certification application [charter] · ccce 10 year 110118 p a g e | 6 of 15 certification...

CCCE 10 Year 110118 P a g e | 1 of 15

Certification Application –[Charter] Certified Cyber Crime Examiner (CCCE)

Available for professionals in both law enforcement and the private sector, this certification attests to the holder’s

competence in the proper digital forensic techniques and best practices for working with digital evidence. Holders of this

certification have successfully demonstrated their knowledge, skills and abilities in the identification and proper

handling of digital evidence; types of digital hardware technologies; common file systems; best practices in forensic

imaging; documenting and reporting; and legal considerations.

Your Information

Name:

Phone Number:

Email Address:

Qualifications of Competence

Relevant Employment Experience

In order to qualify for CCCE charter certification, the applicant must demonstrate evidence of ten (10) years of current

relevant employment experience. Begin with the most recent. A current resume and/or curriculum vitae is required.

1. Employment Information

Agency/Company Name:

Job Title:

Total Years of Experience:

Supervisor Name:

Supervisor Phone:

Start Date:

End Date:

CCCE Employment Job Task Analysis

Check the corresponding boxes of all relevant domain job tasks you perform(ed) within this position ensuring your

required, current resume and/or curriculum vitae sufficiently attest(s) to your competencies.

Domain

1. Technologies

1.1. Bit, nibble, byte, word, dword, qword

1.2. Hexadecimal

1.3. ASCII, Unicode

1.4. Common forensic terms

1.5. Drive technologies:

1.5.1. IDE

1.5.2. SATA

1.5.3. Solid State

CCCE 10 Year 110118 P a g e | 2 of 15

Certification Application –[Charter] Certified Cyber Crime Examiner (CCCE)

1.5.4. SAS

1.5.5. RAIDs

1.6. Firmware:

1.6.1. BIOS

1.6.2. UEFI

1.7. Drive Layout

1.7.1. Magnetic Storage

1.7.2. Solid State

1.7.3. Physical drives

1.7.4. Logical drives

1.7.5. Partitioning Schemes

1.8. Random Access Memory

2. Digital Evidence Handling

2.1. Seizing Evidence

2.1.1. Identifying evidence

2.1.2. Preserving evidence

2.1.3. Documenting the scene

2.2. On-scene Preview

2.2.1. Triage/preview

2.2.2. Live

2.2.3. Dead box

3. Forensic Imaging

3.1. Imaging Types

3.1.1. Duplicate image

3.1.2. File copy

3.1.3. Physical image

3.1.4. Logical image

3.2. Write-blockers

3.2.1. HW

3.2.2. SW

3.3. Hashing

3.3.1. Algorithms

3.4. Imaging best practices on various digital media

3.4.1. HDD

3.4.2. SDD

3.4.3. USB

3.4.4. CD/DVD

CCCE 10 Year 110118 P a g e | 3 of 15

Certification Application –[Charter] Certified Cyber Crime Examiner (CCCE)

3.4.5. Memory cards

3.4.6. Cloud

3.5. Imaging Process

3.5.1. Hash, image/hash, re-hash

3.5.2. Documenting process

3.5.3. Image file formats

3.6. Advanced imaging issues

3.6.1. Password protected drives

3.6.2. Damaged media

3.6.3. HPA

3.6.4. DCO

3.6.5. SSD

3.6.6. RAIDs

4. File System Forensics

4.1. File Allocation Table (FAT)

4.1.1. File system components

4.1.2. Differences between FAT16 & FAT32

4.1.3. Saving files/directories

4.1.4. Deleting files/directories

4.2. New Technology File System (NTFS)

4.2.1. Architecture

4.2.2. File Structure

4.2.3. Saving files/directories

4.2.4. Deleting files/directories

4.3. HFS+

4.3.1. Architecture

4.3.2. File Structure

4.4. EXT4

4.4.1. Architecture

4.4.2. File Structure

4.5. ExFAT

4.5.1. Architecture

4.5.2. File Structure

5. Forensic Concepts

5.1. Hashing

5.1.1. File hashing

5.1.2. Hashing algorithms

5.1.3. Hash definition

CCCE 10 Year 110118 P a g e | 4 of 15

Certification Application –[Charter] Certified Cyber Crime Examiner (CCCE)

5.1.4. Hash elimination

5.1.5. Fuzzy hashing

5.2. File headers

5.2.1. Forensic uses for file headers

5.2.2. Common file headers

5.2.3. File footers

5.3. Data carving

5.3.1. Uses

5.3.2. Techniques

5.4. Keyword Search

5.4.1. ASCII

5.4.2. Unicode

5.4.3. Foreign languages

5.4.4. GREP

5.5. Metadata

5.5.1. What is metadata

5.5.2. File metadata

5.5.3. Office document metadata

5.5.4. PDF

5.5.5. EXIF

5.6. Encryption

5.6.1. Definition

5.6.2. Algorithms

5.6.3. Uses

5.6.4. Processing options

Enter any additional information you deem applicable to this position.

CCCE 10 Year 110118 P a g e | 5 of 15

Certification Application –[Charter] Certified Cyber Crime Examiner (CCCE)

2. Employment Information

Agency/Company Name:

Job Title:

Total Years of Experience:

Supervisor Name:

Supervisor Phone:

Start Date:

End Date:

CCCE Employment Job Task Analysis

Check the corresponding boxes of all relevant domain job tasks you performed within this position ensuring your required, current resume and/or curriculum vitae sufficiently attest(s) to your competencies.

Domain

1. Technologies

1.1. Bit, nibble, byte, word, dword, qword

1.2. Hexadecimal

1.3. ASCII, Unicode

1.4. Common forensic terms

1.5. Drive technologies:

1.5.1. IDE

1.5.2. SATA

1.5.3. Solid State

1.5.4. SAS

1.5.5. RAIDs

1.6. Firmware:

1.6.1. BIOS

1.6.2. UEFI

1.7. Drive Layout

1.7.1. Magnetic Storage

1.7.2. Solid State

1.7.3. Physical drives

1.7.4. Logical drives

1.7.5. Partitioning Schemes

1.8. Random Access Memory

2. Digital Evidence Handling

2.1. Seizing Evidence

2.1.1. Identifying evidence

CCCE 10 Year 110118 P a g e | 6 of 15

Certification Application –[Charter] Certified Cyber Crime Examiner (CCCE)

2.1.2. Preserving evidence

2.1.3. Documenting the scene

2.2. On-scene Preview

2.2.1. Triage/preview

2.2.2. Live

2.2.3. Dead box

3. Forensic Imaging

3.1. Imaging Types

3.1.1. Duplicate image

3.1.2. File copy

3.1.3. Physical image

3.1.4. Logical image

3.2. Write-blockers

3.2.1. HW

3.2.2. SW

3.3. Hashing

3.3.1. Algorithms

3.4. Imaging best practices on various digital media

3.4.1. HDD

3.4.2. SDD

3.4.3. USB

3.4.4. CD/DVD

3.4.5. Memory cards

3.4.6. Cloud

3.5. Imaging Process

3.5.1. Hash, image/hash, re-hash

3.5.2. Documenting process

3.5.3. Image file formats

3.6. Advanced imaging issues

3.6.1. Password protected drives

3.6.2. Damaged media

3.6.3. HPA

3.6.4. DCO

3.6.5. SSD

3.6.6. RAIDs

4. File System Forensics

4.1. File Allocation Table (FAT)

4.1.1. File system components

CCCE 10 Year 110118 P a g e | 7 of 15

Certification Application –[Charter] Certified Cyber Crime Examiner (CCCE)

4.1.2. Differences between FAT16 & FAT32

4.1.3. Saving files/directories

4.1.4. Deleting files/directories

4.2. New Technology File System (NTFS)

4.2.1. Architecture

4.2.2. File Structure

4.2.3. Saving files/directories

4.2.4. Deleting files/directories

4.3. HFS+

4.3.1. Architecture

4.3.2. File Structure

4.4. EXT4

4.4.1. Architecture

4.4.2. File Structure

4.5. ExFAT

4.5.1. Architecture

4.5.2. File Structure

5. Forensic Concepts

5.1. Hashing

5.1.1. File hashing

5.1.2. Hashing algorithms

5.1.3. Hash definition

5.1.4. Hash elimination

5.1.5. Fuzzy hashing

5.2. File headers

5.2.1. Forensic uses for file headers

5.2.2. Common file headers

5.2.3. File footers

5.3. Data carving

5.3.1. Uses

5.3.2. Techniques

5.4. Keyword Search

5.4.1. ASCII

5.4.2. Unicode

5.4.3. Foreign languages

5.4.4. GREP

CCCE 10 Year 110118 P a g e | 8 of 15

Certification Application –[Charter] Certified Cyber Crime Examiner (CCCE)

5.5. Metadata

5.5.1. What is metadata

5.5.2. File metadata

5.5.3. Office document metadata

5.5.4. PDF

5.5.5. EXIF

5.6. Encryption

5.6.1. Definition

5.6.2. Algorithms

5.6.3. Uses

5.6.4. Processing options

Enter any additional information you deem applicable to this position.

CCCE 10 Year 110118 P a g e | 9 of 15

Certification Application –[Charter] Certified Cyber Crime Examiner (CCCE)

3. Employment Information

Agency/Company Name:

Job Title:

Total Years of Experience:

Supervisor Name:

Supervisor Phone:

Start Date:

End Date:

CCCE Employment Job Task Analysis

Check the corresponding boxes of all relevant domain job tasks you performed within this position ensuring your required, current resume and/or curriculum vitae sufficiently attest(s) to your competencies.

Domains

1. Technologies

1.1. Bit, nibble, byte, word, dword, qword

1.2. Hexadecimal

1.3. ASCII, Unicode

1.4. Common forensic terms

1.5. Drive technologies:

1.5.1. IDE

1.5.2. SATA

1.5.3. Solid State

1.5.4. SAS

1.5.5. RAIDs

1.6. Firmware:

1.6.1. BIOS

1.6.2. UEFI

1.7. Drive Layout

1.7.1. Magnetic Storage

1.7.2. Solid State

1.7.3. Physical drives

1.7.4. Logical drives

1.7.5. Partitioning Schemes

1.8. Random Access Memory

2. Digital Evidence Handling

2.1. Seizing Evidence

2.1.1. Identifying evidence

CCCE 10 Year 110118 P a g e | 10 of 15

Certification Application –[Charter] Certified Cyber Crime Examiner (CCCE)

2.1.2. Preserving evidence

2.1.3. Documenting the scene

2.2. On-scene Preview

2.2.1. Triage/preview

2.2.2. Live

2.2.3. Dead box

3. Forensic Imaging

3.1. Imaging Types

3.1.1. Duplicate image

3.1.2. File copy

3.1.3. Physical image

3.1.4. Logical image

3.2. Write-blockers

3.2.1. HW

3.2.2. SW

3.3. Hashing

3.3.1. Algorithms

3.4. Imaging best practices on various digital media

3.4.1. HDD

3.4.2. SDD

3.4.3. USB

3.4.4. CD/DVD

3.4.5. Memory cards

3.4.6. Cloud

3.5. Imaging Process

3.5.1. Hash, image/hash, re-hash

3.5.2. Documenting process

3.5.3. Image file formats

3.6. Advanced imaging issues

3.6.1. Password protected drives

3.6.2. Damaged media

3.6.3. HPA

3.6.4. DCO

3.6.5. SSD

3.6.6. RAIDs

4. File System Forensics

4.1. File Allocation Table (FAT)

4.1.1. File system components

CCCE 10 Year 110118 P a g e | 11 of 15

Certification Application –[Charter] Certified Cyber Crime Examiner (CCCE)

4.1.2. Differences between FAT16 & FAT32

4.1.3. Saving files/directories

4.1.4. Deleting files/directories

4.2. New Technology File System (NTFS)

4.2.1. Architecture

4.2.2. File Structure

4.2.3. Saving files/directories

4.2.4. Deleting files/directories

4.3. HFS+

4.3.1. Architecture

4.3.2. File Structure

4.4. EXT4

4.4.1. Architecture

4.4.2. File Structure

4.5. ExFAT

4.5.1. Architecture

4.5.2. File Structure

5. Forensic Concepts

5.1. Hashing

5.1.1. File hashing

5.1.2. Hashing algorithms

5.1.3. Hash definition

5.1.4. Hash elimination

5.1.5. Fuzzy hashing

5.2. File headers

5.2.1. Forensic uses for file headers

5.2.2. Common file headers

5.2.3. File footers

5.3. Data carving

5.3.1. Uses

5.3.2. Techniques

5.4. Keyword Search

5.4.1. ASCII

5.4.2. Unicode

5.4.3. Foreign languages

5.4.4. GREP

5.5. Metadata

5.5.1. What is metadata

CCCE 10 Year 110118 P a g e | 12 of 15

Certification Application –[Charter] Certified Cyber Crime Examiner (CCCE)

5.5.2. File metadata

5.5.3. Office document metadata

5.5.4. PDF

5.5.5. EXIF

5.6. Encryption

5.6.1. Definition

5.6.2. Algorithms

5.6.3. Uses

5.6.4. Processing options

Enter any additional information you deem applicable to this position.

CCCE 10 Year 110118 P a g e | 13 of 15

Certification Application –[Charter] Certified Cyber Crime Examiner (CCCE)

Training/Continuing Education

The applicant must document 60 hours of relevant training successfully completed within the last three (3) years. For

each training event, provide the requested information along with proof of successful completion of the course; i.e., a

certificate of completion or an academic transcript.

Training Event

Training Provider:

Class Name:

Credit Hours:

Start Date:

End Date:

Training Event

Training Provider:

Class Name:

Credit Hours:

Start Date:

End Date:

Training Event

Training Provider:

Class Name:

Credit Hours:

Start Date:

End Date:

Training Event

Training Provider:

Class Name:

Credit Hours:

Start Date:

End Date:

Training Event

Training Provider:

Class Name:

Credit Hours:

Start Date:

End Date:

CCCE 10 Year 110118 P a g e | 14 of 15

Certification Application –[Charter] Certified Cyber Crime Examiner (CCCE)

Training Event

Training Provider:

Class Name:

Credit Hours:

Start Date:

End Date:

Training Event

Training Provider:

Class Name:

Credit Hours:

Start Date:

End Date:

Training Event

Training Provider:

Class Name:

Credit Hours:

Start Date:

End Date:

Training Event

Training Provider:

Class Name:

Credit Hours:

Start Date:

End Date:

Training Event

Training Provider:

Class Name:

Credit Hours:

Start Date:

End Date:

Training Event

Training Provider:

Class Name:

Credit Hours:

Start Date:

End Date:

CCCE 10 Year 110118 P a g e | 15 of 15

Certification Application –[Charter] Certified Cyber Crime Examiner (CCCE)

Training Event

Training Provider:

Class Name:

Credit Hours:

Start Date:

End Date:

Training Event

Training Provider:

Class Name:

Credit Hours:

Start Date:

End Date:

Training Event

Training Provider:

Class Name:

Credit Hours:

Start Date:

End Date:

Training Event

Training Provider:

Class Name:

Credit Hours:

Start Date:

End Date:

Training Event

Training Provider:

Class Name:

Credit Hours:

Start Date:

End Date:

Training Event

Training Provider:

Class Name:

Credit Hours:

Start Date:

End Date: