Training Programs

Training programs typically fall along a number of continuums. For instance, some teach the fundamentals of digital forensics (identification, preservation, storage, analysis, and legal aspects), whereas others are primarily software tool–related and are provided by a software vendor. A few training programs fall somewhere in between: they teach fundamentals as well as selected software tools. Some training programs are for law enforcement only, whereas others support business/industry, consultants, as well as law enforcement. Finally, some training programs (primarily law enforcement) are provided free of charge, whereas others can be quite expensive, especially when a vendor requires purchase of their product in order to participate in the class. The cost of training is additional to the cost of the software.

Below are described some existing training programs that are available to law enforcement only. They are specifically mentioned because they have been in existence for many years and most likely will be in existence for the foreseeable future. At the end of this chapter, we provide links to Web resources that provide information on existing vendor-based training programs.

5.1. Law Enforcement–Only Training

One of the older training providers is the National White Collar Crime Center (NW3C; www.nw3c.org). NW3C is a nonprofit corporation whose membership is composed of law enforcement agencies, state regulatory bodies with criminal investigative authority, and state and local prosecution offices. Over the past 24 years, NW3C has offered dozens of courses of widely varying content, including courses useful for a probation officer; regarding financial crimes; regarding terrorism; as well as several courses that cover the technical aspects of digital forensics. These law enforcement–only courses are free of charge and held at various sites throughout the United States.

The International Association of Computer Investigative Specialists (IACIS; www.iacis.info) offers several training courses to members of law enforcement. According to their Web site, IACIS is an international volunteer nonprofit corporation composed of law enforcement professionals from federal, state, local, and international law enforcement agencies. These law enforcement–only courses are usually held once a year in Orlando, Florida. There are costs associated with the training.

The High Technology Crime Investigation Association (HTCIA; www.htcia.org) is an international organization whose purpose is to “…encourage, promote, aid and effect the voluntary interchange of data, information, experience, ideas and knowledge about methods, processes, and techniques relating to investigations and security in advanced technologies among its membership.” Its membership is open to local, state, or federal government officials who are involved in the investigation of electronic crimes. HTCIA provides training programs to its members several times throughout the year.

National law enforcement agencies, including the FBI and the U.S. Secret Service, have developed their own training programs for agents and officers. These programs range from basic courses in understanding how computer hardware and software works to advanced courses such as network intrusions. These are comprehensive courses that are open to agents of the individual agency providing the training, although some seats may be made available to local and state law enforcement agents.

5.2. Vendor Training

Digital forensics software development companies (AKA vendors) may offer training in their tools. Examples of vendors who also provide training include (in alphabetical order) AccessData (www.accessdata.com), ASR Data (www.asrdata. com), Digital Intelligence (www.digitalintelligence.com), and Guidance Software (www.guidancesoftware.com). Vendor-provided training is open to law enforcement, business/industry, consultants, and any other interested parties. Training is held in various locations in the United States and some internationally. Costs range according to the vendor and specific course, and some vendors require the purchase of their software before an interested party can participate in the training.

Vendor training may last from one day to a week or more, depending upon the depth of the course. Vendors usually offer more than one course (e.g., beginning, intermediate, and advanced courses). The author is familiar with many of the courses taught by these vendors, and the courses are usually comprehensive and provide numerous hands-on projects during the course.

During these courses, participants are provided descriptions of the software, its functionality, as well as instructor-led demonstrations of how to use a particular aspect of the software. Participants are usually provided digital media (e.g., hard drive images) to practice using the software tool and to demonstrate proficiency in the use of the tool. Training programs tend to concentrate on procedural knowledge, that is, how to use the tool in a step-by-step fashion in order to accomplish a specific task.

5.3. Training and Certification

Several vendors and training organizations provide “certifications.” A certification essentially indicates that the holder of the certification has demonstrated proficiency in the procedures and tools that were included as part of the training. Most vendors provide a “certificate of completion” at the end of the course; however, this should not be construed as a “certification.” A true “certification” usually requires a hands-on practicum that is completed off-site; a written report that documents the procedures the participant used to complete the practicum as well as any findings; and often includes a written examination. The cost of certification is over and above the cost of training a participant may have incurred. Certifying bodies may require a certified member to participate and document continuing education, and perhaps complete regular profi- ciency exams and dues payment, in order to remain current in the certification.

One certification body of note is IACIS, which offers two certifications, Certified Electronic Evidence Collection Specialist Certification (CEECS) and Certified Forensic Computer Examiner (CFCE). There are a number of commercial vendor certifications, too numerous to mention here. Vendor certifications require a hands-on practicum as well as a test. These certifications also require ongoing renewal, either through a

demonstration of continuing education (training) credits or through additional profi- ciency exams (see Chapter 3).