欢迎来到麦多课文档分享! | 帮助中心 海量文档,免费浏览,给你所需,享你所想!
麦多课文档分享
全部分类
  • 标准规范>
  • 教学课件>
  • 考试资料>
  • 办公文档>
  • 学术论文>
  • 行业资料>
  • 易语言源码>
  • ImageVerifierCode 换一换
    首页 麦多课文档分享 > 资源分类 > PDF文档下载
    分享到微信 分享到微博 分享到QQ空间

    ASTM E2678-2009(2014) Standard Guide for Education and Training in Computer Forensics《计算机取证的教育和培训的标准指南》.pdf

    • 资源ID:531678       资源大小:219.03KB        全文页数:20页
    • 资源格式: PDF        下载积分:5000积分
    快捷下载 游客一键下载
    账号登录下载
    微信登录下载
    二维码
    微信扫一扫登录
    下载资源需要5000积分(如需开发票,请勿充值!)
    邮箱/手机:
    温馨提示:
    如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
    如需开发票,请勿充值!如填写123,账号就是123,密码也是123。
    支付方式: 支付宝扫码支付    微信扫码支付   
    验证码:   换一换

    加入VIP,交流精品资源
     
    账号:
    密码:
    验证码:   换一换
      忘记密码?
        
    友情提示
    2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
    3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
    4、本站资源下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。
    5、试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。

    ASTM E2678-2009(2014) Standard Guide for Education and Training in Computer Forensics《计算机取证的教育和培训的标准指南》.pdf

    1、Designation: E2678 09 (Reapproved 2014)Standard Guide forEducation and Training in Computer Forensics1This standard is issued under the fixed designation E2678; the number immediately following the designation indicates the year oforiginal adoption or, in the case of revision, the year of last revis

    2、ion. A number in parentheses indicates the year of last reapproval. Asuperscript epsilon () indicates an editorial change since the last revision or reapproval.1. Scope1.1 This guide will improve and advance computer foren-sics through the development of model curricula consistentwith other forensic

    3、 science programs.1.2 Section 4 describes the alternative paths by whichstudents may arrive at and move through their professionaltraining. Sections 5 through 7 cover formal educational pro-grams in order of increasing length: a two- year associatedegree, a four-year baccalaureate degree, and gradua

    4、te degrees.Section 8 provides a framework for academic certificateprograms offered by educational institutions. Section 9 outlinesmodel criteria and implementation approaches for training andcontinuing education opportunities provided by professionalorganizations, vendors, and academic institutions.

    5、1.3 Some professional organizations recognize computerforensics, forensic audio, video, and image analysis as subdis-ciplines of computer forensics. However, the curricula andspecific educational training requirements of subdisciplinesother than computer forensics are beyond the scope of thisguide.1

    6、.4 This standard does not purport to address all of thesafety concerns, if any, associated with its use. It is theresponsibility of the user of this standard to establish appro-priate safety and health practices and determine the applica-bility of regulatory limitations prior to use.2. Terminology2.

    7、1 Definitions of Terms Specific to This Standard:2.1.1 assembler, nsoftware that translates a low-levelprogram into a form that can be executed by a computer.2.1.2 capstone project, ndesign and implementation-oriented project typically completed during the final year of adegree program that requires

    8、 students to apply and integrateknowledge and skills gained from several courses.2.1.3 central processing unit (CPU), ncomputer chip thatinterprets commands and runs programs.2.1.4 compiler, nsoftware that translates a high- levelprogram into a form that can be executed by a computer.2.1.5 digital f

    9、orensics, nscience of identifying, collecting,preserving, documenting, examining, and analyzing evidencefrom computer systems, the results of which may be reliedupon in court.2.1.6 cryptography, nusing the sciences of encryption totransform data to hide its information content and decryption toresto

    10、re the information to its original form.2.1.7 data fusion, nprocess of associating, correlating, andcombining data and information from single and multiplesources.2.1.8 debugger, nsoftware that is used to find faults inprograms.2.1.9 demultiplexing, vprocess of isolating individual im-ages from a vi

    11、deo flow.2.1.10 digital evidence, ninformation of probative valuethat is stored or transmitted in binary form that may be reliedupon in court.2.1.11 computer forensics, nscience of identifying,collecting, preserving, documenting, examining, and analyzingevidence from computer systems, networks, and

    12、other elec-tronic devices, the results of which may be relied upon in court.2.1.12 distributed denial of service (DDoS), nintentionalparalyzing of a computer or a computer network by flooding itwith data sent simultaneously from many locations.2.1.13 Electronic Communications Privacy Act (ECPA),nreg

    13、ulates interception of wire and electronic communica-tions (18 USC 2510 et seq.) and retrieval of stored wire andelectronic communications (18 USC 2701 et seq.).2.1.14 embedded device, nspecial-purpose computer sys-tem that is completely encapsulated by the device it controls.2.1.15 enterprise syste

    14、m, ncomputer systems or networksor both integral to the operation of a company or large entity,possibly global in scope.2.1.16 ext2/ext3 (Linux-extended 2/Linux-extended 3) filesystem, nfile system typically used with Linux-based oper-ating systems.2.1.17 file allocation table (FAT) file system, nor

    15、iginal filesystem used with Microsoft and IBM-compatible operatingsystems still in common use.1This guide is under the jurisdiction of ASTM Committee E30 on ForensicSciences and is the direct responsibility of Subcommittee E30.12 on Digital andMultimedia Evidence.Current edition approved Oct. 1, 201

    16、4. Published October 2014. Originallyapproved in 2009. Last previous edition approved in 2009 as E2678 09. DOI:10.1520/E2678-09R14.Copyright ASTM International, 100 Barr Harbor Drive, PO Box C700, West Conshohocken, PA 19428-2959. United States12.1.18 intrusion detection system (IDS), nsoftware orha

    17、rdware that are used to identify attacks or anomalies oncomputers or networks or both.2.1.19 link analysis, ntype of analysis often used by lawenforcement that uses visual or other means of showingrelationships between people, places, events, and things bylinking them through timelines, telephone ca

    18、lls, emails, or anyother consistent scheme.2.1.20 local area network (LAN), ncomputer networkcovering a local area such as a home, office, or small group ofbuildings, such as a college.2.1.21 malware, nmalicious software designed to causeunexpected and frequently undesirable actions on a system (for

    19、example, viruses, worms, spyware, or Trojan horses).2.1.22 mock trial, noften referred to as “moot court,”role-playing court proceedings intended to prepare students forcourtroom testimony.2.1.23 new technology file system (NTFS), nadvanced filesystem with security features commonly used with the Wi

    20、n-dows and all subsequent sytems.2.1.24 open system interconnect (OSI), nlayered modelthat describes the way computers communicate on a network.2.1.25 personal area network (PAN), nnetworking schemethat enables computers and other electronic devices to com-municate with each other over short distanc

    21、es either with orwithout wires.2.1.26 partitioning, vsoftware method of dividing a physi-cal hard drive into logical containers that will appear asmultiple logical drives.2.1.27 peer to peer (P2P), ncommunications network thatallows multiple computers to share files.2.1.28 personal electronic device

    22、 (PED), nconsumer elec-tronic device that is typically mobile or handheld (for example,personal digital assistant (PDA), cell phone, or iPOD).2.1.29 photogrammetry, nscience of obtaining dimen-sional information of items depicted in photographs.2.1.30 public key infrastructure (PKI), nsystem that us

    23、esencryption to verify and authenticate network transactions.2.1.31 random access memory (RAM), ncomputers read/write memory; it provides temporary memory space for thecomputer to process data.2.1.32 redundant array of inexpensive/independent disks(RAID), nsystem that uses two or more drives in comb

    24、inationfor fault tolerance or performance.2.1.33 steganography, ntechnique for embedding infor-mation into something else, such as a text file in an image or asound file, for the sole purpose of hiding the existence of theembedded information.2.1.34 thumb drive, nsmall digital storage device that us

    25、esflash memory and a universal serial bus (USB) connection tointerface with a computer.2.1.35 topology, nphysical layout or logical operation of anetwork.2.1.36 virtual private network (VPN), ncomputer networkthat uses encryption to transmit data in a secure fashion over apublic network.2.1.37 voice

    26、 over internet protocol (VoIP), ntechnique fortransmitting real-time voice communications over the internetor another transmission control protocol/internet protocol(TCP/IP) network.2.1.38 wide-area network (WAN), ncomputer networkcovering a wide geographical area.2.2 Acronyms:2.2.1 FDA, nFood and D

    27、rug Administration2.2.2 FTC, nFederal Trade Commission2.2.3 IP, ninternet protocol2.2.4 IRS, nInternal Revenue Service2.2.5 KSA, nknowledge, skill, and ability2.2.6 SEC, nSecurities and Exchange Commission2.2.7 TCP, ntransmission control protocol3. Significance and Use3.1 With the proliferation of c

    28、omputers and other electronicdevices, it is difficult to imagine a crime that could notpotentially involve digital evidence. Because of the paucity ofdegree programs in computer forensics, practitioners havehistorically relied on practical training through law enforce-ment or vendor-specific program

    29、s or both.3.2 In this guide, curricula for different levels of theeducational system are outlined. It is intended to provideguidance to:3.2.1 Individuals interested in pursuing academic programsand professional opportunities in computer forensics,3.2.2 Academic institutions interested in developing

    30、com-puter forensics programs, and3.2.3 Employers seeking information about the educationalbackground of graduates of computer forensics programs andevaluating continuing education opportunities for current em-ployees.4. Qualifications for a Career in Computer Forensics4.1 Introduction:4.1.1 Computer

    31、 forensics plays a fundamental role in theinvestigation and prosecution of crimes. Since any type ofcriminal activity may involve the seizure and examination ofdigital evidence, the percentage of cases that involves digitalevidence will continue to increase. The preservation,examination, and analysi

    32、s of digital evidence require a foun-dation in the practical application of science, computertechnology, and the law. A practitioner of computer forensicsshall be capable of integrating knowledge, skills, and abilitiesin the identification, preservation, documentation,examination, analysis, interpre

    33、tation, reporting, and testimo-nial support of digital evidence. A combination of educationand practical training can prepare an individual for a career incomputer forensics, and this section addresses the qualifica-tions an individual will need to pursue such a career.4.1.2 As in all forensic disci

    34、plines, a combination ofpersonal, technical, and professional criteria will influence aE2678 09 (2014)2prospective computer forensics practitioners suitability foremployment. Effective written and oral communication skillsare essential to computer forensics practitioners because theymay have to test

    35、ify to their examination results in court. Newemployees may be hired provisionally or go through a proba-tionary period that requires successful completion of additionaltraining or competency testing or both as a prerequisite forcontinued employment.4.2 Career Paths in Computer Forensics:4.2.1 Numer

    36、ous competent, accurate, and admissible digitalforensic examinations are performed every year by qualifiedand experienced examiners who have no college education. Infact, much of the expertise in this field is represented byprofessionals whose practical experience, on-the-job training,and work crede

    37、ntials qualify them in this discipline. Fewinstitutions offer degrees in the discipline because the field isrelatively new. As academic programs are developed and madeavailable, it will become preferable for forensic examinationsto be performed by individuals who have a degree in computerforensics (

    38、or a related field) supported by experience andtraining.4.2.2 The discussion of qualifications presents three alter-native career paths into computer forensics which are depictedin Fig. 1:4.2.2.1 One is for law enforcement personnel who seek tomove into computer forensics after they become swornoffi

    39、cers,4.2.2.2 Another is for persons with relevant technical andcritical thinking skills that are equivalent to a bachelorsdegree, and4.2.2.3 A third is for persons who have earned the formaldegree.4.2.3 A description of careers in computer forensics isprovided in Appendix X1.4.2.4 Personal Character

    40、isticsComputer forensics, likeother forensic disciplines, requires personal honesty, integrity,and scientific objectivity. Those seeking careers in this fieldshould be aware that background checks similar to thoserequired for law enforcement officers are likely to be acondition of employment. The fo

    41、llowing may be conducted orreviewed or both before an employment offer is made and maybe ongoing conditions of employment (this list is not all-inclusive):(1) Past work performance(2) Drug tests(3) History of drug use(4) Driving record(5) Criminal history(6) Citizenship(7) Credit history(8) History

    42、of hacking(9) Personal associations(10) Psychological screening(11) Medical or physical examination(12) Polygraph examination4.2.5 Academic QualificationsPractitioners of computerforensics historically have not been required to have a degree.However, the trend within some areas of the field is tostr

    43、engthen the academic requirements for this discipline andrequire a baccalaureate degree, preferably in a science. Theacademic qualifications for computer forensics practitionersare discussed in greater detail later in this guide and mayinclude the following knowledge, skills, and abilities:4.2.5.1 T

    44、echnical:(1) Computer hardware and architecture(2) Storage media(3) Operating systems(4) File systems(5) Database systems(6) Network technologies and infrastructures(7) Programming and scripting(8) Computer security(9) Cryptography(10) Software tools(11) Validation and testing(12) Cross-discipline a

    45、wareness4.2.5.2 Professional:(1) Critical thinking(2) Scientific methodology(3) Quantitative reasoning and problem solving(4) Decision making(5) Laboratory practices(6) Laboratory safety(7) Attention to detail(8) Interpersonal skills(9) Public speaking(10) Oral and written communication(11) Time man

    46、agement(12) Task prioritization(13) Application of digital forensic procedures(14) Preservation of evidence(15) Interpretation of examination results(16) Investigative process(17) Legal process4.2.5.3 Copies of diplomas and formal academic transcriptsare generally required as proof of academic quali

    47、fication.Awards, publications, internships, and student activities may beused to differentiate applicants. Claims in this regard aresubject to verification through the background investigationprocess.4.2.6 CredentialsA digital forensic practitioner shoulddemonstrate continued professional developmen

    48、t that is docu-mented by credentials. A credential is a formal recognition ofa professionals KSA. Indicators of professional standinginclude academic credentials, professional credentials, trainingcredentials, and competency tests. Credentials can facilitate thequalification of a witness as an exper

    49、t.4.3 Implementation: Keys to a Career in Computer Foren-sics:4.3.1 Preemployment PreparationCompetitive candidatescan demonstrate the interest and aptitude or KSAs that estab-lish their readiness for a digital forensic position. These KSAsmay include areas important to all potential forensic sciencepractitioners including, but not limited to, quality assurance,ethics, professional standards of behavior, evidence control,report writing, scientific method, inductive and deductiveE2678 09 (2014)3reasoning, investigative techniques


    注意事项

    本文(ASTM E2678-2009(2014) Standard Guide for Education and Training in Computer Forensics《计算机取证的教育和培训的标准指南》.pdf)为本站会员(sumcourage256)主动上传,麦多课文档分享仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文档分享(点击联系客服),我们立即给予删除!




    关于我们 - 网站声明 - 网站地图 - 资源地图 - 友情链接 - 网站客服 - 联系我们

    copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
    备案/许可证编号:苏ICP备17064731号-1 

    收起
    展开