Digital Forensics Certified Data Collection Technician (CDaCT)

Provided by

Enquire about this course

About the course

Digital Forensics
Certified Data Collection Technician (CDaCT)
Fundamentals - level course


This is a three-day fundamentals level course for people who have to handle or advise on electronic evidence/data on a regular basis and provides them with the skills to ensure that forensic and evidential integrity is retained when data is transferred or copied.

How will I benefit?
This course will give you:

  • The skills you need to be competent in handling data during the initial stages of investigation
  • The opportunity to practice identifying and collecting electronic evidence/data and build your confidence
  • An industry-recognised qualification in data collection

“The course was really good, and especially well taught.  The value is where the trainers are active within their field of expertise."

CDaCT delegate

What will I learn?

  • You will be introduced to the legalities, best practice and current techniques used for data acquisition as part of forensic investigation, eDiscovery or other regulatory proceedings
  • You will carry out forensic imaging in a number of environments, using different methods and software
  • You will learn how to extract individual mailboxes from a live Microsoft Exchange email server, as well as live system memory and volatile data capture


Who should attend?
Anyone responsible for the process of data acquisition including:

  • eDiscovery consultants
  • Litigation support managers
  • Civil litigation lawyers / legal council
  • Law enforcement officers & agents
  • IT security officers
  • Network administrators.


This is a fundamentals-level course for people who have to handle or advise on electronic evidence/ data on a regular basis and provides them with the skills to ensure that forensic and evidential integrity
is retained when data is transferred or copied

COURSE OVERVIEW
Gain confidence in securing, collecting, acquiring and the preserving of
digital evidence by getting a practical understanding of the legalities, best
practice and current techniques used for cyber investigations, eDiscovery,
or other regulatory proceedings in accordance with ISO 27037.

This three-day course is ideal for those new to the subject area who are
required to advise on and/or handle data collection on a regular basis, or seasoned practitioners looking for additional forensic imaging methodologies or some formal accreditation in this area.

The course includes the following:

  • An overview of current legislation and the impact of recent case law
  • ACPO best practice and other guidelines for data collection, and relevant ISO standards
  • What is ‘forensic’ in respect to data acquisition?
  •  Evidence seizure, handling and chain of custody
  •  The challenges of data collection due to evolving technologies from static, network, live and cloud storage environments
  •  Data verification, integrity, hashing techniques and actions on failure
  •  Differences between static, booted, live and network acquisition
  •  When to consider live and volatile data collection and its potential impact
  • Documenting your process and report/ statement writing

Delegates will apply the theory of securing and acquiring forensic data during practical exercises to demonstrate the techniques of forensic imaging in a number of environments using different techniques and software; the capturing of a system from a virtualised environment; extracting an individual mailbox from a live Microsoft Exchange e-mail server, and live system memory and volatile data capture.

THE SKILLS YOU WILL LEARN

  • You will be introduced to the legalities, best practice and current techniques used for data acquisition as part of forensic investigation, eDiscovery or other regulatory proceedings
  • You will carry out forensic imaging in a number of environments, using different methods and software
  • You will learn how to extract individual mailboxes from a live MicrosoftExchange email server, as well as live system memory and volatile data capture

KEY BENEFITS
This course will give you:

  • The skills you need to be competent in handling data during the initial stages of investigation
  • The opportunity to practice identifying and collecting electronic evidence/ data and build your confidence
  •  An industry-recognised qualification in data collection
  • Learn methodologies that will enable you to comply with International Standards for the identification,collection, acquisition and preservation of digital evidence as described in ISO 27037 and the APCO Good Practice Guide for Digital Evidence
  •  Develop skills and an understanding of the policies and practices required that will withstand scrutiny by a third party
  •  Gain confidence in forensic imaging  and copying data from a number of environments using different methods and software

WHO SHOULD ATTEND
Anyone responsible for the process of data acquisition, including:

  • Law enforcement officers and agents
  •  Network administrators
  • IT security officers
  •  Civil litigation lawyers/legal council
  •  Litigation support managers
  •  eDiscovery consultants

PREREQUISITES
A general appreciation of Information technology and
computer forensic principles/ methods is desirable, but not essential.


WHAT QUALIFICATION WILL I RECEIVE?
Those delegates successfully passing the exam at the end
of the course will be awarded 7Safe’s Certified Data Collection
Technician (CDaCT) qualification.

Syllabus

1.Investigations Principles and Strategy
a. Legislation Considerations
b. ACPO Guideline -The Four
Principles

2. Competency
a. ACPO Guideline - Competency
b. ISO standards
c. Relevant case law

3. Considerations
a. Challenges of evolving
technology
b. Understanding the requirements
of data collection
c. Technological conflicts

4. Collection, Exhibits & Continuity
a. Data collection sites
b. Data collection types
c. Information to be recorded
d. Statement for seizing physical
evidence
e. Statement for copying virtual
evidence
f. Chain of custody

5. Data Collection
a. The forensic preview
b. Physical examination
c. System date and time

6. Methods & Tools
a. Data acquisition methods
b. Data acquisition hardware
c. Data acquisition software
d. Data acquisition platforms

7. Forensic Image Types
a. Forensic Image
b. Forensic Clone

8. Source Integrity
a. Hardware write blockers
b. Software write blockers
c. Hashing & verification

9 Post Acquisition
a. Working copies & backups

10. Data collection Types
a. Physical
b. Logical
c. Selective

11. Data Environments
a. Booted
b. Static
c. Live
d. Volatile
e. Cloud
The above covers data collection
from the following storage mediums:
a. HDD
b. SSD
c. RAID
d. SAN
e. NAS
f. File share
g. MS Exchange server
h. MS Outlook
i. Virtual disk
j. Virtual machine
k. Cloud storage
l. Webmail
m.Website
n. Smart devices
o. Windows Operating Systems - artefacts

Enquire

Start date Location / delivery
04 Nov 2020 Cambridge

Related article

CYBER PULSE: EDITION 133 | 14 OCTOBER 2020 Read the latest edition of Cyber Pulse: Beware of scams and lures around Amazon Prime Day 2020, Apple bug