The global skills and competency framework for the digital world

Digital forensics DGFS

Recovering and investigating material found in digital devices.

Updates for SFIA 9

  • There is an updated version of this skill for SFIA 9.
  • Theme(s) influencing the updates for this skill: Making SFIA easier to consume (enhance readability/guidance/descriptions), Making SFIA easier to consume (new levels).
  • New level 2 added to support entry-level roles.
  • Readability improvements have been made to levels 3 and 4.
  • You can move to SFIA 9 when you are ready - SFIA 8 skill descriptions will still be available to use.
  • Previous SFIA assessments or skills mapping are not impacted by this change.

Guidance notes

Activities may include — but are not limited to:

  • collecting, processing, preserving and analysing material
  • presenting forensic evidence based on the totality of findings.

The scope of digital forensics includes finding evidence on computers and any device capable of storing digital data. The evidence may be used in support of security vulnerability mitigation, criminal, fraud, counterintelligence, or law enforcement investigations.

Levels of responsibility for this skill

3 4 5 6

Digital forensics: Levels 1-2

This skill is not typically observed or practiced at these levels of responsibility and accountability.

Digital forensics: Level 3

Supports digital forensic investigations by applying standard tools and techniques to investigate devices.

Recovers damaged, deleted or hidden data from devices.

Maintains integrity of records and collects information and evidence in a legally admissible way.

Digital forensics: Level 4

Designs and executes complex digital forensic investigations on devices.

Specifies requirements for resources and tools to perform investigations.

Processes and analyses evidence in line with policy, standards and guidelines and supports the production of forensics findings and reports.

Digital forensics: Level 5

Conducts investigations to correctly gather, analyse and present findings, including digital evidence, to both business and legal audiences.

Collates conclusions and recommendations and presents forensics findings to stakeholders.

Plans and manages digital forensics activities within the organisation. Provides expert advice on digital forensics.

Contributes to the development of digital forensics policies, standards and guidelines. Evaluates and selects digital forensics tools and techniques.

Digital forensics: Level 6

Plans and leads the organisation’s approach to digital forensics.

Sets policies, standards and guidelines for how the organisation conducts digital forensic investigations.

Leads and manages high risk, large or wide-ranging digital forensics investigations engaging additional specialists if required.

Authorises the release of formal forensics reports.

Digital forensics: Level 7

This skill is not typically observed or practiced at this level of responsibility and accountability.