Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Literature
  3. English Literature

Description of certification programmes

advertisement 
„Co-funded by the Prevention of and Fight against Crime Programme
of the European Union“
1. Certification programme “Collection of electronic objects”
Certification programme “Collection of electronic objects” is dedicated to investigators (first responders)
who work with electronic items collection at the crime scene: the officers involved in the examination of
the crime scene, search, seizure, and the operational group of officials involved in the crime scene
examination.
The main objective of the programme is to systematise the first responders’ knowledge, skills and
experience in the pre-trial investigation, where electronic objects collection is required.
The purpose of the programme is to prepare qualified investigating officer (hereinafter - investigator) who
is able to work on one crime site examination, search, seizure, where the electronic objects are collected.
Attendees of certification programme will gain these competences:







Will able to detect and identify electronic objects during proceedings
Will able properly to capture and record the found electronic items
Will able properly to collect and pack during proceedings the found electronic items
Will able properly to prepare found items for transportation
Will able to identify during proceedings the situations when an involvement of specialist is required
Will able to perform forensics of live systems – to make a RAM copy of operating computers
Will contact and call a required specialist
The programme will provide with following knowledge and skills:


Basic knowledge about electronic objects
Knowledge oriented into legal regulation on actions taken on crime scene, search and seizure,
applied technological and processing standards (for example, forbidden and allowed actions,
proper performance, the proper recoding in documents, means applied).
The programme introduces the basic concepts, principles of electronic evidence collection, to electronic
and digital evidence, its collection and logging under Lithuanian regulations and case law, electronic objects
collection methods and tools, and with the main stages of the collection of electronic items.
The topic on electronic and digital evidence, its collection and logging regulations in Lithuania and the case
law includes proof of concepts and subjects, an importance of evidences, the types of documents relevant
to the offense investigation and examine, the behaviour at the collection of information about individuals
with limited prosecution, examination of other traces at collection of electronic items, examination and use
of objects and documents proving the investigator's liability for breach of law during proceedings.
Electronic objects collection methods and tools dealt with in connection with certain procedural stage, for
example, with the preparation of a search, the search performance, fixing of objects and recording of the
search results.
1
„Co-funded by the Prevention of and Fight against Crime Programme
of the European Union“
In preparation for a search of a strong focus on familiarisation with the material of pre-trial investigation,
on the preparation for search requests and order to do a search, collection of in- advance information,
early distribution of roles and responsibilities during the search, the search time appointment and
preparation of the equipment needed for electronic items collection.
Under the topic on search the investigator actions at crime scene are discussed in detail, the working
search stage is analysing (covers two stage of search – review and detail search as well as recording of
search steps were taken and search results) and the specifics of items fixing/recording are presenting.
At final search stage the special attention is drawn to the proper recording and logging of search results in
order to provide collected evidences to the Court and to be recognised as proofs of crime offence.
After passing through this certification programme a qualification of officers on qualified collection of
electronic objects during proceedings is given – “Collector of electronic objects”.
2. Certification programme „Windows artefacts“
Certification programme is dedicated for information technology specialists and experts during the pre-trial
investigation involved into forensics of electronic items with the most popular and commonly used
Windows operating system (hereinafter - OS).
The main objective of programme is to systematise knowledge, skills and experience of specialists and
experts in performing of pre-trial investigation when investigation of Windows OS is required.
The purpose of the programme is to prepare the qualified specialist able to perform a detailed inspection of
the Windows OS.
Attendees of training on certification programme will gain these competences:





Will able to perform analysis of Windows artefacts
Will able properly to capture and record the found electronic items for next investigation
Will able to perform RAM dump
Will able to work with special forensics tools mentioned in the certification programme
Will able to explain the structure of register of Windows OS
The programme will provide with following knowledge and skills:


The special knowledge about Windows OS artefacts analysis
Knowledge oriented on competence improvement of specialists engaged into forensics at their
work places
The programme presents, how specialised knowledge is used at the forensics, acknowledging with concepts
of specialist and expert, presents what constitute a specialist conclusion and act of expertise, presents the
comparison between the specialist conclusion and act of expertise, explains RAM dump and how to analyse
2
„Co-funded by the Prevention of and Fight against Crime Programme
of the European Union“
RAM, presents the basic structure of RAM and RAM dump methods, explains the structure of Windows
register, explains how RAM content and evidence on Windows register artefacts based forensic and
NTUSER.DAT analysis is performing. The programme introduces the key concepts and terms at the
Windows artefact investigation.
At the presentation of specialist role in investigation process, the concept of specialist is explained as well
as the proceedings on objects investigation, what are functions and empowerments of specialist
participating in this investigation, how the findings of specialist is developing and what legal power it has,
how objects investigation and expertise are carrying out, how the explanations are preparing by the
Lithuanian Police Forensics Centre and by forensics units at the territorial Police offices.
At the presentation of expert role in investigation process, the term of expert is explained, the proceedings
on drawing up the list of experts of the Republic of Lithuania is presented, explains what are rights, duties
and responsibilities of expert, what is an expertise, what is a ground and proceedings for granting an
expertise, how assignment to carry out an expertise by expert person that is not included into the list of
experts, who is elaborating an expertise act and how it shall be done, the comparison between the
specialist and expert roles in investigation process and the comparison between the specialist findings and
expertise act are presented.
The programme presents in detail the RAM structure, RAM management system, the process of virtual
memory formation and the key forensics tools for RAM dump and collection methods, in particular RAM
dump using software and hardware. Consistent steps and actions at analysis of RAM content are aplenty
illustrated and cover the important aspects such as the use of Volatility Framework software and search for
passwords saved in memory.
The programme also introduce the structure of Windows register, the basic of Windows analysis is
presented, explaining how an investigation of Windows artefacts is carry out in live and death systems, how
is performing an access to drive images.
The special attention is drawn to artefacts based evidence forensics that covers an introduction to design
and structure of folders for evidence analysis, to copying of files from image. The forensics analysis on
system’s register files (so called HKLM) is presented in more detail, an explanation how the review of files
with different software tools to be carried out is presenting, what are the key HKLM codes, how and for
what are they used and how this is used in forensics.
The programme includes forensics of user register files (NTUSER.DAT) that covers an identification of user
activities in the system, identification of users access to files, searches done and history of web browsing,
how to access to e-mail and e-mail files and how to carry out an analysis of such information, how to carry
out an analysis thumbnails and recycle bin, presenting the restoring tools.
After passing through this certification programme a qualification of specialist on qualified investigation of
electronic objects in Windows OS is given – “Windows artefacts specialist”.
3
Related documents
PowerPoint slides
PowerPoint slides
MODERN HISTORY PRELIMINARY COURSE
MODERN HISTORY PRELIMINARY COURSE
NSS BIOLOGY
NSS BIOLOGY
OSCE (Answer)
OSCE (Answer)
Unit 22 - People in Computing
Unit 22 - People in Computing
Lamont Holifield`s Power Point for this workshop Sparking a Fire
Lamont Holifield`s Power Point for this workshop Sparking a Fire
ADI: Argument-Driven Inquiry
ADI: Argument-Driven Inquiry
Geography coursework intor and method
Geography coursework intor and method
Download
advertisement