290
May 21, 2020
KSATs
290 (NIST ID: K0118)
Knowledge
Knowledge of processes for seizing and preserving digital evidence (e.g., chain of custody).
Items denoted by a * are CORE KSATs for every Work Role, while other CORE KSATs vary by Work Role.
Core KSAT for the following Work Roles
Cyber Crime Investigator (Core)
Identifies, collects, examines, and preserves evidence using controlled and documented analytical and investigative techniques.
Additional KSAT for the following Work Roles
Cyber Defense Forensics Analyst (Additional)
Analyzes digital evidence and investigates computer security incidents to derive useful information in support of system/network vulnerability mitigation.
Forensics Analyst (Additional)
Conducts deep-dive investigations on computer-based crimes establishing documentary or physical evidence, to include digital media and logs associated with cyber intrusion incidents.