Introduction to Digital Evidence Analysis (IDEA)Up one level
The IDEA training program teaches the student how to navigate through the two most commonly used computer forensic suites in the United States, Guidance Software’s EnCase and AccessData’s Ultimate Toolkit. Additionally, it will provide the student with an introduction to digital forensic specific legal issues. This one-week course is considered a highly recommended prerequisite for attendance at the two-week Seized Computer Evidence Recovery Specialist Training Program (SCERS), which immediately follows this course. (See SCERS web page for specifics on that course.)
The IDEA training program is a course born out of necessity. As the digital forensic suites have become more and more powerful, the amount of time needed to adequately teach their interface has grown accordingly. This has necessitated a rethink of how SCERS will proceed in the future. During the last curriculum review conference, partner organization members agreed that the time had come to add training time to SCERS to help alleviate the high tempo and stress associated with that course. The result was the IDEA course which is designed as an introduction to the interfaces of the forensic suites currently being taught in SCERS. Additionally, it gives the student time for an introduction/refresher on the current trends in digital law at the federal level. Finally and most importantly, this frees up valuable time in SCERS to teach more in-depth artifacts and a greater variety of forensic techniques than was previously available.
DEASTP will still remain as a requirement for attendance in SCERS, as it teaches the proper methodology for acquiring digital evidence in a forensically sound manner while SCERS teaches how to analyze this data. They are two distinct skill-sets and both are required for offices where the digital evidence examiner must also respond to the scene and collect the evidence. SCERS does not incorporate any data acquisition in the curriculum which is one of the reasons DEASTP is a prerequisite. IDEA is merely another week of training used to bridge the DEASTP and SCERS. This is done to get the students “up to speed” on the digital forensic suite interfaces used in the SCERS program. The planners of this course envisioned that future
SCERS students would attend IDEA for five days, and then segue right into SCERS which will always begin the Monday following IDEA’s graduation on the previous Friday. This would save the partner organization travel funds by having their student stay three consecutive weeks for the revamped SCERS Program. If this is not feasible due to mission requirements attendance at any IDEA will be honored for the current and next fiscal training year. (For example: if the student attended IDEA in the spring then the student could attend SCERS later in the year, or even the following year, if necessary.) Obviously, the sooner a student attends SCERS after attending IDEA would bring the most benefit, as the forensic suites are updated nearly monthly and attendance at IDEA this year would not guarantee use of the same version of forensic suite the following year.
As IDEA is primarily a digital forensic preparatory course, its overhead and cost are relatively modest. Neither software, hardware nor forensic textbooks are issued during this course. The knowledge and experience so essentially necessary in passing SCERS are gained by the student in IDEA curriculum.
Length: Encompasses 1 week (38 Hours), beginning on a Monday and ending on the Friday, with the graduation scheduled at approximately 2:00 to 2:30 p.m. Travel days are Sunday and Friday after 4:30 p.m. Return flights before this time should not be scheduled.
- Setting up a Forensic Computer
- Introduction to Computer Science Terminology and Concepts
- Digital Forensic Jargon and Concepts
- Digital Forensic Legal Briefing
- Orientation to Guidance Software’s EnCase
- Orientation to AccessData’s Ultimate Toolkit
- Final Practical hands-on exercise using both suites.
Tuition and Cost
The tuition also includes room, meals and local transportation.
The class attendees will receive a lot of hands-on laboratories to help cement the use of the forensic suite interfaces which will be used in SCERS. The actual forensic tools will be issued in the SCERS Program. This knowledge will provide the students with the skills necessary to be able to successfully complete the forensic analysis of seized digital media.
Prerequisites for Attendance
Successful completion of FLETC's Digital Evidence Acquisition Specialist Training Program (DEASTP) or equivalent is required for admission to the IDEA. Applicants that have not attended FLETC's DEASTP may attend the IDEA training program if they have experience and knowledge, acquired through formal education and/or on-the-job training, which is equivalent to that which is presented within the DEASTP. The equivalency training is subject to prior approval by the IDEA Program Coordinator. (Contact us for waiver approvals.)
Participants are expected to have experience in seizing and imaging desktop and notebook computers and associated media in a forensically sound manner as well as substantial experience with the Microsoft Windows© Operating System or equivalent GUI based system(s).
Graduation scheduled at approximately 2:00 to 2:30 p.m. Travel days are Sunday and Friday after 2:30pm. Return flights before 4:30 pm should not be scheduled. Students should be alerted to the availability of after-hours classroom time (6 optional laboratory hours).
Technical Operations Training Facility
Federal Law Enforcement Training Center
Glynco, GA 31524
Phone: (912) 267-2702
Fax: (912) 267-2797
- IDEA-203 / Glynco, GA -- Jul 09, 2012 to Jul 13, 2012
- IDEA-204 / Glynco, GA -- Sep 10, 2012 to Sep 14, 2012
- IDEA-303 / Glynco, GA -- Jul 15, 2013 to Jul 19, 2013
- IDEA-304 / Glynco, GA -- Sep 09, 2013 to Sep 13, 2013