Digital First Responder Training
ECTEG and UCD-CCI have developed a Digital First Responders course which was delivered to over 200 Garda Detectives during Q1 of 2020. We are proud to be part of the ongoing commitment by An Garda Siochana (Irish Police Force) Garda National Cyber Crime Bureau to achieving excellence through continued education.
(opens in a new window)Irish Times article Mon, Jan 20, 2020
About the course
The role of the first responder plays a hugely important role in police investigations. Almost any digital device can provide evidence about a suspect’s activity, and law enforcers successfully pursue convictions based on the examination of such devices. However, like any type of evidence, the manner in which digital evidence is seized, transported and examined can be crucial to investigations.
D/Supt Pat Ryan of the Garda National Cyber Crime Bureau (GNCCB) identified a need for competent First Responders in Computer Forensics and Cybercrime Investigations in each of the 109 Garda Districts. The role of the First Responders is critically important in the effective management and collection of digital media at crime scenes. The course was developed by ECTEG and UCD CCI's Gerry Buttner.
The development and delivery of the course is being funded by An Garda Síochána and started with the first of 11 groups in December 2019 and will finish in 2020.
The course covers the following topics:
o Online Investigation Techniques
o Site Search Intelligence
o Digital Forensic Challenges Encryption
o Digital Forensic Challenges Virtual Machines
o Internet Security (VPN)
o Search & Seizure Guidelines
o How to deal with a live computer at search scene.
o Live data forensics using “First”
o Post Search Analysis
o Live Data Forensic (First Tool) Practical
o Final Assessment (practical examination)
It is delivered with a blended learning approach of 10 days self-study using online materials, plus 1 week in class in UCD.
Learning Outcomes
As well as introducing other elements of a cyber-investigation, this course equips participants with the appropriate knowledge, tools and techniques to appropriately identify and seize digital evidence.
-
The Online Content (released at least two weeks before the classroom training) gives students the theory underlying computer forensics and cybercrime investigations, providing them with a strong understanding of key fundamental principles in readiness for the class-based sessions. Participants will begin to learn the importance of their role as First Responders and gain exposure to some techniques and tools that will assist them in various tasks; such as correctly identifying and seizing digital evidence at a crime scene.
-
The classroom sessions provide a learning environment where students can confidently convert theory into practice. Learning is highly practical, and topics include the use of online resources, intelligence gathering tools and applications for live data forensics. Numerous practical exercises, based on the techniques and tools demonstrated, enable participants to become competent and confident First Responders. Futhermore, they develop a good understanding of how digital forensics and online investigations are conducted.
Assessment
The classroom training is complemented by a series of assessments that examine all of the course material, including the pre-course self-study content. A final practical examination assesses the participant's use of sound forensic principles to successfully gather evidence during a live operation.