Knowledge of processes for seizing and preserving digital evidence (e.g., chain of custody).
Core KSAT for the following Work Roles
Identifies, collects, examines, and preserves evidence using controlled and documented analytical and investigative techniques.
Additional KSAT for the following Work Roles
Analyzes digital evidence and investigates computer security incidents to derive useful information in support of system/network vulnerability mitigation.
Conducts deep-dive investigations on computer-based crimes establishing documentary or physical evidence, to include digital media and logs associated with cyber intrusion incidents.