Digital Forensics Analysts


Salary Median (2020)


Projected Job Growth (2019-2029)

+5.7% (as fast as the average)

Most Common Level of Education

Bachelor's degree


What Digital Forensics Analysts Do

Conduct investigations on computer-based crimes establishing documentary or physical evidence, such as digital media and logs associated with cyber intrusion incidents. Analyze digital evidence and investigate computer security incidents to derive information in support of system and network vulnerability mitigation. Preserve and present computer-related evidence in support of criminal, fraud, counterintelligence, or law enforcement investigations.

How Leaders Describe a Typical Day at Work

Senior Security Analyst ,


I drive threat-monitoring programs and respond to threats with my digital forensics background. My expertise helps the company resolve the most critical and sophisticated issues that may arise in the Center. I frequently work in close partnership with the Corporate, External, & Legal Affairs (CELA), Microsoft Threat Intelligence Center (MSTIC), and Digital Crimes Unit (DCU) teams to build capabilities and provide DFIR at cloud-scale, serving the needs of cybersecurity, compliance, and the law.

Senior Business Intelligence Manager ,

Microsoft Digital Crimes Unit

I specialize in using big data and advanced analytics to detect and combat cybercrime. Along with my colleagues, which include investigators, forensic experts, and attorneys, I am focused on building data models to explain and predict crime mechanics. My current focus includes tech support fraud and crime perpetrated against Microsoft cloud services.

Tasks & Responsibilities May Include

  • Adhere to legal policies and procedures related to handling digital media.
  • Analyze log files or other digital information to identify the perpetrators of network intrusions.
  • Conduct predictive or reactive analyses on security measures to support cyber security initiatives.
  • Create system images or capture network settings from information technology environments to preserve as evidence.
  • Develop plans for investigating alleged computer crimes, violations, or suspicious activity.

This page includes information from theO*NET 26.1 Databaseby the U.S. Department of Labor, Employment and Training Administration (USDOL/ETA). Used under theCC BY 4.0license. O*NET® is a trademark of USDOL/ETA.