Personal tools
You are here: Home Training Programs Technical Operations Division Introduction to Digital Evidence Analysis (IDEA)
Document Actions

Introduction to Digital Evidence Analysis (IDEA)

Up one level

The IDEA training program teaches the student how to navigate through the two most commonly used computer forensic suites in the United States, Guidance Software’s EnCase and AccessData’s Ultimate Toolkit. Additionally, it will provide the student with an introduction to digital forensic specific legal issues. This one-week course is considered a highly recommended prerequisite for attendance at the two-week Seized Computer Evidence Recovery Specialist Training Program (SCERS), which immediately follows this course. (See SCERS web page for specifics on that course.)

The IDEA training program is a course born out of necessity. As the digital forensic suites have become more and more powerful, the amount of time needed to adequately teach their interface has grown accordingly. This has necessitated a rethink of how SCERS will proceed in the future. During the last curriculum review conference, partner organization members agreed that the time had come to add training time to SCERS to help alleviate the high tempo and stress associated with that course. The result was the IDEA course which is designed as an introduction to the interfaces of the forensic suites currently being taught in SCERS. Additionally, it gives the student time for an introduction/refresher on the current trends in digital law at the federal level. Finally and most importantly, this frees up valuable time in SCERS to teach more in-depth artifacts and a greater variety of forensic techniques than was previously available.

DEASTP will still remain as a requirement for attendance in SCERS, as it teaches the proper methodology for acquiring digital evidence in a forensically sound manner while SCERS teaches how to analyze this data. They are two distinct skill-sets and both are required for offices where the digital evidence examiner must also respond to the scene and collect the evidence. SCERS does not incorporate any data acquisition in the curriculum which is one of the reasons DEASTP is a prerequisite. IDEA is merely another week of training used to bridge the DEASTP and SCERS. This is done to get the students “up to speed” on the digital forensic suite interfaces used in the SCERS program. The planners of this course envisioned that future

SCERS students would attend IDEA for five days, and then segue right into SCERS which will always begin the Monday following IDEA’s graduation on the previous Friday. This would save the partner organization travel funds by having their student stay three consecutive weeks for the revamped SCERS Program. If this is not feasible due to mission requirements attendance at any IDEA will be honored for the current and next fiscal training year. (For example: if the student attended IDEA in the spring then the student could attend SCERS later in the year, or even the following year, if necessary.)  Obviously, the sooner a student attends SCERS after attending IDEA would bring the most benefit, as the forensic suites are updated nearly monthly and attendance at IDEA this year would not guarantee use of the same version of forensic suite the following year.

As IDEA is primarily a digital forensic preparatory course, its overhead and cost are relatively modest. Neither software, hardware nor forensic textbooks are issued during this course. The knowledge and experience so essentially necessary in passing SCERS are gained by the student in IDEA curriculum.

Type: Advanced

Length: Encompasses 1 week (38 Hours), beginning on a Monday and ending on the Friday, with the graduation scheduled at approximately 2:00 to 2:30 p.m. Travel days are Sunday and Friday after 4:30 p.m. Return flights before this time should not be scheduled.

Curriculum

  • Setting up a Forensic Computer
  • Introduction to Computer Science Terminology and Concepts
  • Digital Forensic Jargon and Concepts
  • Digital Forensic Legal Briefing
  • Orientation to Guidance Software’s EnCase
  • Orientation to AccessData’s Ultimate Toolkit
  • Final Practical hands-on exercise using both suites.

Tuition and Cost

The tuition also includes room, meals and local transportation.

Training Materials

The class attendees will receive a lot of hands-on laboratories to help cement the use of the forensic suite interfaces which will be used in SCERS. The actual forensic tools will be issued in the SCERS Program. This knowledge will provide the students with the skills necessary to be able to successfully complete the forensic analysis of seized digital media.

Prerequisites for Attendance

Successful completion of FLETC's Digital Evidence Acquisition Specialist Training Program (DEASTP) or equivalent is required for admission to the IDEA. Applicants that have not attended FLETC's DEASTP may attend the IDEA training program if they have experience and knowledge, acquired through formal education and/or on-the-job training, which is equivalent to that which is presented within the DEASTP. The equivalency training is subject to prior approval by the IDEA Program Coordinator. (Contact us for waiver approvals.)

Participants are expected to have experience in seizing and imaging desktop and notebook computers and associated media in a forensically sound manner as well as substantial experience with the Microsoft Windows© Operating System or equivalent GUI based system(s).

Additional Information

Graduation scheduled at approximately 2:00 to 2:30 p.m. Travel days are Sunday and Friday after 2:30pm. Return flights before 4:30 pm should not be scheduled. Students should be alerted to the availability of after-hours classroom time (6 optional laboratory hours).

Contact Information

Training Technician
Technical Operations Training Facility
Bldg. 217
Federal Law Enforcement Training Center
Glynco, GA 31524
Phone: (912) 267-2702
Fax: (912) 267-2797
Fletc-TechnicalOpsTrngFacility@dhs.gov

Training Dates

IDEA-203 / Glynco, GA -- Jul 09, 2012 to Jul 13, 2012
IDEA-204 / Glynco, GA -- Sep 10, 2012 to Sep 14, 2012
IDEA-301 / Glynco, GA -- Jan 28, 2013 to Feb 01, 2013
IDEA-302 / Glynco, GA -- Apr 08, 2013 to Apr 12, 2013
IDEA-303 / Glynco, GA -- Jul 15, 2013 to Jul 19, 2013
IDEA-304 / Glynco, GA -- Sep 09, 2013 to Sep 13, 2013