Skip to content
ESCO occupation

digital forensics expert

Back to ESCO occupations

Digital forensics experts retrieve and analyse information from computers and other types of data storage devices. They examine digital media that may have been hidden, encrypted or damaged, in a forensic manner with the aim to identify, preserve, recover, analyse and present facts and opinions about the digital information.

2529.2 ISCO 2529 ESCO source
Competences
77
Groups
5
Essential
40
Optional
37

Competences and skills

77 ESCO relations
Essential competences 1 competence

Occupation specific

0 competences

No competences in this bucket.

Sector-specific

0 competences

No competences in this bucket.

Cross-sector

0 competences

No competences in this bucket.

Essential knowledge 21 competences

Occupation specific

0 competences

No competences in this bucket.

Sector-specific

16 competences
attack vectors

Paths or methods that threat actors use to exploit vulnerabilities in information networks or systems from a concrete organisation and impact its availability, integrity and confidentiality. Attack vectors may include social engineering tactics such as phishing mails or pretexting, technical exploits as SQL injection as well as buffer overflow attacks.

digital
ESCO source
computer forensics

The process of examining and recovering digital data from sources for legal evidence and crime investigation.

digital
ESCO source
cyber attack counter-measures

Methods, technologies and techniques used to defend (detect, monitor and recover) against cyber attacks. These cyber attacks include several attack vectors such as malware, denial of service (DoS) attacks and phishing. Intrusion prevention systems (IPS), firewall, antivirus, intrusion detection systems (IDS), cybersecurity training, backup, Information Security Management System (ISM), multi-factor authentication and employ awareness, are some examples of the methods used.

digital
ESCO source
cyber security

The methods and best practices that protect ICT systems, networks, computers, devices, services, processes and people against unauthorised access, modification and/or denial of service of assets.

digital
ESCO source
GDPR

The General Data Protection Regulation is the EU regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

digital
ESCO source
ICT infrastructure

The system, network, hardware and software applications and components, as well as devices and processes that are used in order to develop, test, deliver, monitor, control or support ICT services.

digital
ESCO source
ICT network security risks

The security risk factors, such as hardware and software components, devices, interfaces and policies in ICT networks, risk assessment techniques that can be applied to assess the severity and the consequences of security threats and contingency plans for each security risk factor.

digital
ESCO source
ICT security legislation

The set of legislative rules that safeguards information technology, ICT networks and computer systems and legal consequences which result from their misuse. Regulated measures include firewalls, intrusion detection, anti-virus software and encryption.

digital
ESCO source
ICT security standards

Best practices and guidelines established for securing information and communication technology (ICT) systems and data. Standards as is the case of ISO 27000 series, provide a framework for implementing effective security controls, including access control, risk assessment and incident management, as well as to provide compliance of anorganisation.

digital
ESCO source
information confidentiality

The mechanisms and regulations which allow for selective access control and guarantee that only authorised parties (people, processes, systems and devices) have access to data, the way to comply with confidential information and the risks of non-compliance.

digital
ESCO source
levels of software testing

The levels of testing in the software development process, such as unit testing, integration testing, system testing and acceptance testing.

digital
ESCO source
operating systems

The features, restrictions, architectures and other characteristics of operating systems such Linux, Windows, MacOS, etc.

digital
ESCO source
penetration testing tool

The specialised ICT tools which test security weaknesses of the system for potentially unauthorised access to system information such as Metasploit, Burp suite and Webinspect.

digital
ESCO source
query languages

The field of standardised computer languages for retrieval of information from a database and of documents containing the needed information.

digital
ESCO source
resource description framework query language

The query languages such as SPARQL which are used to retrieve and manipulate data stored in Resource Description Framework format (RDF).

digital
ESCO source
tools for ICT test automation

The specialised software to execute or control tests and compare predicted testing outputs with actual testing results such as Selenium, QTP and LoadRunner

digital
ESCO source

Cross-sector

5 competences
audit techniques

The techniques and methods that support a systematic and independent examination of data, policies, operations and performances using computer-assisted audit tools and techniques (CAATs) such as spreadsheets, databases, statistical analysis and business intelligence software.

digital
ESCO source
check methods

Procedures used for investigative purposes such as surveillance by physical and electronic means, interrogations of witnesses, collection of objects and data for assessment and analysis and physical and electronic research for collecting data.

ESCO source
forensic intelligence

The procedures and methodology of gathering and analysing forensic intelligence and data for investigative purposes.

ESCO source
security engineering

Interdisciplinary field of study that focuses on the realisation of secure systems and the technology to protect individuals or information from malice, errors, or unauthorized access. It involves defining security protection requirements, processes, and methods to ensure the resilience of systems and data.

ESCO source
security threats

Types of cyber or physical security threats to public and private security such as unauthorised entry, aggressive behaviour, molestation, robbery, theft, hacking, malware, phishing, identity theft, assault, kidnapping, murder and public demonstration.

ESCO source
Essential skills and competences 18 competences

Occupation specific

2 competences
establish an ICT security prevention plan

Define a comprehensive and proactive strategy for managing information and communication technology (ICT) security risks by establishing a set of measures and responsibilities to ensure the confidentiality, integrity and availability of information. Implement policies to prevent data breaches, detect and respond to unauthorised access to systems and resources, including up-to-date security applications and employee education.

digital
ESCO source
perform forensic preservations of digital devices

Preserve integrity of ICT devices, such as laptops, desktops and other digital media, by storing them physically and using software such as PTK Forensics and EnCase to retrieve, store and trace digital information in a legal manner so that they can be used as evidence at an appropriate time.

digital
ESCO source

Sector-specific

12 competences
apply reverse engineering

Use techniques to extract information or disassemble an ICT component, software or system in order to analyse, correct and reassemble or reproduce it.

digital
ESCO source
develop information security strategy

Create company strategy related to the safety and security of information in order to maximise information integrity, availability and data privacy.

ESCO source
gather data for forensic purposes

Collect protected, fragmented or corrupted data and other online communication. Document and present findings from this process.

ESCO source
identify ICT security risks

Apply methods and techniques to identify potential security threats, security breaches and risk factors using ICT tools for surveying ICT systems, analysing risks, vulnerabilities and threats and evaluating contingency plans.

digital
ESCO source
identify ICT system weaknesses

Analyse the system and network architecture, hardware and software components and data in order to identify weaknesses and vulnerability to intrusions or attacks. Execute diagnostic operations on cyber infrastructure including research, identification, interpretation and categorization of vulnerabilities, associated attacks and malicious code (e.g. malware forensics and malicious network activity). Compare indicators or observables with requirements and review logs to identify evidence of past intrusions.

digital
ESCO source
implement ICT network diagnostic tools

Use software tools or components that monitor ICT network parameters, such as performance and throughput, provide data and statistics, diagnose errors, failures or bottlenecks and support decision making.

digital
ESCO source
manage data for legal matters

Collect, organise and prepare data for analysis and review during investigation, regulatory filings and other legal processes.

ESCO source
manage IT security compliances

Guide application and fulfilment of relevant industry standards, best practices and legal requirements for information security.

digital
ESCO source
perform ICT security testing

Execute types of security testing, such as network penetration testing, wireless testing, code reviews, wireless and/or firewall assessments in accordance with industry-accepted methods and protocols to identify and analyse potential vulnerabilities.

digital
ESCO source
provide ICT consulting advice

Advise on appropriate solutions in the field of ICT by selecting alternatives and optimising decisions while taking into account potential risks, benefits and overall impact to professional customers.

ESCO source
secure sensitive customer's information

Select and apply security measures and regulations related to sensitive customer information with the aim of protecting their privacy.

ESCO source
use scripting programming

Utilise specialised ICT tools to create computer code that is interpreted by the corresponding run-time environments in order to extend applications and automate common computer operations. Use programming languages which support this method such as Unix Shell scripts, JavaScript, Python and Ruby.

digital
ESCO source

Cross-sector

4 competences
educate on data confidentiality

Share information with and instruct users in the risks involved with data, especially risks to the confidentiality, integrity, or availability of data. Educate them on how to ensure data protection.

ESCO source
present evidence

Present evidence in a criminal or civil case to others, in a convincing and appropriate manner, in order to reach the right or most beneficial solution.

ESCO source
use software for data preservation

Utilise specialised applications and software to collect and preserve digital information.

digital
ESCO source
use technology for forensics

Operate specialised tools used for forensic investigations.

digital
Scope note
Also tools for interrogation purposes are included.
ESCO source
Optional knowledge 30 competences

Occupation specific

0 competences

No competences in this bucket.

Sector-specific

29 competences
Aircrack (penetration testing tool)

The computer program Aircrack is a cracking program which recovers 802.11 WEP and WPA-PSK keys by making several network attacks such as FMS, KoreK and PTW attacks.

digital
ESCO source
Backbox (penetration testing tool)

The software BackBox is a Linux distribution which tests security weaknesses of the system for potentially unauthorised access to system information by information gathering, forensic, wireless and VoIP analysis, exploitation and reverse engineering.

digital
ESCO source
BlackArch

The BlackArch Linux distribution is a penetration testing tool which tests security weaknesses of the system for potentially unauthorised access to system information.

digital
ESCO source
Cain and Abel (penetration testing tool)

The software tool Cain and Abel is a password recovery tool which tests the Microsoft Operating System for security weaknesses and potentially unauthorised access to system information. The tool decodes, decrypts and uncovers passwords by means such as brute-force and cryptanalysis attacks, network sniffing and protocols analysis.

digital
ESCO source
cloud technologies

The technologies which enable access to hardware, software, data and services through remote servers and software networks irrespective of their location and architecture.

digital
ESCO source
data storage

The physical and technical concepts of how digital data storage is organised in specific schemes both locally, such as hard-drives and random-access memories (RAM) and remotely, via network, internet or cloud.

digital
ESCO source
hardware architectures

The designs laying out the physical hardware components and their interconnections.

digital
ESCO source
hardware platforms

The characteristics of the hardware configuration required to process the applications software product.

digital
ESCO source
ICT encryption

The conversion of electronic data into a format which is readable only by authorized parties which use key encryption techniques, such as Public Key Infrastructure (PKI) and Secure Socket Layer (SSL).

digital
ESCO source
information architecture

The methods through which information is generated, structured, stored, maintained, linked, exchanged and used.

digital
ESCO source
information security strategy

The plan defined by a company which sets the information security objectives and measures to mitigate risks, define control objectives, establish metrics and benchmarks while complying with legal, internal and contractual requirements.

digital
ESCO source
John The Ripper (penetration testing tool)

The tool John the Ripper is a password recovery tool which tests security weaknesses of the systems for potentially unauthorised access to system information. The key features of this tool are the strength-checking code and password hash code.

digital
ESCO source
Kali Linux

The Kali Linux tool is a penetration testing tool which tests security weaknesses of the systems for potentially unauthorised access to system information by information gathering, vulnerability analysis and wireless and passwords attacks.

digital
ESCO source
LDAP

The computer language LDAP is a query language for retrieval of information from a database and of documents containing the needed information.

digital
ESCO source
LINQ

The computer language LINQ is a query language for retrieval of information from a database and of documents containing the needed information. It is developed by the software company Microsoft.

digital
ESCO source
Maltego

The platform Maltego is a forensic application that uses data mining to deliver on overview of organisations' environment, testing security weaknesses of the system for potentially unauthorised access and demonstrates the complexity of infrastructure failures.

digital
ESCO source
MDX

The computer language MDX is a query language for retrieval of information from a database and of documents containing the needed information. It is developed by the software company Microsoft.

digital
ESCO source
Metasploit

The framework Metasploit is a penetration testing tool which tests security weaknesses of the system for potentially unauthorised access to system information. The tool is based on the concept of 'exploit' which implies executing code on the target machine this way taking advantage of the bugs and vulnerabilities of the target machine.

digital
ESCO source
N1QL

The computer language N1QL is a query language for retrieval of information from a database and of documents containing the needed information. It is developed by the software company Couchbase.

digital
ESCO source
Nessus

The computer program Nessus is a specialised ICT tool which tests security weaknesses of the system for potentially unauthorised access to system information, developed by the software company Tenable Network Security.

digital
ESCO source
Nexpose

The computer program Nexpose is a specialised ICT tool which tests security weaknesses of the system for potentially unauthorised access to system information, developed by the software company Rapid7.

digital
ESCO source
OWASP ZAP

The integrated testing tool OWASP Zed Attack Proxy (ZAP) is a specialised tool which tests web applications security weaknesses, replying on an automated scanner and a REST API.

digital
ESCO source
Parrot Security OS

The operating system Parrot Security is a Linux distribution which performs penetration cloud testing, analysing security weaknesses for potentially unauthorised access.

digital
ESCO source
Samurai Web Testing Framework

The linux environment Samurai Web Testing Framework is a specialised penetration testing tool which tests security weaknesses of websites for potentially unauthorised access.

digital
ESCO source
SPARQL

The computer language SPARQL is a query language for retrieval of information from a database and of documents containing the needed information. It is developed by the international standards organisation World Wide Web Consortium.

digital
ESCO source
THC Hydra

The package THC Hydra is a parallelized login cracker which tests security weaknesses of the systems' protocols for potentially unauthorised access to system information. The main features include network logon cracker and passwords reading and printing.

digital
ESCO source
WhiteHat Sentinel

The computer program WhiteHat Sentinel is a specialised ICT tool which tests security weaknesses of the system for potentially unauthorised access to system information, developed by the software company WhiteHat Security.

digital
ESCO source
Wireshark

The Wireshark tool is a penetration testing tool which evaluates security weaknesses, analysing network protocols through deep protocol inspection, live capture, display filters, offline analysis, VoIP analysis, protocol decryption.

digital
ESCO source
XQuery

The computer language XQuery is a query language for retrieval of information from a database and of documents containing the needed information. It is developed by the international standards organisation World Wide Web Consortium.

digital
ESCO source

Cross-sector

1 competence
legal requirements of ICT products

The international regulations related to the development and use of ICT products.

ESCO source
Optional skills and competences 7 competences

Occupation specific

0 competences

No competences in this bucket.

Sector-specific

6 competences
analyse network configuration and performance

Analyse essential network data (e.g., router configuration files, routing protocols), network traffic capacity and performance characteristics of ICT networks, such as wide area network and local area network, that connect computers using cable or wireless connections and allow them to exchange data.

digital
ESCO source
collect cyber defence data

Collect data for cyber defence using various data collection tools. Data may be gathered from a number of internal or external sources such as online trade records, DNS request logs, email servers' logs, digital communications packet capturing, deep web resources, etc.

digital
ESCO source
design computer network

Develop and plan ICT networks, such as wide area network and local area network, that connect computers using cable or wireless connections and allow them to exchange data and assess their capacity requirements.

digital
ESCO source
implement ICT security policies

Implement statements, assertions or rules that specify the appropriate use and protection of the ICT assets and systems from an organisation. These ICT security policies cover topics such as data classification, password management, access control and incident response.

digital
ESCO source
manage cloud data and storage

Create and manage cloud data retention. Identify and implement data protection, encryption, and capacity planning needs.

digital
ESCO source
perform data mining

Explore large datasets to reveal patterns using statistics, database systems or artificial intelligence and present the information in a comprehensible way.

digital
Scope note
Includes activities on big data.
ESCO source

Cross-sector

1 competence
use different communication channels

Make use of various types of communication channels such as verbal, handwritten, digital and telephonic communication with the purpose of constructing and sharing ideas or information.

ESCO source