Assist in implementing digital forensic processes
Overview
This standard is about assisting in implementing digital forensic processes whilst maintaining evidential integrity.
This involves helping with identifying, collecting and analysing digital information in support of investigations to determine the circumstances of events of concern to an organisation. This includes applying ethical considerations as well as knowing when not to act.
This standard covers the competencies needed to assist in implementing digital forensic processes. It is for those who need to assist in implementing digital forensic processes as part of their duties.
Performance criteria
You must be able to:
- Assist with identifying potential sources of information from digital devices and systems whilst preserving evidence
- Undertake disassembly and reassembly of digital devices to perform forensic imaging and data capture
- Assist with accurately reporting appropriate incident information in line with organisational standards
- Assist with data recovery from digital devices and systems using approved digital forensic tools in line with organisational procedures
- Assist with analysing digital evidence using approved tools and techniques to produce information in a format ready for full examination by digital forensic analysts
- Contribute to documenting event information to maintain accurate and auditable records
- Assist in the maintenance of the digital forensic hardware and software infrastructure and tools
Produce reports of digital forensic work undertaken in line with organisational procedures
Apply the primary features of law, regulations and organisational standards relevant to digital forensics activities
Knowledge and Understanding
You need to know and understand:
- That digital forensics is the identification, collection, examination and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data
- The types of computer misuse that can occur and how to identify them
- Computer forensic principles and the importance of ensuring that evidence is not contaminated
The Computer Misuse Act and civil and criminal laws relevant to digital forensic investigations
When not to act during digital forensic investigations
The need to consider ethics when dealing with personal information during forensic investigations
The types of digital device that may be investigated, including mobile phones, laptops, tablets and personal computers, fixed and cloud networked system log files and portable digital storage devices
- The main principles, tools and techniques used in the eDiscovery process
- How to apply investigation skills and evidence handling in digital forensic investigations
- Triage basic examination, processing and reporting of mobile phone devices.
- The role of chain of custody in preserving the value of digital evidence
- The volatile nature of data
How to investigate operating systems
The file structures used for hard disk drives,
network files and solid state drivesThe importance of hash values in digital forensics for data integrity
- The industry standard digital forensic tools used to extract and analyse digital evidence and how to apply them
- How to undertake network forensics in a client-server and virtual network
- How to read data from mobile phones
- Data subject access request, redaction and disclosure
- Organisational digital forensic procedures, regulatory and international standards and industry codes of practice