; ability to pass drug screening and comprehensive background check.
Reliable transportation; ability to travel regionally across Oklahoma, Arkansas, and Texas.
Ability to lift at least 50 pounds and work in both laboratory and field environments.
Preferred Qualifications
Working toward or obtained a Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, Digital Forensics, or a related field.
Willing to train, gain experience, and work toward certifications with forensic tools: Cellebrite, Magnet AXIOM, FTK, EnCase, MetaSpike, Intella, and Tableau hardware write-blockers.
Relevant certifications obtained or in progress: CompTIA A+, CompTIA Security+, or any recognized digital forensics credential.
Previous internship or work experience in a related technical or investigative field.
Demonstrated ability to independently conduct research and problem-solve with minimal guidance.
Willingness to participate in ongoing training, professional development, and independent study projects.
Basic exposure to eDiscovery platforms or concepts is a plus.
Note on Preferred Qualifications: Through structured training, mentoring, and hands-on experience, the ideal candidate will actively work toward these qualifications over time. They are growth targets, not entry barriers.
Additional Requirements & Professional Development
Demonstrated ability to independently conduct technical research and problem-solve with minimal guidance.
Ability to work in a laboratory setting and conduct fieldwork as needed across the regional service area.
Willingness to participate in ongoing training, professional development, and independent study requirements — including research projects assigned to build skill sets.
Commitment to maintaining confidentiality, chain-of-custody integrity, and professional ethics at all times.
Clean criminal history; ability to pass drug screening and comprehensive background check prior to start.
Training Program: Bootcamp Agenda & Weekly Breakdown
All new Technicians complete a structured, bootcamp-style onboarding program combining hands-on lab work, direct mentoring, and independent study. Research projects are assigned throughout to ensure skill sets meet Guardian Forensics standards before progression to the next phase.
Week 1 — Introduction & Fundamentals
Day 1 — Company overview: mission, services, clients, NDA, acceptable use policies
Day 2 — Digital forensics basics: importance of digital evidence, legal considerations, ethical standards
Day 3 — Tools & equipment: Cellebrite, AXIOM, Tableau write-blockers, Cellebrite Collector, MetaSpike
Day 4 — Tools & equipment (continued): forensic workstation setup, overview of imaging tools
Day 5 — Hands-on practice: creating forensic images, tool exercises, Q&A, review of example expert reports
Weeks 2–3 — Mobile Evidence Collection & Preservation
Day 1 — Chain of custody: importance, procedures, and evidence handling documentation
Day 2 — Evidence collection techniques: mobile devices, write-blocker use, protective measures
Day 3 — Data acquisition (Cellebrite-focused): logical vs. physical, live vs. dead acquisition
Day 4 — Practice session: simulated mobile collection scenarios with full documentation
Day 5 — Review and assessment: key concept review, readiness evaluation
Platforms: Cellebrite UFED / PA, Magnet AXIOM
Weeks 4–5 — Computer Evidence Collection & Preservation
Day 1 — Chain of custody reinforcement: computer-specific documentation procedures
Day 2 — Evidence collection: computers, external drives, cloud-connected devices
Day 3 — Data acquisition (AXIOM / Tableau TX1 / Cellebrite Collector): live vs. dead acquisition techniques
Day 4 — Practice session: simulated computer acquisition scenarios with full documentation
Day 5 — Review and assessment: key concept review, readiness evaluation
Platforms: Magnet AXIOM, Tableau TX1, Cellebrite Collector, EnCase, FTK
Weeks 6–8 — Data Analysis & Reporting
Day 1 — Introduction to data analysis: file systems, data structures, identifying and recovering deleted files
Day 2 — Analyzing digital evidence: using forensic tools to extract and interpret data from various sources
Day 3 — Reporting findings: writing clear forensic reports, best practices, review of past report examples
Day 4 — Hands-on analysis: analyzing sample cases, practice report writing
Day 5 — Review and assessment: analysis and reporting proficiency evaluation
Mode: 30% mentoring / 70% independent study and hands-on work
Week X — Advanced Topics & Field Work
Day 1 — Mobile forensics: advanced extraction techniques, mobile-specific forensic tools
Day 2 — Cloud forensics: data acquisition challenges, legal considerations for cloud evidence
Day 3 — Incident response: IR’s role in forensics, steps in responding to a security incident
Day 4 — Field work preparation: on-site assignments, safety practices, equipment readiness
Day 5 — Final review and certification of completion: comprehensive assessment across all training
Training Approach: Bootcamp-style hands-on mentoring · Independent study requirements · Research projects · Proficiency assessments at each phase
Benefits & Opportunities
401(k) with Company Match
Company-matched retirement plan contributions, subject to company policy.
Paid Time Off
Accrued PTO plus paid holidays.
Performance Bonuses
Merit-based bonuses tied to case contributions, proficiency milestones, and certifications earned.
Wellness Membership
Gym/pool membership or access to on-site amenities.
Professional Development
Access to professional development courses, tool training workshops, and industry conferences.
Career Advancement
Defined advancement path: Technician → Analyst → Specialist → Examiner → Investigator / Practice Lead.
Application Process
Interested candidates should submit a resume, curriculum vitae (CV), and a cover letter detailing their qualifications and interest in the position to: Alvey Matlock: Alvey@guardian-forensics.com.
Priority Consideration: Candidates who submit a 2–4 minute introduction video describing themselves and their interest in the digital forensics field will be given priority in the interview process.
About Guardian Forensics
Guardian Forensics is a service provider offering a comprehensive range of consulting in digital forensics and cybersecurity services, specializing in mobile devices, computers, servers, and cloud environments. Our offerings include expert testimony, forensic imaging, analysis of intellectual property and trade secret theft, insider threat analysis, data breach mitigation, vulnerability assessments, and incident response. We also specialize in white-collar crime investigations and provide support across civil litigation, criminal defense, corporate investigations, and private inquiries. At Guardian Forensics, we are dedicated to unlocking the truth with legally defensible and repeatable processes, ensuring that evidence is admissible in court.