Seized Computer Evidence Recovery Specialist (SCERS)Up one level
The SCERS training program teaches FUNDAMENTAL forensic techniques for the analysis of electronic data from desktop computer systems and selected peripherals. While the course is an advanced training for FLETC, it is designed as a comprehensive digital forensics FOUNDATIONAL course of instruction for novice examiners or those who wish to update their skill/tool set.
The SCERS training program is an intense course that requires substantial computer aptitude and prior computer training equivalent to that presented in the Digital Evidence Acquisition Specialist Training Program (DEASTP). DEASTP teaches the proper methodology for acquiring digital evidence in a forensically sound manner; SCERS teaches how to analyze this data. They are two distinct skill-sets and both are required for offices where the digital evidence examiner must also respond to the scene and collect the evidence. SCERS no longer incorporates any data acquisition in the curriculum which is why DEASTP is a prerequisite. Successful completion of a graded practical exercise is required for graduation. Classroom work is intensive with substantial after hours work required for most students.
The SCERS training program tuition includes state-of-the-art hardware and software which will be issued to each student and will be demonstrated and used during class. The goal of the course is to provide the hardware, software and training to enable the graduate to examine digital evidence upon return to their office. Topics addressed in SCERS include examinations of data from desktop and notebook computers running commonly used operating systems, including but not limited to Windows 9X, NT, 2000, XP, Vista, 7, and 8; hands-on use of specialized software to enhance investigative analysis; and legal issues relating to the introduction of computer evidence in court.
While this is an expensive course by FLETC standards, the hardware and software issued to each student during the course provide exceptional value when compared to other digital forensic courses. The tuition also includes room, meals and local transportation. A list of major items issued during the course is available below.
Length: Encompasses 2 weeks (76 Hours), beginning on a Monday and ending on the second Friday, with the graduation scheduled at approximately 11:00 to 11:30 a.m. Travel days are Sunday and Friday after 12pm. Return flights before 2 pm should not be scheduled.
- Setting up a Forensic Computer
- Digital Forensic Jargon and Concepts
- In-depth Analysis of Selected Windows Structures
- Recycle Bin
- File Dates/Times
- Graphic Files
- EXIF Data
- Internet Explorer
- Print Spools
- Link Files
- File Compression
- Compound Files
- Alternate Data Streams
- Thumbs.DB / Thumbnail.Cache
- Event Logs
- Timeline Analysis
- Password Cracking
- RAM Dump Review
- File HASH
- Toolset Validation Procedures
The class attendees will receive a comprehensive collection of hardware, software, tools, and books including a forensic-capable computer and the latest versions of Guidance Software’s Encase and AccessData’s Ultimate Toolkit. These items will provide the students with the equipment necessary to be able to successfully complete the forensic analysis of seized digital media.
Prerequisites for Attendance
Successful completion of FLETC's Digital Evidence Acquisition Specialist Training Program (DEASTP) or equivalent is required for admission to the SCERS. Additionally, the Introduction to Digital Evidence Analysis (IDEA) Training Program or equivalent is VERY HIGHLY ENCOURGED (Please see IDEA Training Program web page for details). Applicants that have not attended FLETC's DEASTP and IDEA may attend the SCERS training program if they have experience and knowledge, acquired through formal education and/or on-the-job training, which is equivalent to that which is presented within the DEASTP and IDEA. Subject to prior approval by program coordinator. (Call for waiver approvals.)
Participants are expected to have experience in seizing and imaging desktop and notebook computers in a forensically sound manner as well as substantial experience with the Microsoft Windows© Operating System or equivalent GUI based system(s). Additionally, working knowledge of AccessData’s Ultimate Toolkit and Guidance Software’s EnCase are also expected.
Graduation scheduled at approximately 11:00 to 11:30 a.m. Travel days are Sunday and Friday after 12pm. Return flights before 2 pm should not be scheduled. Students should be prepared for substantial after-hours classroom time (21 optional laboratory hours). Issued items subject to change based upon price/availability & functionality without prior notice.
Technical Operations Training Facility
Federal Law Enforcement Training Center
Glynco, GA 31524
Phone: (912) 267-2702
Fax: (912) 267-2797
- G_SCERS-406 / Glynco, GA -- Aug 04, 2014 to Aug 15, 2014