certification application [charter] · ccce 10 year 110118 p a g e | 6 of 15 certification...
TRANSCRIPT
CCCE 10 Year 110118 P a g e | 1 of 15
Certification Application –[Charter] Certified Cyber Crime Examiner (CCCE)
Available for professionals in both law enforcement and the private sector, this certification attests to the holder’s
competence in the proper digital forensic techniques and best practices for working with digital evidence. Holders of this
certification have successfully demonstrated their knowledge, skills and abilities in the identification and proper
handling of digital evidence; types of digital hardware technologies; common file systems; best practices in forensic
imaging; documenting and reporting; and legal considerations.
Your Information
Name:
Phone Number:
Email Address:
Qualifications of Competence
Relevant Employment Experience
In order to qualify for CCCE charter certification, the applicant must demonstrate evidence of ten (10) years of current
relevant employment experience. Begin with the most recent. A current resume and/or curriculum vitae is required.
1. Employment Information
Agency/Company Name:
Job Title:
Total Years of Experience:
Supervisor Name:
Supervisor Phone:
Start Date:
End Date:
CCCE Employment Job Task Analysis
Check the corresponding boxes of all relevant domain job tasks you perform(ed) within this position ensuring your
required, current resume and/or curriculum vitae sufficiently attest(s) to your competencies.
Domain
1. Technologies
1.1. Bit, nibble, byte, word, dword, qword
1.2. Hexadecimal
1.3. ASCII, Unicode
1.4. Common forensic terms
1.5. Drive technologies:
1.5.1. IDE
1.5.2. SATA
1.5.3. Solid State
CCCE 10 Year 110118 P a g e | 2 of 15
Certification Application –[Charter] Certified Cyber Crime Examiner (CCCE)
1.5.4. SAS
1.5.5. RAIDs
1.6. Firmware:
1.6.1. BIOS
1.6.2. UEFI
1.7. Drive Layout
1.7.1. Magnetic Storage
1.7.2. Solid State
1.7.3. Physical drives
1.7.4. Logical drives
1.7.5. Partitioning Schemes
1.8. Random Access Memory
2. Digital Evidence Handling
2.1. Seizing Evidence
2.1.1. Identifying evidence
2.1.2. Preserving evidence
2.1.3. Documenting the scene
2.2. On-scene Preview
2.2.1. Triage/preview
2.2.2. Live
2.2.3. Dead box
3. Forensic Imaging
3.1. Imaging Types
3.1.1. Duplicate image
3.1.2. File copy
3.1.3. Physical image
3.1.4. Logical image
3.2. Write-blockers
3.2.1. HW
3.2.2. SW
3.3. Hashing
3.3.1. Algorithms
3.4. Imaging best practices on various digital media
3.4.1. HDD
3.4.2. SDD
3.4.3. USB
3.4.4. CD/DVD
CCCE 10 Year 110118 P a g e | 3 of 15
Certification Application –[Charter] Certified Cyber Crime Examiner (CCCE)
3.4.5. Memory cards
3.4.6. Cloud
3.5. Imaging Process
3.5.1. Hash, image/hash, re-hash
3.5.2. Documenting process
3.5.3. Image file formats
3.6. Advanced imaging issues
3.6.1. Password protected drives
3.6.2. Damaged media
3.6.3. HPA
3.6.4. DCO
3.6.5. SSD
3.6.6. RAIDs
4. File System Forensics
4.1. File Allocation Table (FAT)
4.1.1. File system components
4.1.2. Differences between FAT16 & FAT32
4.1.3. Saving files/directories
4.1.4. Deleting files/directories
4.2. New Technology File System (NTFS)
4.2.1. Architecture
4.2.2. File Structure
4.2.3. Saving files/directories
4.2.4. Deleting files/directories
4.3. HFS+
4.3.1. Architecture
4.3.2. File Structure
4.4. EXT4
4.4.1. Architecture
4.4.2. File Structure
4.5. ExFAT
4.5.1. Architecture
4.5.2. File Structure
5. Forensic Concepts
5.1. Hashing
5.1.1. File hashing
5.1.2. Hashing algorithms
5.1.3. Hash definition
CCCE 10 Year 110118 P a g e | 4 of 15
Certification Application –[Charter] Certified Cyber Crime Examiner (CCCE)
5.1.4. Hash elimination
5.1.5. Fuzzy hashing
5.2. File headers
5.2.1. Forensic uses for file headers
5.2.2. Common file headers
5.2.3. File footers
5.3. Data carving
5.3.1. Uses
5.3.2. Techniques
5.4. Keyword Search
5.4.1. ASCII
5.4.2. Unicode
5.4.3. Foreign languages
5.4.4. GREP
5.5. Metadata
5.5.1. What is metadata
5.5.2. File metadata
5.5.3. Office document metadata
5.5.4. PDF
5.5.5. EXIF
5.6. Encryption
5.6.1. Definition
5.6.2. Algorithms
5.6.3. Uses
5.6.4. Processing options
Enter any additional information you deem applicable to this position.
CCCE 10 Year 110118 P a g e | 5 of 15
Certification Application –[Charter] Certified Cyber Crime Examiner (CCCE)
2. Employment Information
Agency/Company Name:
Job Title:
Total Years of Experience:
Supervisor Name:
Supervisor Phone:
Start Date:
End Date:
CCCE Employment Job Task Analysis
Check the corresponding boxes of all relevant domain job tasks you performed within this position ensuring your required, current resume and/or curriculum vitae sufficiently attest(s) to your competencies.
Domain
1. Technologies
1.1. Bit, nibble, byte, word, dword, qword
1.2. Hexadecimal
1.3. ASCII, Unicode
1.4. Common forensic terms
1.5. Drive technologies:
1.5.1. IDE
1.5.2. SATA
1.5.3. Solid State
1.5.4. SAS
1.5.5. RAIDs
1.6. Firmware:
1.6.1. BIOS
1.6.2. UEFI
1.7. Drive Layout
1.7.1. Magnetic Storage
1.7.2. Solid State
1.7.3. Physical drives
1.7.4. Logical drives
1.7.5. Partitioning Schemes
1.8. Random Access Memory
2. Digital Evidence Handling
2.1. Seizing Evidence
2.1.1. Identifying evidence
CCCE 10 Year 110118 P a g e | 6 of 15
Certification Application –[Charter] Certified Cyber Crime Examiner (CCCE)
2.1.2. Preserving evidence
2.1.3. Documenting the scene
2.2. On-scene Preview
2.2.1. Triage/preview
2.2.2. Live
2.2.3. Dead box
3. Forensic Imaging
3.1. Imaging Types
3.1.1. Duplicate image
3.1.2. File copy
3.1.3. Physical image
3.1.4. Logical image
3.2. Write-blockers
3.2.1. HW
3.2.2. SW
3.3. Hashing
3.3.1. Algorithms
3.4. Imaging best practices on various digital media
3.4.1. HDD
3.4.2. SDD
3.4.3. USB
3.4.4. CD/DVD
3.4.5. Memory cards
3.4.6. Cloud
3.5. Imaging Process
3.5.1. Hash, image/hash, re-hash
3.5.2. Documenting process
3.5.3. Image file formats
3.6. Advanced imaging issues
3.6.1. Password protected drives
3.6.2. Damaged media
3.6.3. HPA
3.6.4. DCO
3.6.5. SSD
3.6.6. RAIDs
4. File System Forensics
4.1. File Allocation Table (FAT)
4.1.1. File system components
CCCE 10 Year 110118 P a g e | 7 of 15
Certification Application –[Charter] Certified Cyber Crime Examiner (CCCE)
4.1.2. Differences between FAT16 & FAT32
4.1.3. Saving files/directories
4.1.4. Deleting files/directories
4.2. New Technology File System (NTFS)
4.2.1. Architecture
4.2.2. File Structure
4.2.3. Saving files/directories
4.2.4. Deleting files/directories
4.3. HFS+
4.3.1. Architecture
4.3.2. File Structure
4.4. EXT4
4.4.1. Architecture
4.4.2. File Structure
4.5. ExFAT
4.5.1. Architecture
4.5.2. File Structure
5. Forensic Concepts
5.1. Hashing
5.1.1. File hashing
5.1.2. Hashing algorithms
5.1.3. Hash definition
5.1.4. Hash elimination
5.1.5. Fuzzy hashing
5.2. File headers
5.2.1. Forensic uses for file headers
5.2.2. Common file headers
5.2.3. File footers
5.3. Data carving
5.3.1. Uses
5.3.2. Techniques
5.4. Keyword Search
5.4.1. ASCII
5.4.2. Unicode
5.4.3. Foreign languages
5.4.4. GREP
CCCE 10 Year 110118 P a g e | 8 of 15
Certification Application –[Charter] Certified Cyber Crime Examiner (CCCE)
5.5. Metadata
5.5.1. What is metadata
5.5.2. File metadata
5.5.3. Office document metadata
5.5.4. PDF
5.5.5. EXIF
5.6. Encryption
5.6.1. Definition
5.6.2. Algorithms
5.6.3. Uses
5.6.4. Processing options
Enter any additional information you deem applicable to this position.
CCCE 10 Year 110118 P a g e | 9 of 15
Certification Application –[Charter] Certified Cyber Crime Examiner (CCCE)
3. Employment Information
Agency/Company Name:
Job Title:
Total Years of Experience:
Supervisor Name:
Supervisor Phone:
Start Date:
End Date:
CCCE Employment Job Task Analysis
Check the corresponding boxes of all relevant domain job tasks you performed within this position ensuring your required, current resume and/or curriculum vitae sufficiently attest(s) to your competencies.
Domains
1. Technologies
1.1. Bit, nibble, byte, word, dword, qword
1.2. Hexadecimal
1.3. ASCII, Unicode
1.4. Common forensic terms
1.5. Drive technologies:
1.5.1. IDE
1.5.2. SATA
1.5.3. Solid State
1.5.4. SAS
1.5.5. RAIDs
1.6. Firmware:
1.6.1. BIOS
1.6.2. UEFI
1.7. Drive Layout
1.7.1. Magnetic Storage
1.7.2. Solid State
1.7.3. Physical drives
1.7.4. Logical drives
1.7.5. Partitioning Schemes
1.8. Random Access Memory
2. Digital Evidence Handling
2.1. Seizing Evidence
2.1.1. Identifying evidence
CCCE 10 Year 110118 P a g e | 10 of 15
Certification Application –[Charter] Certified Cyber Crime Examiner (CCCE)
2.1.2. Preserving evidence
2.1.3. Documenting the scene
2.2. On-scene Preview
2.2.1. Triage/preview
2.2.2. Live
2.2.3. Dead box
3. Forensic Imaging
3.1. Imaging Types
3.1.1. Duplicate image
3.1.2. File copy
3.1.3. Physical image
3.1.4. Logical image
3.2. Write-blockers
3.2.1. HW
3.2.2. SW
3.3. Hashing
3.3.1. Algorithms
3.4. Imaging best practices on various digital media
3.4.1. HDD
3.4.2. SDD
3.4.3. USB
3.4.4. CD/DVD
3.4.5. Memory cards
3.4.6. Cloud
3.5. Imaging Process
3.5.1. Hash, image/hash, re-hash
3.5.2. Documenting process
3.5.3. Image file formats
3.6. Advanced imaging issues
3.6.1. Password protected drives
3.6.2. Damaged media
3.6.3. HPA
3.6.4. DCO
3.6.5. SSD
3.6.6. RAIDs
4. File System Forensics
4.1. File Allocation Table (FAT)
4.1.1. File system components
CCCE 10 Year 110118 P a g e | 11 of 15
Certification Application –[Charter] Certified Cyber Crime Examiner (CCCE)
4.1.2. Differences between FAT16 & FAT32
4.1.3. Saving files/directories
4.1.4. Deleting files/directories
4.2. New Technology File System (NTFS)
4.2.1. Architecture
4.2.2. File Structure
4.2.3. Saving files/directories
4.2.4. Deleting files/directories
4.3. HFS+
4.3.1. Architecture
4.3.2. File Structure
4.4. EXT4
4.4.1. Architecture
4.4.2. File Structure
4.5. ExFAT
4.5.1. Architecture
4.5.2. File Structure
5. Forensic Concepts
5.1. Hashing
5.1.1. File hashing
5.1.2. Hashing algorithms
5.1.3. Hash definition
5.1.4. Hash elimination
5.1.5. Fuzzy hashing
5.2. File headers
5.2.1. Forensic uses for file headers
5.2.2. Common file headers
5.2.3. File footers
5.3. Data carving
5.3.1. Uses
5.3.2. Techniques
5.4. Keyword Search
5.4.1. ASCII
5.4.2. Unicode
5.4.3. Foreign languages
5.4.4. GREP
5.5. Metadata
5.5.1. What is metadata
CCCE 10 Year 110118 P a g e | 12 of 15
Certification Application –[Charter] Certified Cyber Crime Examiner (CCCE)
5.5.2. File metadata
5.5.3. Office document metadata
5.5.4. PDF
5.5.5. EXIF
5.6. Encryption
5.6.1. Definition
5.6.2. Algorithms
5.6.3. Uses
5.6.4. Processing options
Enter any additional information you deem applicable to this position.
CCCE 10 Year 110118 P a g e | 13 of 15
Certification Application –[Charter] Certified Cyber Crime Examiner (CCCE)
Training/Continuing Education
The applicant must document 60 hours of relevant training successfully completed within the last three (3) years. For
each training event, provide the requested information along with proof of successful completion of the course; i.e., a
certificate of completion or an academic transcript.
Training Event
Training Provider:
Class Name:
Credit Hours:
Start Date:
End Date:
Training Event
Training Provider:
Class Name:
Credit Hours:
Start Date:
End Date:
Training Event
Training Provider:
Class Name:
Credit Hours:
Start Date:
End Date:
Training Event
Training Provider:
Class Name:
Credit Hours:
Start Date:
End Date:
Training Event
Training Provider:
Class Name:
Credit Hours:
Start Date:
End Date:
CCCE 10 Year 110118 P a g e | 14 of 15
Certification Application –[Charter] Certified Cyber Crime Examiner (CCCE)
Training Event
Training Provider:
Class Name:
Credit Hours:
Start Date:
End Date:
Training Event
Training Provider:
Class Name:
Credit Hours:
Start Date:
End Date:
Training Event
Training Provider:
Class Name:
Credit Hours:
Start Date:
End Date:
Training Event
Training Provider:
Class Name:
Credit Hours:
Start Date:
End Date:
Training Event
Training Provider:
Class Name:
Credit Hours:
Start Date:
End Date:
Training Event
Training Provider:
Class Name:
Credit Hours:
Start Date:
End Date:
CCCE 10 Year 110118 P a g e | 15 of 15
Certification Application –[Charter] Certified Cyber Crime Examiner (CCCE)
Training Event
Training Provider:
Class Name:
Credit Hours:
Start Date:
End Date:
Training Event
Training Provider:
Class Name:
Credit Hours:
Start Date:
End Date:
Training Event
Training Provider:
Class Name:
Credit Hours:
Start Date:
End Date:
Training Event
Training Provider:
Class Name:
Credit Hours:
Start Date:
End Date:
Training Event
Training Provider:
Class Name:
Credit Hours:
Start Date:
End Date:
Training Event
Training Provider:
Class Name:
Credit Hours:
Start Date:
End Date: