Welcome
At Fields Associates, we specialise in the recovery of the digital “fingerprints” left by the routine use of computers. Even erased files can be recovered and examined, ensuring that you have all the evidence available to support your investigation.
Established in 1999, we have earned an impressive reputation in the detection, analysis and presentation of computer evidence in the broadest range of criminal activities. These include fraud, extortion, data theft, child pornography and Internet abuse.
Our clients include legal firms, international banks, blue chip companies, law enforcement and military organisations.
Courses > Introduction to Handling and Examining Digital Evidence (1 Day)
Course Title: Introduction to Handling and Examining Digital Evidence
Reference: HEDE1
Duration: 8 Hours
[Courses Calendar]
Course Aim:
The course provides an overview of the guidelines and correct methods for handling and examining Computer Evidence. This involves reviewing ‘best practice’ and ACPO (Association of Chief Police Officers) Guidelines for forensic computer examination, and the common tools and techniques used.
The course also includes a brief insight into the examination of a computer system, focusing on the common areas where evidence is found.
Finally, case studies will be used to highlight the importance of following correct procedures for the examination of computer-based evidence within legal cases.
Topics Covered:
- Correct procedures for the seizure and handling of computer evidence
- Review of ACPO Guidelines for Computer Based Evidence
- Procedures that must be employed during the examination of computer based evidence
- The tools employed when dealing with computer evidence
- Case Studies showing the implications upon cases where correct procedures were not followed
Intended learning outcomes:
Upon completion of the course, students should have a fundamental understanding of how to observe correct procedures for handling and examining digital evidence, and an understanding of the implications of incorrect handling with regards to acceptability in a court of law.
Course Timetable:
| 8.45am | Coffee and Registration |
| 9.00am | Introductions |
| 9.15am |
Handling of Digital Evidence
Summary of Activity An explanation of the correct procedure for handling digital evidence, including a look at the ACPO Guidelines for Computer Based Evidence. A look at the need for a documentary paper trail of computer evidence from the point of seizure to examination by a Computer Forensic Examiner. |
| 10.15am |
Acquisition of Digital Evidence – Theory
Summary of Activity An explanation of the correct procedure for examining digital evidence, including a brief demonstration of the most common software and hardware used. |
| 11.15am | Coffee Break |
| 11.30am |
Acquisition of Digital Evidence – Practical
Summary of Investigation A practical demonstration of the correct procedures employed during the acquisition of computer based evidence. |
| 1.30pm | Lunch |
| 2.00pm |
Examination of Digital Evidence
Summary of Investigation A practical demonstration of the techniques and software employed during the forensic examination of a computer system, and a look at the areas most likely to contain evidence (e.g. Temporary Internet Files, Unallocated Clusters). |
| 3.30pm | Coffee Break |
| 3.45pm |
Case Study
Summary of Activity A look at the serious implications upon two actual cases where ACPO Guidelines were not followed for the correct storage, continuity and acquisition of evidence. |
| 5.30pm | Summary of Day, Questions |
| 6.00pm | Close |
Certification: CPD