Personal tools
You are here: Home Training Programs Technical Operations Division Digital Evidence Acquisition Specialist Training Program (DEASTP)
Document Actions

Digital Evidence Acquisition Specialist Training Program (DEASTP)

Up one level

The primary purpose of the DEASTP course is to equip criminal investigators with the knowledge, skills, and abilities to properly identify and seize digital evidence. Through a combination of lecture, demonstration, hands on exercises, labs and a practical exercise investigators learn how to seize digital evidence from personal computer (PC) and notebook computer hard drives, floppy diskettes, compact disks (CDs), DVDs, thumb drives, and various flash media by acquiring forensically valid images of the digital media. Investigators also learn how to preview digital media prior to acquisition to determine if the media contains key text strings, unlawful graphics, etc.

The DEASTP program is an intense course that requires substantial computer aptitude. Successful completion of a graded practical exercise is required for graduation.

At the conclusion of the training program, the participants will be able to successfully seize digital evidence. This knowledge will be demonstrated through the completion of a 8 hour practical exercise on the last full day of the training program. The practical exercise includes a simulated search warrant scenario. [Note: The search warrant scenario does not include tactics (e.g. dynamic building entry, handcuffing suspects, use of firearms, etc)].  The practical exercise requires each student to work independently to acquire various types of digital evidence in a forensically sound manner.

This course, or equivalent AND the Introduction to Digital Evidence Analysis (IDEA), or equivalent are MANDATORY prerequisite training programs prior to attending the Seized Computer Evidence Recovery Specialist Training Program (SCERS).  For SCERS prerequisite waiver information, please contact TOD at the point of contact listed on this page.

Type: Advanced

Length: The training program encompasses 2 weeks (76 Hours), beginning on a Monday and ending on the second Friday, with the graduation scheduled at approximately 10:30 to 11:00 a.m. Travel days are Sunday and Friday after graduation (approximately 12 noon).

Curriculum

  • Electronic Law and Evidence
  • Computer POST and Boot Process
  • Command Prompt Operations
  • Forensic Hardware
  • File Compression
  • Data Acquisition
  • Final Digital Evidence Acquisition Practical Exercise

Training Materials

Each student is issued a comprehensive set of software, hardware, tools, and reference materials to enable the student to put the skills learned in class to use immediately upon return to his or her duty station. The issued materials include, but are not limited to, the following items:

  • Mid-tower Personal Computer
  • Firewire 800 PCMCIA Card
  • Hard Drives, 500 GB (PATA orSATA)
  • Computer tool kit, cables, and adapters for USB 2.0, Firewire (400/800), SATA, and PATA hard drives and devices
  • Hardware Write Block devices (PATA Hard Drive and Flash Media Cards)
  • Various software, books and other training materials

All of these items are subject to change without notice. Items issued at export courses may vary.

Prerequisites for Attendance

A functional knowledge of computers is required. More specifically, this means:

  1. Significant experience with the majority of the functions of a Word Processor (e.g. Word or Word Perfect).
  2. Training and practical experience  in the use of a mouse, and knowledge of the use of Microsoft Windows XP, and Windows 7.
  3. Use of command/system prompts. In other words, using a computer without a graphical user interface (GUI). Students must possess a working knowledge of the use of basic Command Prompt commands, including, but not limited to
    • DIR Create "Subdirectories" on a diskette/hard disk (MD) and store data within the subdirectories; also access the subdirectories (CD), and remove the subdirectories (RD).
    • COPY one file/many files/entire diskettes
    • DEL/ERASE one file/many files
    • TYPE to view the contents of Text Files
  4. Command of the “My Computer” and Explorer file management interface provided with Windows to navigate through the directories / folders and files contained on a computer.

Novice skill level students who need training in any of the above requirements are referred to any of several sources including: Internet online training courses, adult training courses typically offered in local colleges and universities or other sources, commercial training providers that offer courses in fundamental computer usage.

Contact Information

Training Technician
Technical Operations Training Facility
Bldg. 217
Federal Law Enforcement Training Center
Glynco, GA 31524
Phone: (912) 267-2702
Fax: (912) 267-2797
Fletc-TechnicalOpsTrngFacility@dhs.gov

Training Dates

DEASTP-301 / Glynco, GA -- Nov 26, 2012 to Dec 07, 2012
DEASTP-302 / Glynco, GA -- Feb 25, 2013 to Mar 08, 2013
DEASTP-303 / Glynco, GA -- May 13, 2013 to May 24, 2013
DEASTP-304 / Glynco, GA -- Aug 19, 2013 to Aug 30, 2013