Digital Evidence Acquisition Specialist Training Program (DEASTP)Up one level
The primary purpose of the DEASTP course is to equip criminal investigators with the knowledge, skills, and abilities to properly identify and seize digital evidence. Through a combination of lecture, demonstration, hands on exercises, labs and a practical exercise investigators learn how to seize digital evidence from personal computer (PC) and notebook computer hard drives, floppy diskettes, compact disks (CDs), DVDs, thumb drives, and various flash media by acquiring forensically valid images of the digital media. Investigators also learn how to preview digital media prior to acquisition to determine if the media contains key text strings, unlawful graphics, etc.
The DEASTP program is an intense course that requires substantial computer aptitude. Successful completion of a graded practical exercise is required for graduation.
At the conclusion of the training program, the participants will be able to successfully seize digital evidence. This knowledge will be demonstrated through the completion of a 8 hour practical exercise on the last full day of the training program. The practical exercise includes a simulated search warrant scenario. [Note: The search warrant scenario does not include tactics (e.g. dynamic building entry, handcuffing suspects, use of firearms, etc)]. The practical exercise requires each student to work independently to acquire various types of digital evidence in a forensically sound manner.
This course, or equivalent AND the Introduction to Digital Evidence Analysis (IDEA), or equivalent are MANDATORY prerequisite training programs prior to attending the Seized Computer Evidence Recovery Specialist Training Program (SCERS). For SCERS prerequisite waiver information, please contact TOD at the point of contact listed on this page.
Length: The training program encompasses 2 weeks (76 Hours), beginning on a Monday and ending on the second Friday, with the graduation scheduled at approximately 10:30 to 11:00 a.m. Travel days are Sunday and Friday after graduation (approximately 12 noon).
- Electronic Law and Evidence
- Computer POST and Boot Process
- Command Prompt Operations
- Forensic Hardware
- File Compression
- Data Acquisition
- Final Digital Evidence Acquisition Practical Exercise
Each student is issued a comprehensive set of software, hardware, tools, and reference materials to enable the student to put the skills learned in class to use immediately upon return to his or her duty station. The issued materials include, but are not limited to, the following items:
- Firewire 800 PCMCIA Card
- Hard Drives, 500 GB (SATA)
- Computer tool kit, cables, and adapters for USB 2.0, Firewire (400/800), SATA, and PATA hard drives and devices
- Hardware Write Block and hand-held drive duplication devices, focusing mostly towards field and portable acquisition solutions.
- Various software, books and other training materials
All of these items are subject to change without notice. Items issued at export courses may vary.
Prerequisites for Attendance
A functional knowledge of computers is required. More specifically, this means
1. Basic knowledge of what a hard drive is (any hardware knowledge and experience is a plus
2. Basic knowledge of what flash media is
3. Basic knowledge of what USB is and be familiar with USB storage devices (i.e.; thumb drives)
4. Basic knowledge of what DOS is (any working knowledge is a plus, but not required)
5. Basic knowledge of what a file name and a file extension are
6. Basic knowledge of what write-blockers are and what they do
7. Basic knowledge of what optical media is
8. Basic knowledge of what RAM is
9. Understand basic Windows keyboard navigation and functions
10. Understand basic Windows mouse navigation and functions
11. Basic knowledge of what Linux is (any working knowledge is another plus, but not required)
12. Familiarity with and use of Microsoft Office Word, Excel and PowerPoint
13. Familiarity with rules of evidence and basic investigative procedures
14. Familiarity with law enforcement report writing
15. Familiarity with and use of Windows XP and/or Windows 7, including the following:
· Basic knowledge of what FAT32 and NTFS is
· Basic knowledge of and navigation around the computer desktop
· Familiarity with the Control Panel and its use
· How to install and uninstall common programs
· How to create, rename, copy, move and delete folders
· How to create, rename, copy, move and delete files
Novice skill level students who need training in any of the above requirements are referred to any of several sources including: Internet online training courses, adult training courses typically offered in local colleges and universities or other sources, commercial training providers that offer courses in fundamental computer usage.
Technical Operations Training Facility
Federal Law Enforcement Training Center
Glynco, GA 31524
Phone: (912) 267-2702
Fax: (912) 267-2797
- DEASTP-303 / Glynco, GA -- May 13, 2013 to May 24, 2013
- DEASTP-304 / Glynco, GA -- Aug 19, 2013 to Aug 30, 2013