The Digital Evidence Acquisition Specialist Training (DEASTP) is designed to equip criminal investigators with the knowledge, skills, and abilities to properly identify, seize and acquire digital evidence. Through a combination of lecture, demonstration, hands on exercises, labs and a practical exercise investigators learn how to seize digital evidence from personal computer (PC) and notebook computer hard drives, floppy diskettes, compact disks (CDs), DVDs, thumb drives, and various flash media by acquiring forensically valid images of the digital media. Investigators also learn how to preview digital media prior to acquisition to determine if the media contains key text strings, unlawful graphics, etc.
The DEASTP program is an intense program that requires substantial computer aptitude. Successful completion of a graded practical exercise is required for graduation.
At the conclusion of the training program, the participants will be able to successfully seize digital evidence. This knowledge will be demonstrated through the completion of an eight hour practical exercise on the last full day of the training program. The practical exercise includes a simulated search warrant scenario. [Note: The search warrant scenario does not include tactics (e.g. dynamic building entry, handcuffing suspects, use of firearms, etc.). The practical exercise requires each student to work independently to acquire various types of digital evidence in a forensically sound manner.
Novice skill level students who need training in any of the prerequisites are referred to any of several sources including: Internet online training courses, adult training courses typically offered in local colleges and universities or other sources, commercial training providers that offer courses in fundamental computer usage.
This program is also offered without equipment at a reduced tuition.
- Applicant must be a law enforcement officer/agent with arrest authority in the prevention, detection, apprehension, detention and/or investigation of felony and/or misdemeanor violations of federal, state, local, tribal, or military criminal laws or law enforcement support personnel whose duties include identifying, seizing and acquiring digital evidence.
- A functional knowledge of computers is required, specifically:
- Basic knowledge of hard drives
- Basic knowledge of flash media
- Basic knowledge of USB and with USB storage devices
- Basic knowledge of DOS
- Basic knowledge of file names and file extensions
- Basic knowledge of write-blockers and their function
- Basic knowledge of optical media
- Basic knowledge of RAM
- Basic knowledge Windows keyboard navigation and functions
- Basic knowledge Windows mouse navigation and functions
- Basic knowledge of Linux
- Familiarity with Microsoft Office Word, Excel and PowerPoint
- Familiarity with rules of evidence/investigative procedures
- Familiarity with law enforcement report writing
- Familiarity with Windows XP/Windows 7 including:
- Basic knowledge of FAT32 and NTFS
- Basic knowledge of navigation on the computer desktop
- Familiarity with the Control Panel and its use
- How to install and uninstall common programs
- How to create, rename, copy, move and delete folders
- How to create, rename, copy, move and delete files
Required Training Materials
- Electronic Law and Evidence
- First Responders to Digital Evidence
- Data Acquisition
- Disk Acquisition: Final Practical Exercise
- Network Investigations
Federal organization personnel should contact their agency training officer to register for training, email questions to FLETCAdmissions@fletc.dhs.gov or telephone 912-267-3344.
State, local and tribal officers requesting training should register online. If organizational support is required or you have additional needs, please email email@example.com or call us at 1-800-743-5382.
International (non-US) personnel should email FLETCfirstname.lastname@example.org or telephone 912-261-4023.
Program Contact Info
Glynco: (912) 267-2702