1. Skip to content.
  2. Skip to navigation

Federal Law Enforcement Training Center

Sections
Personal tools
 
You are here: Home Training Programs Technical Operations Division Digital Evidence Acquisition Specialist Training Program (DEASTP)
Document Actions

Digital Evidence Acquisition Specialist Training Program (DEASTP)

Up one level

The primary purpose of the DEASTP course is to equip criminal investigators with the knowledge, skills, and abilities to properly identify and seize digital evidence. Through a combination of lecture, demonstration, hands on exercises, labs and a practical exercise investigators learn how to seize digital evidence from personal computer (PC) and notebook computer hard drives, floppy diskettes, compact disks (CDs), DVDs, thumb drives, and various flash media by acquiring forensically valid images of the digital media. Investigators also learn how to preview digital media prior to acquisition to determine if the media contains key text strings, unlawful graphics, etc.

The DEASTP program is an intense course that requires substantial computer aptitude. Successful completion of a graded practical exercise is required for graduation.

At the conclusion of the training program, the participants will be able to successfully seize digital evidence. This knowledge will be demonstrated through the completion of a 10 hour practical exercise on the last full day of the training program. The practical exercise includes a simulated search warrant scenario. [Note: The search warrant scenario does not include tactics (e.g. dynamic building entry, handcuffing suspects, use of firearms, etc)].  The practical exercise requires each student to work independently to acquire various types of digital evidence.

It is recommended that you attend this course before attending the Seized Computer Evidence Recovery Specialist (SCERS) training program. SCERS students are required to possess the skills and technical information presented in this course before they attend the SCERS training program.

Type: Advanced

Length: The training program encompasses 2 weeks (76 Hours), beginning on a Monday and ending on the second Friday, with the graduation scheduled at approximately 10:30 to 11:00 a.m. Travel days are Sunday and Friday after graduation (approximately 12 noon).

Curriculum

  • Electronic Law and Evidence
  • Computer POST and Boot Process
  • Command Prompt Operations
  • Forensic Hardware
  • File Compression
  • Data Acquisition
  • Final Digital Evidence Acquisition Practical Exercise

Training Materials

Each student is issued a comprehensive set of software, hardware, tools, and reference materials to enable the student to put the skills learned in class to use immediately upon return to his or her duty station. The issued materials include, but are not limited to, the following items:

  • ADF Triage-ID ™
  • DVD-ROM / CD-ROM Drive
  • Firewire 800 PCMCIA Card
  • Hard Drives, 320 GB (PATA and SATA)
  • PCI cards, cables, and adapters for USB 2.0, Firewire (400/800), SATA, and PATA hard drives and devices
  • Hardware Write Block devices (PATA Hard Drive and Flash Media Cards)
  • WinHex Specialist Edition®

All of these items are subject to change without notice. List effective August 31, 2007. Items issued at export courses may vary.

Prerequisites for Attendance

A functional knowledge of computers is required. More specifically, this means:

  1. Experience with the majority of the functions of a Word Processor (e.g. Word or Word Perfect).
  2. Training or background in the use of a mouse, and knowledge of the basic concepts governing the use of Microsoft Windows, version 9X, Me, 2000, XP, or Vista.
  3. Use of command/system prompts. In other words, using a computer in some way other than mouse-clicking Windows controls. Students must possess knowledge of the usage of basic Command Prompt commands, including, but not limited to
    • DIR Create "Subdirectories" on a diskette/hard disk (MD) and store data within the subdirectories; also access the subdirectories (CD), and remove the subdirectories (RD).
    • COPY one file/many files/entire diskettes
    • DEL/ERASE one file/many files
    • TYPE to view the contents of Text Files
  4. Use of My Computer or Explorer file management program provided with Windows to navigate through the directories / folders and files contained on a computer.

Students who need training in any of the above requirements are referred to any of several sources including: Internet online training courses, adult training courses typically offered in local colleges and universities or other sources, commercial training providers that offer courses in fundamental computer usage.

Contact Information

DEASTP Program Coordinator
Technical Operations Division
Bldg. 793
Federal Law Enforcement Training Center
Glynco, GA 31524
Phone: (912) 267-2876 or (912) 267-2394
Fax: (912) 267-2797
FLETC-TOD-DigitalForensicsBranch@dhs.gov

Training Dates

DEASTP-001 / Glynco, GA -- January 25, 2010 to February 05, 2010
DEASTP-002 / Glynco, GA -- May 03, 2010 to May 14, 2010
* last modified October 17, 2008 12:21