Job Details

Job Title
DFIR Contract Consultant
Work Location
Remote (US/International)
DFIR Contract Consultant
Reports to
Director of Professional Services
Essential Duties and Responsibilities:

The DFIR consultant will work as an independent contractor and will be assigned cases dependent on their location and expertise. The contract consultant must have their own tools and equipment but will be supplemented by SUMURI as needed. SUMURI will provide case management and interaction with the client.

The consultant will triage, collect, and analyze forensically valuable data from computers and other electronic media to determine the presence of evidentiary information. This may occur onsite or after the receipt of computers and/or devices at the consultant’s location. The consultant will prepare reports and provide updates to the client in conjunction with the SUMURI engagement manager.

The consultant must have investigative skills which allow them to not just find the data but to chain together events in order to provide a concise, well-thought-out work product.

SUMURI DFIR engagements may include the following services

  • Laptop forensics
  • Desktop Forensics
  • Mobile Device forensics
  • Server forensics
  • Incident Response
  • Disk imaging
  • Malware analysis
  • Keyword searches
  • Network activity monitoring

Education and/or Work Experience Requirements:

  • Law Enforcement investigative and Digital Forensics experience; or
  • 5+ years experience as a corporate or private DFIR examiner; or
  • Computer Science degree with an emphasis on DFIR and 2+ years of
    digital forensics, incident response, or other relevant experience
  • Ability to work independently and with minimal guidance

Strong, working knowledge in the following areas:

  • Mobile and computer examination experience with expertise in macOS,
    iOS, Windows, Linux, and Android ecosystems
  • Familiarity with database environments such as SQL, MySQL, Oracle, or MS Access, including the ability to query and extract data from database systems
  • Disk forensics tools such as RECON ITR, RECON Lab, X-ways, Axiom, EnCase, FTK, etc.
  • Networking concepts, protocols, and architecture
  • SIEM tools as it relates to searching and extracting relevant data for incident investigations
  • Strong written and verbal communication skills.
  • Must be able to deliver detailed written and/or oral reports to both technical and non-technical clients

It is preferred that the candidate possess the following:

Preferred Software Experience: PALADIN, RECON ITR, RECON Lab, popular forensic suites (Axiom, X-Ways, FTK, Encase, etc.)

Certifications preferred: IACIS CFCE, EnCe, GCFE, GCFA, ACE and/or MCFE.

Required Certification: SUMURI CFME within 2 months of the signed contract

Programming/Scripting experience: Python, Perl, AppleScript, Apple ShortCuts, EnScript

Physical Requirements (if applicable):
Must be able to lift and move items up to 50 pounds (23 kg)

Scroll to Top