Attention: November 11th is the last day to access FedVTE. Users may access FedVTE until 6PM EST on November 11th. After this time FedVTE will be permanently decommissioned. Starting November 15th, users will be able to access all the same learning content through CISA Learning. Stay tuned for more details about the CISA Learning platform.

Task ID: T1324

Process digital evidence

Work roles with this Task

  • Digital Forensics

    NICE Framework ID: PD-WRL-002

    Responsible for analyzing digital evidence from computer security incidents to derive useful information in support of system and network vulnerability mitigation.

  • Insider Threat Analysis

    NICE Framework ID: PD-WRL-005

    Responsible for identifying and assessing the capabilities and activities of cybersecurity insider threats; produces findings to help initialize and support law enforcement and counterintelligence activities and investigations.

  • Cybercrime Investigation

    Category: Investigation
    NICE Framework ID: IN-WRL-001

    Responsible for investigating cyberspace intrusion incidents and crimes. Applies tactics, techniques, and procedures for a full range of investigative tools and processes and appropriately balances the benefits of prosecution versus intelligence gathering.

  • Digital Evidence Analysis

    Category: Investigation
    NICE Framework ID: IN-WRL-002

    Responsible for identifying, collecting, examining, and preserving digital evidence using controlled and documented analytical and investigative techniques.