Forensic Analyst

The Forensics Analyst will play a key role in conducting and supporting digital forensic investigations, cloud and memory analysis, and incident response activities as part of ongoing cybersecurity research, national security initiatives, and critical infrastructure protection projects under C3iHub, IIT Kanpur.

The position involves both hands-on forensic analysis and research contribution to developing frameworks, methodologies, and tools for advanced forensic investigation and cyber threat attribution across on-premises, cloud, and hybrid environments.

Responsibilities

Conduct end-to-end digital and cloud forensic investigations for incidents involving system compromise, data breaches, or insider threats.

Perform disk, memory, mobile, and cloud forensics using industry-standard tools and open-source frameworks.

Acquire and preserve digital evidence from on-premises and cloud environments (AWS, Azure, GCP) following proper chain-of-custody procedures.

Analyze logs, virtual machines, and storage data from cloud platforms to identify malicious activity and misconfigurations.

Support incident response operations by providing forensic insights, identifying attack vectors, and validating indicators of compromise (IOCs).

Conduct malware and payload analysis, identifying persistence mechanisms, encryption routines, and command-and-control (C2) patterns.

Work on research-driven forensic projects, including tool development, forensic automation scripts, and forensic readiness frameworks for IT, OT, and cloud environments.

Collaborate with law enforcement agencies, CERTs, and defense partners for forensic data sharing and technical validation.

Generate comprehensive forensic and technical reports for internal and external stakeholders.

Maintain and enhance the forensics lab environment at C3iHub, ensuring up-to-date toolsets for disk, memory, and cloud forensic analysis.

Contribute to training programs, workshops, and publications in the field of digital, memory, and cloud forensics.

Eligibility

Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Information Technology, or Digital Forensics.

2–3 years of hands-on experience in digital forensics, incident response, or malware analysis. Strong command of forensic tools such as Autopsy, FTK, EnCase, Magnet AXIOM, Volatility, Cellebrite, X-Ways, or Sleuth Kit.

Experience with cloud forensic tools and techniques for AWS, Azure, or GCP environments. Sound understanding of Windows, Linux, and Android forensics, including file systems and registry artifacts.

Experience with memory forensics, log correlation, and timeline reconstruction. Familiarity with SIEM platforms (Splunk, ELK, Chronicle) and threat hunting methodologies.

Understanding of chain of custody, evidence handling, and cyber law principles.

Excellent analytical thinking, documentation, and report writing skills.

Ability to work collaboratively in a multi-disciplinary research environment and under time-sensitive investigation scenarios.

Desired Eligibility

Exposure to malware reverse engineering and network packet forensics (Wireshark, Zeek, Suricata).
Hands-on experience with cloud forensic frameworks and tools (AWS CloudTrail, Azure Sentinel, Google Cloud Audit Logs).

Scripting or automation experience in Python, PowerShell, or Bash. Knowledge of ICS/SCADA forensics and hybrid environment investigations.

Prior experience working in cyber research projects, SOCs, or government-sponsored cybersecurity programs.

Travel

As and when required, across the country for project execution and monitoring as well as for coordination with geographically distributed teams.

Communication

Submit a cover letter summarising your experience in relevant technologies and software, along with a resume and the Latest passport-size photograph.

Link: https://c3ihub.keka.com/careers/jobdetails/48561

Job Type: Full-time

Pay: ₹543,741.66 - ₹1,200,000.00 per year

Work Location: In person