ASTM_E_2678_-_09_2014.pdf

Designation:E267809(Reapproved 2014)Standard Guide forEducation and Training in Computer Forensics1This standard is issued under the fixed designation E2678;the number immediately following the designation indicates the year oforiginal adoption or,in the case of revision,the year of last revision.A number in parentheses indicates the year of last reapproval.Asuperscript epsilon()indicates an editorial change since the last revision or reapproval.1.Scope1.1 This guide will improve and advance computer foren-sics through the development of model curricula consistentwith other forensic science programs.1.2 Section 4 describes the alternative paths by whichstudents may arrive at and move through their professionaltraining.Sections 5 through 7 cover formal educational pro-grams in order of increasing length:a two-year associatedegree,a four-year baccalaureate degree,and graduate degrees.Section 8 provides a framework for academic certificateprograms offered by educational institutions.Section 9 outlinesmodel criteria and implementation approaches for training andcontinuing education opportunities provided by professionalorganizations,vendors,and academic institutions.1.3 Some professional organizations recognize computerforensics,forensic audio,video,and image analysis as subdis-ciplines of computer forensics.However,the curricula andspecific educational training requirements of subdisciplinesother than computer forensics are beyond the scope of thisguide.1.4 This standard does not purport to address all of thesafety concerns,if any,associated with its use.It is theresponsibility of the user of this standard to establish appro-priate safety and health practices and determine the applica-bility of regulatory limitations prior to use.2.Terminology2.1 Definitions of Terms Specific to This Standard:2.1.1 assembler,nsoftware that translates a low-levelprogram into a form that can be executed by a computer.2.1.2 capstone project,ndesign and implementation-oriented project typically completed during the final year of adegree program that requires students to apply and integrateknowledge and skills gained from several courses.2.1.3 central processing unit(CPU),ncomputer chip thatinterprets commands and runs programs.2.1.4 compiler,nsoftware that translates a high-levelprogram into a form that can be executed by a computer.2.1.5 digital forensics,nscience of identifying,collecting,preserving,documenting,examining,and analyzing evidencefrom computer systems,the results of which may be reliedupon in court.2.1.6 cryptography,nusing the sciences of encryption totransform data to hide its information content and decryption torestore the information to its original form.2.1.7 data fusion,nprocess of associating,correlating,andcombining data and information from single and multiplesources.2.1.8 debugger,nsoftware that is used to find faults inprograms.2.1.9 demultiplexing,vprocess of isolating individual im-ages from a video flow.2.1.10 digital evidence,ninformation of probative valuethat is stored or transmitted in binary form that may be reliedupon in court.2.1.11 computer forensics,nscience of identifying,collecting,preserving,documenting,examining,and analyzingevidence from computer systems,networks,and other elec-tronic devices,the results of which may be relied upon in court.2.1.12 distributed denial of service(DDoS),nintentionalparalyzing of a computer or a computer network by flooding itwith data sent simultaneously from many locations.2.1.13 Electronic Communications Privacy Act(ECPA),nregulates interception of wire and electronic communica-tions(18 USC 2510 et seq.)and retrieval of stored wire andelectronic communications(18 USC 2701 et seq.).2.1.14 embedded device,nspecial-purpose computer sys-tem that is completely encapsulated by the device it controls.2.1.15 enterprise system,ncomputer systems or networksor both integral to the operation of a company or large entity,possibly global in scope.2.1.16 ext2/ext3(Linux-extended 2/Linux-extended 3)filesystem,nfile system typically used with Linux-based oper-ating systems.2.1.17 file allocation table(FAT)file system,noriginal filesystem used with Microsoft and IBM-compatible operatingsystems still in common use.1This guide is under the jurisdiction of ASTM Committee E30 on ForensicSciences and is the direct responsibility of Subcommittee E30.12 on Digital andMultimedia Evidence.Current edition approved Oct.1,2014.Published October 2014.Originallyapproved in 2009.Last previous edition approved in 2009 as E2678 09.DOI:10.1520/E2678-09R14.Copyright ASTM International,100 Barr Harbor Drive,PO Box C700,West Conshohocken,PA 19428-2959.United States1 2.1.18 intrusion detection system(IDS),nsoftware orhardware that are used to identify attacks or anomalies oncomputers or networks or both.2.1.19 link analysis,ntype of analysis often used by lawenforcement that uses visual or other means of showingrelationships between people,places,events,and things bylinking them through timeline