Forensic Investigator

Digital Forensics Investigator (Freelance)

We are looking for a highly technical and detail-oriented Digital Forensics Investigator to join a critical, long-term project. You will be responsible for uncovering the "how" and "why" behind security breaches, ensuring that all digital evidence is captured and preserved according to rigorous forensic standards.

Project Overview

• Role: Lead Digital Forensics Investigator
• Type: Freelance / Contractor
• Duration: Long-term project
• Start Date: June 2026
• Capacity: 3 days per week
• Location: Luxembourg (EU Nationality Required)

Role Scope & Responsibilities

As the Lead Investigator, you will drive the forensic response to complex cybersecurity incidents, ensuring that the chain of custody remains intact and findings are legally and technically sound.

• Incident Investigation: Lead the deep-dive technical investigation of cybersecurity incidents to identify root causes and extent of compromise.
• Evidence Management: Oversee the collection, acquisition, and preservation of digital evidence from various sources (servers, endpoints, cloud environments) in a forensic manner.
• Reporting Support: Translate technical forensic findings into clear, actionable data to support mandatory cyber incident reporting activities for stakeholders and authorities.
• Chain of Custody: Implement and maintain strict protocols for the handling of electronic evidence to ensure its integrity for potential legal or administrative proceedings.
• Collaboration: Work closely with the Incident Response and Legal teams to provide technical clarity during and after a breach.

Key Deliverables

1. Digital Forensics Analysis Results: Comprehensive technical reports detailing the timeline, artifacts discovered, and methodology used during an investigation.
2. Electronic Evidence: Securely preserved data images and forensic captures, documented with full chain-of-custody logs.
3. Cyber Incident Reports: Detailed forensic contributions to broader incident documentation, focusing on technical attribution and data impact.

Required Qualifications & Skills

Mandatory Requirements:

• Experience: Proven experience in digital forensics and incident response (DFIR), with proficiency in tools like EnCase, FTK, Autopsy, or Volatility.

Relevant Certifications (minimum one):

• ISACA CCOA (Certified Cybersecurity Operations Analyst)
• CompTIA Security+
• SANS GIAC (GCFE/GCFA) certifications are highly preferred.

Technical & Soft Skills:

• Expert knowledge of file systems (NTFS, APFS, ext4), memory forensics, and network forensics.
• Strong understanding of the legal requirements for evidence preservation within the EU.
• Methodical mindset with extreme attention to detail and the ability to work under high pressure.