0845 450 6120

Certified CDaCT Data Collection Technician

This is a fundamentals-level course for people who have to handle or advise on electronic evidence/data on a regular basis and provides them with the skills to ensure that forensic and evidential integrity is retained when data is transferred or copied.

Gain confidence in securing, collecting, acquiring and the preserving of digital evidence by getting a practical understanding of the legalities, best practice and current techniques used for cyber investigations, eDiscovery, or other regulatory proceedings in accordance with ISO 27037.

This three-day course is ideal for those new to the subjet area who are required to advise on and/or handle data collection on a regular basis, or seasoned practitioners looking for additional forensic imaging methodologies or some formal accreditation in this area.

The course includes the following:

  • An overview of current legislation and the impact of recent case law
  • ACPO best practice and other guidelines for data collection, and relevant ISO standards
  • What is ‘forensic’ in respect to data acquisition?
  • Evidence seizure, handling and chain of custody
  • The challenges of data collection due to evolving technologies from static, network, live and cloud storage environments
  • Data verification, integrity, hashing techniques and actions on failure
  • Differences between static, booted, live and network acquisition
  • When to consider live and volatile data collection and its potential impact
  • Documenting your process and report /statement writing

Delegates will apply the theory of securing and acquiring forensic data during practical exercises to demonstrate the techniques of forensic imaging in a number of environments using different techniques and software; the capturing of a system from a virtualised environment; extracting an individual mailbox from a live Microsoft Exchange e-mail server, and live system memory and volatile data capture.

WHO SHOULD ATTEND

Anyone responsible for the process of data acquisition, including:

  • Law enforcement officers and agents
  • Network administrators
  • IT security officers
  • Civil litigation lawyers/legal council
  • Litigation support managers
  • eDiscovery consultants

Reset

Learning Objectives

THE SKILLS YOU WILL LEARN

  • You will be introduced to the legalities, best practice and current techniques used for data acquisition as part of forensic investigation, eDiscovery or other regulatory proceedings
  • You will carry out forensic imaging in a number of environments, using different methods and software
  • You will learn how to extract individual mailboxes from a live Microsoft Exchange email server, as well as live system memory and volatile data capture

KEY BENEFITS

This course will give you:

  • The skills you need to be competent in handling data during the initial stages of investigation
  • The opportunity to practice identifying and collecting electronic evidence/data and build your confidence
  • An industry-recognised qualification in data collection
  • Learn methodologies that will enable you to comply with International Standards for the identification, collection, acquisition and preservation of digital evidence as described in ISO 27037 and the APCO Good Practice Guide for Digital Evidence
  • Develop skills and an understanding of the policies and practices required that will withstand scrutiny by a third party
  • Gain confidence in forensic imaging and copying data from a number of environments using different methods and softwware

Pre-Requisites

A general appreciation of Information technology and computer forensic principles/methods is desirable, but not essential.

Course Content

1. Investigations Principles and Strategy

a. Legislation Considerations

b. ACPO Guideline -The Four Principles

2. Competency

a. ACPO Guideline - Competency

b. ISO standards

c. Relevant case law

3. Considerations

a. Challenges of evolving technology

b. Understanding the requirements of data collection

c. Technological conflicts

4. Collection, Exhibits & Continuity

a. Data collection sites

b. Data collection types

c. Information to be recorded

d. Statement for seizing physical evidence

e. Statement for copying virtual evidence

f. Chain of custody

5. Data Collection

a. The forensic preview

b. Physical examination

c. System date and time

6. Methods & Tools

a. Data acquisition methods

b. Data acquisition hardware

c. Data acquisition software

d. Data acquisition platforms

7. Forensic Image Types

a. Forensic Image

b. Forensic Clone

8. Source Integrity

a. Hardware write blockers

b. Software write blockers

c. Hashing & verification

9 Post Acquisition

a. Working copies & backups

10. Data collection Types

a. Physical

b. Logical

c. Selective

11. Data Environments

a. Booted

b. Static

c. Live

d. Volatile

e. Cloud

The above covers data collection from the following storage mediums:

a. HDD

b. SSD

c. RAID

d. SAN

e. NAS

f. File share

g. MS Exchange server

h. MS Outlook

i. Virtual disk

j. Virtual machine

k. Cloud storage

l. Webmail

m. Website

n. Smart devices

o. Windows Operating Systems - artefacts

Exams & Certification

ACCREDITATIONS

CDaCT has been assessed and accredited by IISP at Level 1: A2, A6, H1 Level 1+: D1, F3, enabling you to build knowledge, competency and gain hands-on experience in the areas of the Institute’s Skills Framework.

One Month
Two Months
Three Months
More than Three Months
PRINCE2 Foundation & Practitioner
MSP Foundation & Practitioner
APMP Certificate
ITIL Foundation
Scrum in One Day
Certified ScrumMaster
ISTQB Software Test Foundation
Microsoft Project
BCS Business Analysis Practice
Other - Please Specify Below

Our Customers Include