25,000+ Courses Nationwide
0345 4506120

Certified CDaCT Data Collection Technician

This is a fundamentals-level course for people who have to handle or advise on electronic evidence/ data on a regular basis and provides them with the skills to ensure that forensic and evidential integrity is retained when data is transferred or copied.

Gain confidence in securing, collecting, acquiring and the preserving of digital evidence by getting a practical understanding of the legalities, best practice and current techniques used for cyber investigations, eDiscovery, or other regulatory proceedings in accordance with ISO 27037.

This three-day course is ideal for those new to the subject area who are required to advise on and/or handle data collection on a regular basis, or seasoned practitioners looking for additional forensic imaging methodologies or some formal accreditation in this area.

The course includes the following:

  • An overview of current legislation and the impact of recent case law
  • ACPO best practice and other guidelines for data collection, and relevant ISO standards
  • What is ‘forensic’ in respect to data acquisition?
  • Evidence seizure, handling and chain of custody
  • The challenges of data collection due to evolving technologies from static, network, live and cloud storage environments
  • Data verification, integrity, hashing techniques and actions on failure
  • Differences between static, booted, live and network acquisition
  • When to consider live and volatile data collection and its potential impact
  • Documenting your process and report/ statement writing

Delegates will apply the theory of securing and acquiring forensic data during practical exercises to demonstrate the techniques of forensic imaging in a number of environments using different techniques and software; the capturing of a system from a virtualised environment; extracting an individual mailbox from a live Microsoft Exchange e-mail server, and live system memory and volatile data capture.


Anyone responsible for the process of data acquisition, including:

  • Law enforcement officers and agents
  • Network administrators
  • IT security officers
  • Civil litigation lawyers/legal council
  • Litigation support managers
  • eDiscovery consultants

Select specific date to see price, venue and full details.

Learning Objectives


  • You will be introduced to the legalities, best practice and current techniques used for data acquisition as part of forensic investigation, eDiscovery or other regulatory proceedings
  • You will carry out forensic imaging in a number of environments, using different methods and software
  • You will learn how to extract individual mailboxes from a live Microsoft Exchange email server, as well as live system memory and volatile data capture


This course will give you:

  • The skills you need to be competent in handling data during the initial stages of investigation
  • The opportunity to practice identifying and collecting electronic evidence/ data and build your confidence
  • An industry-recognised qualification in data collection
  • Learn methodologies that will enable you to comply with International Standards for the identification, collection, acquisition and preservation of digital evidence as described in ISO 27037 and the APCO Good Practice Guide for Digital Evidence
  • Develop skills and an understanding of the policies and practices required that will withstand scrutiny by a third party
  • Gain confidence in forensic imaging and copying data from a number of environments using different methods and software



A general appreciation of Information technology and computer forensic principles/ methods is desirable, but not essential.

Course Content

1. Investigations Principles and Strategy

a. Legislation Considerations

b. ACPO Guideline -The Four Principles

2. Competency

a. ACPO Guideline - Competency

b. ISO standards

c. Relevant case law

3. Considerations

a. Challenges of evolving technology

b. Understanding the requirements of data collection

c. Technological conflicts

4. Collection, Exhibits & Continuity

a. Data collection sites

b. Data collection types

c. Information to be recorded

d. Statement for seizing physical evidence

e. Statement for copying virtual evidence

f. Chain of custody

5. Data Collection

a. The forensic preview

b. Physical examination

c. System date and time

6. Methods & Tools

a. Data acquisition methods

b. Data acquisition hardware

c. Data acquisition software

d. Data acquisition platforms

7. Forensic Image Types

a. Forensic Image

b. Forensic Clone

8. Source Integrity

a. Hardware write blockers

b. Software write blockers

c. Hashing & verification

9 Post Acquisition

a. Working copies & backups

10. Data collection Types

a. Physical

b. Logical

c. Selective

11. Data Environments

a. Booted

b. Static

c. Live

d. Volatile

e. Cloud

The above covers data collection from the following storage mediums:

a. HDD

b. SSD


d. SAN

e. NAS

f. File share

g. MS Exchange server

h. MS Outlook

i. Virtual disk

j. Virtual machine

k. Cloud storage

l. Webmail


n. Smart devices

o. Windows Operating Systems - artefacts

Exams & Certification

Those delegates successfully passing the exam at the end of the course will be awarded the Certified Data Collection Technician (CDaCT) qualification.

Related Courses

Privacy Notice

In order to provide you with the service requested we will need to retain and use your contact information in accordance with our Privacy Notice. If you choose to provide us with this information you explicitly consent to us using the information as necessary to provide the requested service to you. If you do not agree please do not proceed to request the service from us.

Marketing Permissions

Would you like to receive our newsletter and other information on products and services which we think will be of interest to you by email. We will always treat your information with care and in accordance with our Privacy Notice. You are free to withdraw this permission at any time.


We work with the best