290

May 21, 2020
KSATs
290 (NIST ID: K0118)

Knowledge

Knowledge of processes for seizing and preserving digital evidence (e.g., chain of custody).
Items denoted by a * are CORE KSATs for every Work Role, while other CORE KSATs vary by Work Role.

Core KSAT for the following Work Roles

Cyber Crime Investigator (Core) ID: 221 (NIST ID: IN-CI-001) Workforce Element: Cyberspace Enablers / Legal/Law Enforcement

Identifies, collects, examines, and preserves evidence using controlled and documented analytical and investigative techniques.

Additional KSAT for the following Work Roles

Cyber Defense Forensics Analyst (Additional) ID: 212 (NIST ID: IN-FO-002) Workforce Element: Cybersecurity

Analyzes digital evidence and investigates computer security incidents to derive useful information in support of system/network vulnerability mitigation.
Forensics Analyst (Additional) ID: 211 (NIST ID: IN-FO-001) Workforce Element: Cyberspace Enablers / Legal/Law Enforcement

Conducts deep-dive investigations on computer-based crimes establishing documentary or physical evidence, to include digital media and logs associated with cyber intrusion incidents.