List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.
The candidate must demonstrate the ability to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including evidence of the ability to:
identify, acquire and analyse digital forensic data from at least three device types, according to a reported incident.
In the course of the above, the candidate must:
document analysis findings
adhere to required organisational and legislative guidelines.
The candidate must be able to demonstrate knowledge to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including knowledge of:
industry standard legislation and organisational procedures relating to acquiring digital forensic data, including
privacy standards and policies
data standards and policies
internet and user identification protocols
mobile technology protocols
data extraction methodologies and seizure techniques on a variety of devices, including how not to damage or destroy digital evidence
features and markers of hashing
communication investigation techniques
functions and features of computer systems and data stores
data logs, including server, network and firewall logs
function and features of system back ups
data extraction and forensic copying techniques
file formats including structures, locations and file systems
data acquisition, identification and extraction methodologies including:
industry standard forensic tools
non-invasive and invasive methodologies.
Skills in this unit must be demonstrated in a workplace or simulated environment where the conditions are typical of those in a working environment in this industry.
This includes access to:
three or more devices with data required for data extraction tasks
forensic software tools required to extract data from device
legislative and organisational procedures and requirements relating to the acquisition of digital forensic data.
Assessors of this unit must satisfy the requirements for assessors in applicable vocational education and training legislation, frameworks and/or standards.