This apprenticeship standard has been approved for delivery by the Institute for Apprenticeships and Technical Education. However, starts on the apprenticeship will only be possible once a suitable end-point assessment organisation (EPAO) has joined the Apprenticeship Provider and Assessment Register (APAR). Once the EPAO has joined the APAR, funding for apprentice starts will be permitted and this message will be removed.
Undertake and innovate the capture, processing, and analysis of specialist digital forensic evidence.
This occupation is found in organisations that undertake and innovate regarding the capture, processing, and analysis of specialist digital forensic evidence. These roles can be found in different public and private sector bodies and organisations that include digital forensics and criminal investigations within their service delivery. There is a significant demand on policing to examine digital devices making this a primary service offered by forensic service providers to policing. The role is relevant to Security and Defence teams including the National Crime Agency, Ministry of Defence, Border Force, Academia, and other aspects of the Criminal Justice System. Private forensic service providers service all public sector requirements for device examinations as well as other investigation types not just criminal, including internal corporate and Intellectual Property theft investigations. These companies vary in size and breadth of digital capability.
The broad purpose of the occupation is to act as a senior advisor within the digital forensic environment and support and manage the delivery of digital services for major crimes, incidents, operations, or any investigations that require specialist digital forensic investigative assistance. They provide an enhanced specialist service and knowledge regarding the detecting, preserving, seizing, gathering and analysing of digital intelligence and evidence for investigations where digital technology and data acquisition opportunities exist. They have an advanced understanding of digital forensic investigation techniques and demonstrate an ability to work independently, managing processes and complex technical problem solving. They can produce, develop, design and implement appropriate tactical digital forensic strategies for challenging and atypical crime investigation scenarios and/or emerging digital forensic practice. A key aspect of this role is the research and development of emerging digital technologies and ensuring practices are developed to support investigations. As such it is critical to attract talented experienced digital staff into this role. The titles of the roles may vary across different organisations including police forces, but the core skills required of the role remain the same.
In their daily work, an employee in this occupation interacts with their local forensics team and across the forensic capability and academia nationally where emerging technology is encountered. They will provide technical advice and guidance to digital forensic practitioners and advise investigating officers on digital strategy. They will support the criminal justice system understand the impact of the evidence which will include legal counsel. As part of their role to embed emerging practice and improve effectiveness they will have daily interaction with unit lead and quality managers.
An employee in this occupation will be responsible for the exercise of broad autonomy and judgement across a specialism developing digital forensic strategy. Explaining complex technical concepts in a clear and understandable manner to support criminal or civil prosecutions.
They will critically capture, process and analyse complex digital material and information, concepts and theories to produce investigative best practice. Taking responsibility for planning and developing innovative practice that initiate or underpin substantial changes or developments. Advise and influence on the financial implication of technological and process improvements considerate of return on investment.
Engage with external stakeholders, such as digital forensic service providers, academia, and industry experts, to foster collaborations, share knowledge, and remain informed and embed advancements in the digital forensic field. Continuously monitor and research emerging technologies, tools, and techniques in the field of digital forensics, staying up to date with the latest developments and best practices to enhance investigative capabilities. Adherence to strict professional ethics, ensuring the confidentiality, privacy, and security of all digital evidence and maintaining the highest standards of integrity throughout the forensic process.
The role requires security vetting, adhering to the legal framework, and an expectation to work to professional policing standards and Forensic Science Regulator Codes of Practice and the Conduct of Forensic Science Providers codes of practice.
This is a summary of the key things that you – the apprentice and your employer need to know about your end-point assessment (EPA). You and your employer should read the EPA plan for the full details. It has information on assessment method requirements, roles and responsibilities, and re-sits and re-takes.
An EPA is an assessment at the end of your apprenticeship. It will assess you against the knowledge, skills, and behaviours (KSBs) in the occupational standard. Your training will cover the KSBs. The EPA is your opportunity to show an independent assessor how well you can carry out the occupation you have been trained for.
Your employer will choose an end-point assessment organisation (EPAO) to deliver the EPA. Your employer and training provider should tell you what to expect and how to prepare for your EPA.
The length of the training for this apprenticeship is typically 36 months. The EPA period is typically 6 months.
The overall grades available for this apprenticeship are:
When you pass the EPA, you will be awarded your apprenticeship certificate.
The EPA gateway is when the EPAO checks and confirms that you have met any requirements required before you start the EPA. You will only enter the gateway when your employer says you are ready.
The gateway requirements for your EPA are:
A project with a dissertation
You will be asked to complete a Dissertation. The title and scope will be agreed with the EPAO at the gateway. As part of the project, you need to write a Dissertation and submit this to the EPAO. The Dissertation should be a maximum of 8000 (with a 10% tolerance).
You will have 26 weeks to complete the project and submit the Dissertation to the EPAO.
You need to prepare and give a presentation to an independent assessor. Your presentation slides and any supporting materials should be submitted at the same time as the project output. The presentation with questions will last at least 90 minutes. The independent assessor will ask at least 10 questions about the project and presentation.
Professional discussion underpinned by a portfolio of evidence
You will have a professional discussion with an independent assessor. It will last 90 minutes. They will ask you at least 10 questions. The questions will be about certain aspects of your occupation. You need to compile a portfolio of evidence before the EPA gateway. You can use it to help answer the questions.
You should speak to your employer if you have a query that relates to your job.
You should speak to your training provider if you have any questions about your training or EPA before it starts.
You should receive detailed information and support from the EPAO before the EPA starts. You should speak to them if you have any questions about your EPA once it has started.Reasonable adjustments
If you have a disability, a physical or mental health condition or other special considerations, you may be able to have a reasonable adjustment that takes this into account. You should speak to your employer, training provider and EPAO and ask them what support you can get. The EPAO will decide if an adjustment is appropriate.
This apprenticeship aligns with The Chartered Institute of Information Security for Chartered
Please contact the professional body for more details.
This apprenticeship aligns with Institute of Cyber Digital Investigation Professionals for Chartered
Please contact the professional body for more details.
This occupation is found in organisations that undertake and innovate regarding the capture, processing, and analysis of specialist digital forensic evidence. These roles can be found in different public and private sector bodies and organisations that include digital forensics and criminal investigations within their service delivery. There is a significant demand on policing to examine digital devices making this a primary service offered by forensic service providers to policing. The role is relevant to Security and Defence teams including the National Crime Agency, Ministry of Defence, Border Force, Academia, and other aspects of the Criminal Justice System. Private forensic service providers service all public sector requirements for device examinations as well as other investigation types not just criminal, including internal corporate and Intellectual Property theft investigations. These companies vary in size and breadth of digital capability.
The broad purpose of the occupation is to act as a senior advisor within the digital forensic environment and support and manage the delivery of digital services for major crimes, incidents, operations, or any investigations that require specialist digital forensic investigative assistance. They provide an enhanced specialist service and knowledge regarding the detecting, preserving, seizing, gathering and analysing of digital intelligence and evidence for investigations where digital technology and data acquisition opportunities exist. They have an advanced understanding of digital forensic investigation techniques and demonstrate an ability to work independently, managing processes and complex technical problem solving. They can produce, develop, design and implement appropriate tactical digital forensic strategies for challenging and atypical crime investigation scenarios and/or emerging digital forensic practice. A key aspect of this role is the research and development of emerging digital technologies and ensuring practices are developed to support investigations. As such it is critical to attract talented experienced digital staff into this role. The titles of the roles may vary across different organisations including police forces, but the core skills required of the role remain the same.
In their daily work, an employee in this occupation interacts with their local forensics team and across the forensic capability and academia nationally where emerging technology is encountered. They will provide technical advice and guidance to digital forensic practitioners and advise investigating officers on digital strategy. They will support the criminal justice system understand the impact of the evidence which will include legal counsel. As part of their role to embed emerging practice and improve effectiveness they will have daily interaction with unit lead and quality managers.
An employee in this occupation will be responsible for the exercise of broad autonomy and judgement across a specialism developing digital forensic strategy. Explaining complex technical concepts in a clear and understandable manner to support criminal or civil prosecutions.
They will critically capture, process and analyse complex digital material and information, concepts and theories to produce investigative best practice. Taking responsibility for planning and developing innovative practice that initiate or underpin substantial changes or developments. Advise and influence on the financial implication of technological and process improvements considerate of return on investment.
Engage with external stakeholders, such as digital forensic service providers, academia, and industry experts, to foster collaborations, share knowledge, and remain informed and embed advancements in the digital forensic field. Continuously monitor and research emerging technologies, tools, and techniques in the field of digital forensics, staying up to date with the latest developments and best practices to enhance investigative capabilities. Adherence to strict professional ethics, ensuring the confidentiality, privacy, and security of all digital evidence and maintaining the highest standards of integrity throughout the forensic process.
The role requires security vetting, adhering to the legal framework, and an expectation to work to professional policing standards and Forensic Science Regulator Codes of Practice and the Conduct of Forensic Science Providers codes of practice.
Duty | KSBs |
---|---|
Duty 1 Establish a comprehensive understanding of the legislation for the examination of digital devices and material for use in the criminal justice system and investigations. |
K1 K2 K3 K5 K13 K14 K15 K16 K17 K18 K19 K20 K21 K22 K23 K24 K27 K29 K33 K34 K35 K36 |
Duty 2 Lead the advanced application of specialist principles for digital forensic science, utilising cutting edge technical evidence for the investigative process. |
K1 K2 K5 K7 K13 K14 K15 K16 K17 K18 K19 K20 K21 K22 K23 K24 K25 K28 K29 K31 K33 K34 K35 K36 K39 K40 |
Duty 3 Establish actionable forensic evidence for investigations by processing, analysing and interpreting digital information from data and electronic devices. |
K2 K7 K8 K12 K13 K14 K15 K16 K17 K18 K19 K20 K21 K22 K24 K25 K28 K29 K31 K33 K34 K35 K36 |
Duty 4 Forensically interrogate the components and artefacts of complex digital material to find evidence relevant to investigations. |
K1 K2 K7 K8 K12 K13 K14 K15 K16 K17 K18 K19 K20 K21 K22 K23 K24 K25 K29 K31 K33 K34 K35 K36 K39 |
Duty 5 Adhere to strict professional ethics when implementing systems that ensure confidentiality, security, and integrity of all digital evidence throughout the forensic process. |
K1 K2 K3 K5 K6 K7 K8 K12 K13 K14 K15 K16 K17 K18 K19 K20 K21 K22 K23 K24 K25 K26 K27 K29 K33 K34 K35 K36 K39 K40 |
Duty 6 Ensure privacy when handling and managing evidential material and its sources. |
K7 K8 K12 K14 K15 K16 K17 K18 K19 K20 K21 K22 K23 K24 K25 K28 K29 K31 K34 K35 |
Duty 7 Solve complex problems and technically challenge the constraints of digital forensic methodologies legally and ethically, reacting to any changing circumstances to maximize evidence gathering for digital investigations. |
K1 K2 K7 K8 K12 K13 K14 K15 K16 K17 K18 K19 K20 K21 K22 K23 K24 K25 K26 K28 K29 K31 K33 K34 K35 K36 K39 K40 |
Duty 8 Transition technical proof of concepts from unpredictable digital environments to embedding as approved techniques within an established quality-controlled laboratory. |
|
Duty 9 Act as a proactive critical point of contact for complex technical investigative challenges, providing specialist technical knowledge and advice to senior investigators on forensic strategies for digital forensic opportunities in serious and complex investigations. |
K2 K5 K6 K7 K11 K13 K14 K15 K16 K17 K18 K19 K20 K21 K22 K23 K27 K35 K36 K40 |
Duty 10 Workplace technical transformation to improve productivity, capability, and forensic impact. |
|
Duty 11 Use competency frameworks to implement technical transformation for continuous business improvement. |
|
Duty 12 Meet current and future business requirements by conducting technology foresight activities to review changes to the IT and digital landscape. |
|
Duty 13 Communicate with technical and non-technical stakeholders, negotiating and influencing effectively to ensure understanding of highly technical concepts and issues. |
|
Duty 14 Provide unbiased digital forensics evidence for the legal process that distinguishes between factual and interpretive expert reporting, producing comprehensive reports, technical explanations and statements for court in accordance with rules of evidence. |
|
Duty 15 Develop, promote and manage a working culture that is safe and lawful when dealing with digital devices and data that contain personal, sensitive or potentially distressing information. |
|
Duty 16 Engage and collaborate with cross-sector partners to build relationships that advance national digital forensics. |
|
Duty 17 Supervise staff to perform their duties. Manage their welfare and development through coaching and mentoring. |
|
Duty 18 Co-ordinate the allocation, delivery, and priority of team workload to advance and support investigations. |
K1: Interpretation, implication and application of legislation and guidance for the examination of digital devices and material for use in investigations.
Back to Duty
K2: How to conduct investigations and leverage intelligence in order to identify and safeguard victims and vulnerable persons.
Back to Duty
K3: Ethical handling and management of evidential material and its sources to ensure privacy.
Back to Duty
K4: Techniques for identifying and managing well-being within a digital forensic team and the strategies to address trauma and how to access support due to the impact that processing sensitive or potentially distressing content can have on an individual.
Back to Duty
K5: Processes for accrediting and embedding novel techniques in the laboratory, from proof of concept to approved techniques, associated risks and the impact of Quality Standard Requirements and Forensic Science Regulator (FSR) Codes of Practice (including information security, assurance, and business continuity).
Back to Duty
K6: Scientific requirements needed to establish a technical standard for a new forensic science activity, including validation of methods and tools, practitioner competency, and training.
Back to Duty
K7: Scope of techniques within digital forensics regarding the acquisition, preservation, handling, processing and analysis of digital intelligence.
Back to Duty
K8: What a digital forensic strategy entails, and how this supports the investigation whilst mitigating the risks presented.
Back to Duty
K9: Mentoring and how to support the professional development of others.
Back to Duty
K10: Techniques to co-ordinate the allocation, delivery, and priority of team workload to advance and support investigation in line with organisational priorities.
Back to Duty
K11: Horizon scanning, technological advances, and their value to inform strategies for triage and frontline and investigative capability.
Back to Duty
K12: Core network design and storage technologies across multiple devices and common architectures.
Back to Duty
K13: Specialist video multimedia, recovery, processing and analysis to enhance digital forensics compliance.
Back to Duty
K14: Common data features across specialist forensics capabilities, including forensic linguistics, and image authenticity relevant to evidence handling and interpretation of digital forensic material.
Back to Duty
K15: Opportunities for complementary evidence, for example open source, cell site, communications intelligence, text encoding initiative and vehicles.
Back to Duty
K16: The function of, and forensic opportunities presented by, common block device file systems, for example New Technology File System (NTFS), File Allocation Table (FAT), Extended File System (ext), Hierarchical File System Plus (HFS+), Apple File System (APFS) and partitioning technologies.
Back to Duty
K17: Common data structures for storage of text and media, for example text, XML, JSON, image, and video formats.
Back to Duty
K18: Data and database-type structures for storage of system and application data, for example system logs, Windows Registry, system configuration, (b)plists, SQLite, RealmDB, ProtoBuffers.
Back to Duty
K19: The complexities of technical and dynamic risks identified through the investigative process, for example data vulnerabilities.
Back to Duty
K20: Encryption technologies and security methods employed by device manufacturers and their impact on forensic activity and circumventions.
Back to Duty
K21: Artefact types across digital forensic disciplines, and how they can be exploited in investigations.
Back to Duty
K22: Handling treatment opportunities and challenges of various storage media, including magnetic, optical, and flash memory.
Back to Duty
K23: Applications and uses of artificial intelligence to identify and generate evidential material.
Back to Duty
K24: Fault-finding and diagnostic techniques and equipment, including use of voltmeters, thermal imagers and continuity checkers for non-functional electronic devices.
Back to Duty
K25: How to capture evidence compromised by environmental conditions.
Back to Duty
K26: The importance of independent, impartial decision-making that respects the opinions and views of others in complex, unpredictable and changing circumstances.
Back to Duty
K27: Tactical solutions and interpretation of local network architecture to inform plans for examining digital evidence.
Back to Duty
K28: Script programs to extract and report data not processed by extraction tool capability, including writing structured query language (SQL) and scripts for interpretation of data, for example Python.
Back to Duty
K29: Decomplication, reverse-engineering, static and dynamic analysis approaches, including application virtualisation.
Back to Duty
K30: Requirements for providing unbiased interpretive evidence, understanding of the limitations of results, including unconscious bias and performance of tools.
Back to Duty
K31: E-Discovery strategy for large and complex cases.
Back to Duty
K32: Conducting literature reviews.
Back to Duty
K33: Research methods and statistical analysis, including data science and Artificial Intelligence.
Back to Duty
K34: Statistical methods and data interpretation.
Back to Duty
K35: How to draw meaningful conclusions and the communication of research findings.
Back to Duty
K36: How to effectively collaborate with partners and across disciplines to advance national digital forensics and evaluate emerging technology.
Back to Duty
K37: How their role contributes to sustainability goals.
Back to Duty
K38: Principles and policies of equity, diversity and inclusion in the workplace and their impact on the organisation.
Back to Duty
K39: Techniques to identify evidential anomalies associated with manipulated or faked material.
Back to Duty
K40: Emerging trends and technological threats that could disrupt and influence the credibility of forensic evidence.
Back to Duty
S1: Apply legislation and guidance for the capture and examination of digital data to casework and decision-making.
Back to Duty
S2: Conduct investigations and manage evidence ethically to ensure safeguarding of victims and vulnerable persons, including providing support in the technical working environment when dealing with digital devices and data that may contain personal, sensitive or potentially distressing information.
Back to Duty
S3: Undertake work to support the accreditation of novel techniques, from proof of concept through to embedding approved techniques within the laboratory.
Back to Duty
S4: Develop legal and ethical digital forensic strategies and communicate with a range of stakeholders to implement these to proactively support serious and complex investigations.
Back to Duty
S5: Mentoring skills to support the performance of the digital forensics team. Providing advice and guidance with particular emphasis on embedding specialist techniques.
Back to Duty
S6: Co-ordinate the allocation, delivery, and priority of team workload to advance and support investigation.
Back to Duty
S7: Lead the advanced application of specialist principles for digital forensic science, ensuring the use of cutting-edge technical evidence for the investigative process.
Back to Duty
S8: Process, analyse and interpret complex digital data for the purposes of establishing forensic evidence for investigations.
Back to Duty
S9: Interrogate the components and artefacts of complex digital material in a forensic manner to find evidence relevant to investigations.
Back to Duty
S10: Physically examine damaged or broken devices and remove data, utilising specialist tools and techniques, for example Chip-off and Joint Test Action Group (JTAG).
Back to Duty
S11: Solve complex problems and technically challenge the constraints of digital forensic methodologies.
Back to Duty
S12: Communicate, negotiate, and influence on various skill and sensitivity levels to support all parts of the investigative process, including addressing highly technical concepts in an accessible format.
Back to Duty
S13: Provide trusted digital forensic evidence for the investigative process, producing comprehensive reports, technical explanations, and statements in accordance with rules of evidence. Distinguishing between factual and interpretive expert reporting.
Back to Duty
S14: Conduct literature reviews and select appropriate research methodologies to address research gaps in digital forensics.
Back to Duty
S15: Research data collection, analyse information to draw meaningful conclusions, and communicate the research findings.
Back to Duty
S16: Collaborate with partners across disciplines to advance national digital forensics and evaluate emerging technology.
Back to Duty
S17: Follow and apply sustainability, equity, diversity and inclusion policies and procedures.
Back to Duty
S18: Use specialist multi-capability techniques to forensically identify and examine the authenticity of evidential material.
Back to Duty
S19: Apply knowledge of new technological risks and threats to influence change to the digital forensic examination process.
Back to Duty
B1: A strong work ethic and commitment in order to meet the standards required.
Back to Duty
B2: Acts with integrity with respect to ethical, legal and regulation ensuring the protection of personal data, safety and security.
Back to Duty
B3: Shows initiative and personal responsibility to overcome digital forensic challenges.
Back to Duty
B4: Commitment to continuous professional development; maintaining knowledge and skills in digital forensic developments that influence their work.
Back to Duty
B5: Comfortable and confident interacting with people from technical and non-technical backgrounds.
Back to Duty
B6: Participates and shares best practice in their organisation and the wider community of Digital Forensics.
Back to Duty
B7: Maintains awareness of trends and innovations utilising a range of academic literature, online sources, community interaction, conference attendance and other methods that can deliver business value.
Back to Duty
B8: Leads by example, acting as a role model for equity, diversity and inclusion.
Back to Duty
Apprentices without level 2 English and maths will need to achieve this level prior to taking the End-Point Assessment. For those with an education, health and care plan or a legacy statement, the apprenticeship’s English and maths minimum requirement is Entry Level 3. A British Sign Language (BSL) qualification is an alternative to the English qualification for those whose primary language is BSL.
This standard aligns with the following professional recognition:
v1.0
This document explains the requirements for end-point assessment (EPA) for the advanced digital forensic professional apprenticeship. End-point assessment organisations (EPAOs) must follow this when designing and delivering the EPA.
Advanced digital forensic professional apprentices, their employers and training providers should read this document.
A full-time advanced digital forensic professional apprentice typically spends 36 months on-programme. The apprentice must spend at least 12 months on-programme and complete the required amount of off-the-job training in line with the apprenticeship funding rules.
The EPA should be completed within an EPA period lasting typically 6 months.
The apprentice must complete their training and meet the gateway requirements before starting their EPA. The EPA will assess occupational competence.
An approved EPAO must conduct the EPA for this apprenticeship. Employers must work with the training provider to select an approved EPAO from the apprenticeship providers and assessment register (APAR).
This EPA has 2 assessment methods.
The grades available for each assessment method are below.
Assessment method 1 - dissertation including presentation with questions:
Assessment method 2 - professional discussion underpinned by a portfolio:
The result from each assessment method is combined to decide the overall apprenticeship grade. The following grades are available for the apprenticeship:
On-programme - typically 36 months
|
The apprentice must:
|
---|---|
End-point assessment gateway
|
The apprentice’s employer must be content that the apprentice is occupationally competent. The apprentice must:
For the dissertation including presentation with questions, the apprentice must submit a project brief. To ensure the project allows the apprentice to meet the KSBs mapped to this assessment method to the highest available grade, the EPAO should sign-off the project’s title and scope at the gateway to confirm it is suitable. A brief project summary must be submitted to the EPAO. It should be no more than 500 words. This needs to show that the project will provide the opportunity for the apprentice to cover the KSBs mapped to this assessment method. It is not assessed.
For the professional discussion underpinned by a portfolio, the apprentice must submit a portfolio of evidence.
Gateway evidence must be submitted to the EPAO, along with any organisation specific policies and procedures requested by the EPAO. |
End-point assessment - typically 6 months
|
The grades available for each assessment method are below
Dissertation including presentation with questions:
Professional discussion underpinned by a portfolio:
Overall EPA and apprenticeship can be graded:
|
Professional recognition
|
This apprenticeship aligns with:
This apprenticeship aligns with:
|
The EPA is taken in the EPA period. The EPA period starts when the EPAO confirms the gateway requirements have been met and is typically 6 months.
The EPAO should confirm the gateway requirements have been met and start the EPA as quickly as possible.
The apprentice’s employer must be content that the apprentice is occupationally competent. That is, they are deemed to be working at or above the level set out in the apprenticeship standard and ready to undertake the EPA. The employer may take advice from the apprentice's training provider, but the employer must make the decision. The apprentice will then enter the gateway.
The apprentice must meet the gateway requirements before starting their EPA.
They must:
Portfolio of evidence requirements:
The apprentice must compile a portfolio of evidence during the on-programme period of the apprenticeship. It should only contain evidence related to the KSBs that will be assessed by the professional discussion. It will typically contain 10 discrete pieces of evidence. Evidence must be mapped against the KSBs. Evidence may be used to demonstrate more than one KSB; a qualitative as opposed to quantitative approach is suggested.
Evidence sources may include:
This is not a definitive list; other evidence sources can be included.
The portfolio of evidence should not include reflective accounts or any methods of self-assessment. Any employer contributions should focus on direct observation of performance, for example, witness statements, rather than opinions. The evidence provided should be valid and attributable to the apprentice; the portfolio of evidence should contain a statement from the employer and apprentice confirming this.
The EPAO should not assess the portfolio of evidence directly as it underpins the discussion. The independent assessor should review the portfolio of evidence to prepare questions for the discussion. They are not required to provide feedback after this review.
Gateway evidence must be submitted to the EPAO, along with any organisation specific policies and procedures requested by the EPAO.
The assessment methods can be delivered in any order.
The result of one assessment method does not need to be known before starting the next.
A project involves the apprentice completing a significant and defined piece of work that has a real business application and benefit. The project must meet the needs of the employer’s business and be relevant to the apprentice’s occupation and apprenticeship.
This assessment method has 2 components:
project with a project output
presentation with questions and answers
Together, these components give the apprentice the opportunity to demonstrate the KSBs mapped to this assessment method. They are assessed by an independent assessor.
This assessment method is being used because:
The apprentice must complete a project based on any of the following:
The continuous improvement review of a current digital forensic process, service or product to ensure it is fit for purpose and meets the current needs of the business.
The recommendation and implementation of an innovative digital forensic technique or process that would benefit across their team, department, or organisation.
Addressing an issue or concern raised through quality inspections to align practice to the regulators codes.
That includes the demonstration of practical skills.
A cross sector collaboration to address future challenges and technologies.
To ensure the project allows the apprentice to meet the KSBs mapped to this assessment method to the highest available grade, the EPAO must sign-off the project’s title and scope at the gateway to confirm it is suitable. The EPAO must refer to the grading descriptors to ensure that projects are pitched appropriately.
The project output must be in the form of dissertation.
The apprentice must start the project after the gateway. The employer should ensure the apprentice has the time and resources, within the project period, to plan and complete their project.
The apprentice may work as part of a team to complete the project, which could include internal colleagues or technical experts. The apprentice must however, complete their dissertation and presentation unaided and they must be reflective of their own role and contribution. The apprentice and their employer must confirm this when the dissertation and any presentation materials are submitted.
The dissertation must include at least:
The dissertation must cover the use of different analytical development techniques in the workplace. The apprentice needs to explain how these techniques have identified gaps and opportunities for further analysis. How they engaged with clients, their own organisation and other interested parties and should explain their critical thinking in both their analysis and generation of their overall findings and recommendations.
The dissertation must have a word count of 8000 words. A tolerance of 10% above or below the word count is allowed at the apprentice's discretion. Appendices, references and diagrams are not included in this total. The apprentice must produce and include an appendix, showing how the output evidences the KSBs mapped to this assessment method.
The apprentice must complete and submit the dissertation and any presentation materials to the EPAO by the end of week of the EPA period.
The presentation with questions must be structured to give the apprentice the opportunity to demonstrate the KSBs mapped to this assessment method to the highest available grade.
The apprentice must prepare and deliver a presentation to an independent assessor. After the presentation, the independent assessor must ask the apprentice questions about their project, dissertation and presentation.
The presentation should cover:
The presentation with questions must last 90 minutes. This will typically include a presentation of 30 minutes and questioning lasting 60 minutes. The independent assessor must use the full time available for questioning. The independent assessor can increase the time of the presentation and questioning by up to 10%. This time is to allow the apprentice to complete their last point or respond to a question if necessary.
The independent assessor must ask at least 10 questions. They must use the questions from the EPAO’s question bank or create their own questions in line with the EPAO’s training. Follow up questions are allowed where clarification is required.
The purpose of the independent assessor's questions is:
The apprentice must submit their presentation materials to the EPAO at the same time as the dissertation - by the end of week 26 of the EPA period. The apprentice must notify the EPAO, at that point, of any technical requirements for the presentation.
During the presentation, the apprentice must have access to:
The independent assessor must have at least 4 weeks to review the dissertation and any presentation materials, to allow them to prepare questions.
The apprentice must be given at least 2 weeks’ notice of the presentation with questions.
The independent assessor must make the grading decision. They must assess the project components holistically when deciding the grade.
The independent assessor must keep accurate records of the assessment. They must record:
The presentation with questions must take place in a suitable venue selected by the EPAO for example, the EPAO’s or employer’s premises. It should take place in a quiet room, free from distractions and influence.
The presentation with questions can be conducted by video conferencing. The EPAO must have processes in place to verify the identity of the apprentice and ensure the apprentice is not being aided.
The EPAO must develop a purpose-built assessment specification and question bank. It is recommended this is done in consultation with employers of this occupation. The EPAO must maintain the security and confidentiality of EPA materials when consulting with employers. The assessment specification and question bank must be reviewed at least once a year to ensure they remain fit-for-purpose.
The assessment specification must be relevant to the occupation and demonstrate how to assess the KSBs mapped to this assessment method. The EPAO must ensure that questions are refined and developed to a high standard. The questions must be unpredictable. A question bank of sufficient size will support this.
The EPAO must ensure that the apprentice has a different set of questions in the case of re-sits or re-takes.
EPAO must produce the following materials to support the project:
The EPAO must ensure that the EPA materials are subject to quality assurance procedures including standardisation and moderation.
In the professional discussion, an independent assessor and apprentice have a formal two-way conversation. It gives the apprentice the opportunity to demonstrate the KSBs mapped to this assessment method.
The apprentice can refer to and illustrate their answers with evidence from their portfolio of evidence.
This assessment method is being used because:
The professional discussion must be structured to give the apprentice the opportunity to demonstrate the KSBs mapped to this assessment method to the highest available grade.
An independent assessor must conduct and assess the professional discussion. Questions based on the following themes:
The EPAO must give an apprentice 2 weeks' notice of the professional discussion.
The independent assessor must have at least 4 weeks to review the supporting documentation.
The apprentice must have access to their portfolio of evidence during the professional discussion.
The apprentice can refer to and illustrate their answers with evidence from their portfolio of evidence however, the portfolio of evidence is not directly assessed.
The professional discussion must last for 90 minutes. The independent assessor can increase the time of the professional discussion by up to 10%. This time is to allow the apprentice to respond to a question if necessary.
The independent assessor must ask at least 10 questions. The independent assessor must use the questions from the EPAO’s question bank or create their own questions in line with the EPAO’s training. Follow-up questions are allowed where clarification is required.
The independent assessor must make the grading decision.
The independent assessor must keep accurate records of the assessment. They must record:
The professional discussion must take place in a suitable venue selected by the EPAO for example, the EPAO’s or employer’s premises.
The professional discussion can be conducted by video conferencing. The EPAO must have processes in place to verify the identity of the apprentice and ensure the apprentice is not being aided.
The professional discussion should take place in a quiet room, free from distractions and influence.
The EPAO must develop a purpose-built assessment specification and question bank. It is recommended this is done in consultation with employers of this occupation. The EPAO must maintain the security and confidentiality of EPA materials when consulting with employers. The assessment specification and question bank must be reviewed at least once a year to ensure they remain fit-for-purpose.
The assessment specification must be relevant to the occupation and demonstrate how to assess the KSBs mapped to this assessment method. The EPAO must ensure that questions are refined and developed to a high standard. The questions must be unpredictable. A question bank of sufficient size will support this.
The EPAO must ensure that the apprentice has a different set of questions in the case of re-sits or re-takes.
The EPAO must produce the following materials to support the professional discussion underpinned by a portfolio:
The EPAO must ensure that the EPA materials are subject to quality assurance procedures including standardisation and moderation.
Theme
KSBs
|
Pass
Apprentices must demonstrate all of the pass descriptors
|
Distinction
Apprentices must demonstrate all of the pass descriptors and all of the distinction descriptors
|
---|---|---|
Digital Forensic Science: Investigation, legislation, Ethics and Quality Assurance
K1 K2 K3 K5 K6 K38 K39 S1 S2 S3 S17 S18 B6 B8 |
Outlines how they have interpreted and applied legislation and guidance for the examination of digital devices and the capture of digital data and material in investigations casework and decision making. K1, S1 Explains how to develop, promote and use a governance culture in the technical working environment that is a safe, lawful, ethical and unbiased when dealing with digital devices and data and conducting investigations to ensure privacy and safeguard victims and vulnerable persons. K2, K3, S2 Explains the impact and risks presented to embedding novel techniques from proof of concept through to embedding as an approved technique within the laboratory and the quality standard requirements involved, sharing best practice in their organisation and the wider community. K5, S3, B6 Identifies the scientific requirements needed to establish a technical standard for a new forensic science activity, including validation of methods and tools, practitioner competency and training. K6 Explains how they have acted as a role model when following and applying equity, diversity, and inclusion rules and procedures in the workplace and the impact this had on the organisation. K38, S17, B8 Uses specialist multi-capability techniques to forensically identify and examine the authenticity of evidential material and anomalies associated with manipulated or faked material. K39, S18
|
Critically evaluates how using a safe, lawful, ethical and unbiased governance culture impacts the victims and vulnerable persons. K2, K3, S2
|
Complex Data Analysis and Reporting
K26 K27 S11 |
Applies tactical solutions and interpretations of local network architecture to inform crime scene examination plans whilst using independent, impartial decision making when solving complex problems and technically challenge the constraints of digital forensic methodologies. K26, K27, S11
|
Justifies their decision making in relation to tactical solutions and how this resulted in the solving of complex problems. K26, K27, S11 |
Research Methods and Emerging Technologies
K32 K33 K34 K35 K36 K37 S14 S15 S16 B5 B7 |
Uses literature reviews and appropriate research methodologies to address the research gaps in digital forensics, utilising a range of academic literature, online sources, community interaction and conferences to maintain an awareness of trends and innovations. K32, S14, B7 Uses research methods and statistical analysis including data science and AI to critically analyse information and communicate meaningful conclusions of their findings. K33, K34, K35, S15 Explains how they have interacted and collaborated with a range of people and partners from technical and non-technical backgrounds to advance national digital forensics and evaluate emerging technologies whilst contributing to sustainability goals. K36, K37, S16, B5
|
Evaluates how they have used a broad partnership approach across a range of police force, government organisations, private sector, and academia to share knowledge nationally. K36, K37, S16
|
Theme
KSBs
|
Pass
Apprentices must demonstrate all of the pass descriptors
|
Distinction
Apprentices must demonstrate all of the pass descriptors and all of the distinction descriptors
|
---|---|---|
Digital Forensic Science: Investigation, legislation, Ethics and Quality Assurance
K4 K7 K8 K9 K10 K30 K31 K40 S4 S5 S6 S13 S19 B1 B2 B4 |
Identifies what a digital forensic strategy entails, particularly regarding the acquisition, preservation, handling, processing, and analysis of digital intelligence, and how this supports the investigation whilst mitigating the risks presented K7, K8 Explains how they mentor and support the professional development of others whilst maintaining their own knowledge and skills in relation to the digital forensic developments that influence their work. K9, B4 Explains the techniques used for identifying and managing the wellbeing of others involved in the processing of sensitive content, including strategies that can address trauma and support team performance with particular emphasis on embedding specialist techniques. K4, S5 Explains how they worked in line with organisational priorities and standards to co-ordinate the allocation, delivery and priority of team workload to advance and support investigations, demonstrating commitment and a strong work ethic. K10, S6, B1 Outlines how they distinguish between factual and interpretive expert reporting to provide unbiased, fair and transparent evidence for the investigative process, taking into account e-discovery strategy for complex cases and producing reports, technical explanation and statements whilst understanding the limitations of results. K30, K31, S13 Explains how they act with integrity to develop, communicate, and implement legal and ethical forensic strategies that ensure the protection of personal data, safety, and security and proactively support serious and complex investigations. S4, B2 Explains how they apply knowledge of new technological risks and threats to influence change to the digital forensic examination process. K40, S19
|
Justifies their decision and articulates levels of uncertainty with the methodology and declaration of when forensic activity falls outside of the FSR codes. S13 |
Complex Data Capture and Processing
K11 K12 K13 K14 K15 K20 K21 K22 K23 K24 K25 S7 S9 S10 B3 |
Describes how they have lead the advanced application of specialist principles for digital forensic science using their knowledge of horizon scanning to inform triage decisions, core network design across multiple devices, recovery processing, and analysis, data features including forensic linguistics and image authenticity and complementary evidence, whilst ensuring the use of cross cutting-edge technical evidence for the investigative process. K11, K12, K13, K14, K15, S7 Explains how they interrogate the components and artefacts of complex digital material across digital forensic disciplines, in a forensic manner, taking in to account the correct handling, and challenges of storage media, to find evidence relevant to investigations, and explain how these artefacts can be exploited in investigations and how artificial intelligence could be used to help identify and generate relevant evidential material, always considering the encryption technologies that device manufacturers employ and the impact this has on forensic activity and circumventions. K20, K21, K22, K23, S9 Describes the use of common fault finding techniques to examine non-functional electronic devices and the use of specialist tools and techniques to capture and remove evidence and data which has been compromised by environmental conditions, demonstrating initiative and personal responsibility to overcome digital forensic challenges. K24, K25, S10, B3
|
Critically evaluates their research to back up their decision making. Making reference to relevant emerging technologies and challenges whist demonstrating their understanding of encryption technology and its application. K20, K21, K22, S9 Critically evaluates how their leading of advanced applications of specialist principles has impacted the investigative process. K11, K12, K13, K14, K15, S7 |
Complex Data Analysis and Reporting
K16 K17 K18 K19 K28 K29 S8 S12 |
Outlines how they process, analyse and interpret complex digital data to establish forensic evidence for investigations, using their understanding of the function of forensic opportunities presented by common block device file systems, common data and database structures for the storage of text, media and system application data and taking into account the complexities of technical and dynamic risks identified through the investigative process. K16, K17, K18 K19, S8 Explains how to write scripts and programs for extracting and reporting data, including decomplication, reverse engineering, static and dynamic analysis approaches in order to communicate, negotiate, influence, and support all parts of the investigative process. K28, K29, S12
|
Critically evaluates their approaches to writing scripts and programs for extracting and reporting data, and the methods used to communicate, negotiate, influence and support all parts of the investigative process. K28, K29, S12 |
Performance in the EPA determines the overall grade of:
An independent assessor must individually grade the dissertation including presentation with questions and professional discussion underpinned by a portfolio in line with this EPA plan.
The EPAO must combine the individual assessment method grades to determine the overall EPA grade.
If the apprentice fails one assessment method or more, they will be awarded an overall fail.
To achieve an overall pass, the apprentice must achieve at least a pass in all the assessment methods. All EPA methods must be passed for the EPA to be passed overall. Apprentices must gain at least a pass in all assessment methods to achieve a pass overall. Apprentices must gain at least a pass in one assessment method and a distinction in the other assessment methods to gain a merit overall. Apprentices must gain a distinction in all assessment methods to gain a distinction overall. There is equal weighting of assessment methods. Grades from individual assessment methods should be combined in the following way to determine the grade of the EPA as a whole:
Grades from individual assessment methods must be combined in the following way to determine the grade of the EPA overall.
Dissertation including presentation with questions | Professional discussion underpinned by a portfolio | Overall Grading |
---|---|---|
Fail | Fail | Fail |
Fail | Any grade | Fail |
Any grade | Fail | Fail |
Pass | Pass | Pass |
Distinction | Pass | Merit |
Pass | Distinction | Merit |
Distinction | Distinction | Distinction |
If the apprentice fails one assessment method or more, they can take a re-sit or a re-take at their employer’s discretion. The apprentice’s employer needs to agree that a re-sit or re-take is appropriate. A re-sit does not need further learning, whereas a re-take does. The apprentice should have a supportive action plan to prepare for a re-sit or a re-take.
The employer and the EPAO should agree the timescale for a re-sit or re-take. A re-sit is typically taken within 1 months of the EPA outcome notification. The timescale for a re-take is dependent on how much re-training is required and is typically taken within 6 months of the EPA outcome notification.
If the apprentice fails the project assessment method, they must amend the project output in line with the independent assessor’s feedback. The apprentice will be given 2 weeks to rework and submit the amended Dissertation.
Failed assessment methods must be re-sat or re-taken within a 6-month period from the EPA outcome notification, otherwise the entire EPA will need to be re-sat or re-taken in full.
Re-sits and re-takes are not offered to an apprentice wishing to move from pass to a higher grade.
The apprentice will get a maximum EPA grade of if pass they need to re-sit or re-take one or more assessment methods, unless the EPAO determines there are exceptional circumstances.
Roles | Responsibilities |
---|---|
Apprentice |
As a minimum, the apprentice should:
|
Employer |
As a minimum, the apprentice's employer must:
|
EPAO |
As a minimum, the EPAO must:
|
Independent assessor |
As a minimum, an independent assessor must:
|
Training provider |
As a minimum, the training provider must:
|
Technical expert |
As a minimum, the technical expert should:
|
The EPAO must have reasonable adjustments arrangements for the EPA.
This should include:
Adjustments must maintain the validity, reliability and integrity of the EPA as outlined in this EPA plan.
Special considerations
The EPAO must have special consideration arrangements for the EPA.
This should include:
Special considerations must maintain the validity, reliability and integrity of the EPA as outlined in this EPA plan.
Internal quality assurance refers to the strategies, policies and procedures that an EPAO must have in place to ensure valid, consistent and reliable EPA decisions.
EPAOs for this EPA must adhere to the requirements within the roles and responsibilities table.
They must also appoint independent assessors who:
Affordability of the EPA will be aided by using at least some of the following:
This apprenticeship aligns with:
This apprenticeship aligns with:
Knowledge | Assessment methods |
---|---|
K1
Interpretation, implication and application of legislation and guidance for the examination of digital devices and material for use in investigations. Back to Grading |
Dissertation including presentation with questions |
K2
How to conduct investigations and leverage intelligence in order to identify and safeguard victims and vulnerable persons. Back to Grading |
Dissertation including presentation with questions |
K3
Ethical handling and management of evidential material and its sources to ensure privacy. Back to Grading |
Dissertation including presentation with questions |
K4
Techniques for identifying and managing well-being within a digital forensic team and the strategies to address trauma and how to access support due to the impact that processing sensitive or potentially distressing content can have on an individual. Back to Grading |
Professional discussion underpinned by a portfolio |
K5
Processes for accrediting and embedding novel techniques in the laboratory, from proof of concept to approved techniques, associated risks and the impact of Quality Standard Requirements and Forensic Science Regulator (FSR) Codes of Practice (including information security, assurance, and business continuity). Back to Grading |
Dissertation including presentation with questions |
K6
Scientific requirements needed to establish a technical standard for a new forensic science activity, including validation of methods and tools, practitioner competency, and training. Back to Grading |
Dissertation including presentation with questions |
K7
Scope of techniques within digital forensics regarding the acquisition, preservation, handling, processing and analysis of digital intelligence. Back to Grading |
Professional discussion underpinned by a portfolio |
K8
What a digital forensic strategy entails, and how this supports the investigation whilst mitigating the risks presented. Back to Grading |
Professional discussion underpinned by a portfolio |
K9
Mentoring and how to support the professional development of others. Back to Grading |
Professional discussion underpinned by a portfolio |
K10
Techniques to co-ordinate the allocation, delivery, and priority of team workload to advance and support investigation in line with organisational priorities. Back to Grading |
Professional discussion underpinned by a portfolio |
K11
Horizon scanning, technological advances, and their value to inform strategies for triage and frontline and investigative capability. Back to Grading |
Professional discussion underpinned by a portfolio |
K12
Core network design and storage technologies across multiple devices and common architectures. Back to Grading |
Professional discussion underpinned by a portfolio |
K13
Specialist video multimedia, recovery, processing and analysis to enhance digital forensics compliance. Back to Grading |
Professional discussion underpinned by a portfolio |
K14
Common data features across specialist forensics capabilities, including forensic linguistics, and image authenticity relevant to evidence handling and interpretation of digital forensic material. Back to Grading |
Professional discussion underpinned by a portfolio |
K15
Opportunities for complementary evidence, for example open source, cell site, communications intelligence, text encoding initiative and vehicles. Back to Grading |
Professional discussion underpinned by a portfolio |
K16
The function of, and forensic opportunities presented by, common block device file systems, for example New Technology File System (NTFS), File Allocation Table (FAT), Extended File System (ext), Hierarchical File System Plus (HFS+), Apple File System (APFS) and partitioning technologies. Back to Grading |
Professional discussion underpinned by a portfolio |
K17
Common data structures for storage of text and media, for example text, XML, JSON, image, and video formats. Back to Grading |
Professional discussion underpinned by a portfolio |
K18
Data and database-type structures for storage of system and application data, for example system logs, Windows Registry, system configuration, (b)plists, SQLite, RealmDB, ProtoBuffers. Back to Grading |
Professional discussion underpinned by a portfolio |
K19
The complexities of technical and dynamic risks identified through the investigative process, for example data vulnerabilities. Back to Grading |
Professional discussion underpinned by a portfolio |
K20
Encryption technologies and security methods employed by device manufacturers and their impact on forensic activity and circumventions. Back to Grading |
Professional discussion underpinned by a portfolio |
K21
Artefact types across digital forensic disciplines, and how they can be exploited in investigations. Back to Grading |
Professional discussion underpinned by a portfolio |
K22
Handling treatment opportunities and challenges of various storage media, including magnetic, optical, and flash memory. Back to Grading |
Professional discussion underpinned by a portfolio |
K23
Applications and uses of artificial intelligence to identify and generate evidential material. Back to Grading |
Professional discussion underpinned by a portfolio |
K24
Fault-finding and diagnostic techniques and equipment, including use of voltmeters, thermal imagers and continuity checkers for non-functional electronic devices. Back to Grading |
Professional discussion underpinned by a portfolio |
K25
How to capture evidence compromised by environmental conditions. Back to Grading |
Professional discussion underpinned by a portfolio |
K26
The importance of independent, impartial decision-making that respects the opinions and views of others in complex, unpredictable and changing circumstances. Back to Grading |
Dissertation including presentation with questions |
K27
Tactical solutions and interpretation of local network architecture to inform plans for examining digital evidence. Back to Grading |
Dissertation including presentation with questions |
K28
Script programs to extract and report data not processed by extraction tool capability, including writing structured query language (SQL) and scripts for interpretation of data, for example Python. Back to Grading |
Professional discussion underpinned by a portfolio |
K29
Decomplication, reverse-engineering, static and dynamic analysis approaches, including application virtualisation. Back to Grading |
Professional discussion underpinned by a portfolio |
K30
Requirements for providing unbiased interpretive evidence, understanding of the limitations of results, including unconscious bias and performance of tools. Back to Grading |
Professional discussion underpinned by a portfolio |
K31
E-Discovery strategy for large and complex cases. Back to Grading |
Professional discussion underpinned by a portfolio |
K32
Conducting literature reviews. Back to Grading |
Dissertation including presentation with questions |
K33
Research methods and statistical analysis, including data science and Artificial Intelligence. Back to Grading |
Dissertation including presentation with questions |
K34
Statistical methods and data interpretation. Back to Grading |
Dissertation including presentation with questions |
K35
How to draw meaningful conclusions and the communication of research findings. Back to Grading |
Dissertation including presentation with questions |
K36
How to effectively collaborate with partners and across disciplines to advance national digital forensics and evaluate emerging technology. Back to Grading |
Dissertation including presentation with questions |
K37
How their role contributes to sustainability goals. Back to Grading |
Dissertation including presentation with questions |
K38
Principles and policies of equity, diversity and inclusion in the workplace and their impact on the organisation. Back to Grading |
Dissertation including presentation with questions |
K39
Techniques to identify evidential anomalies associated with manipulated or faked material. Back to Grading |
Dissertation including presentation with questions |
K40
Emerging trends and technological threats that could disrupt and influence the credibility of forensic evidence. Back to Grading |
Professional discussion underpinned by a portfolio |
Skill | Assessment methods |
---|---|
S1
Apply legislation and guidance for the capture and examination of digital data to casework and decision-making. Back to Grading |
Dissertation including presentation with questions |
S2
Conduct investigations and manage evidence ethically to ensure safeguarding of victims and vulnerable persons, including providing support in the technical working environment when dealing with digital devices and data that may contain personal, sensitive or potentially distressing information. Back to Grading |
Dissertation including presentation with questions |
S3
Undertake work to support the accreditation of novel techniques, from proof of concept through to embedding approved techniques within the laboratory. Back to Grading |
Dissertation including presentation with questions |
S4
Develop legal and ethical digital forensic strategies and communicate with a range of stakeholders to implement these to proactively support serious and complex investigations. Back to Grading |
Professional discussion underpinned by a portfolio |
S5
Mentoring skills to support the performance of the digital forensics team. Providing advice and guidance with particular emphasis on embedding specialist techniques. Back to Grading |
Professional discussion underpinned by a portfolio |
S6
Co-ordinate the allocation, delivery, and priority of team workload to advance and support investigation. Back to Grading |
Professional discussion underpinned by a portfolio |
S7
Lead the advanced application of specialist principles for digital forensic science, ensuring the use of cutting-edge technical evidence for the investigative process. Back to Grading |
Professional discussion underpinned by a portfolio |
S8
Process, analyse and interpret complex digital data for the purposes of establishing forensic evidence for investigations. Back to Grading |
Professional discussion underpinned by a portfolio |
S9
Interrogate the components and artefacts of complex digital material in a forensic manner to find evidence relevant to investigations. Back to Grading |
Professional discussion underpinned by a portfolio |
S10
Physically examine damaged or broken devices and remove data, utilising specialist tools and techniques, for example Chip-off and Joint Test Action Group (JTAG). Back to Grading |
Professional discussion underpinned by a portfolio |
S11
Solve complex problems and technically challenge the constraints of digital forensic methodologies. Back to Grading |
Dissertation including presentation with questions |
S12
Communicate, negotiate, and influence on various skill and sensitivity levels to support all parts of the investigative process, including addressing highly technical concepts in an accessible format. Back to Grading |
Professional discussion underpinned by a portfolio |
S13
Provide trusted digital forensic evidence for the investigative process, producing comprehensive reports, technical explanations, and statements in accordance with rules of evidence. Distinguishing between factual and interpretive expert reporting. Back to Grading |
Professional discussion underpinned by a portfolio |
S14
Conduct literature reviews and select appropriate research methodologies to address research gaps in digital forensics. Back to Grading |
Dissertation including presentation with questions |
S15
Research data collection, analyse information to draw meaningful conclusions, and communicate the research findings. Back to Grading |
Dissertation including presentation with questions |
S16
Collaborate with partners across disciplines to advance national digital forensics and evaluate emerging technology. Back to Grading |
Dissertation including presentation with questions |
S17
Follow and apply sustainability, equity, diversity and inclusion policies and procedures. Back to Grading |
Dissertation including presentation with questions |
S18
Use specialist multi-capability techniques to forensically identify and examine the authenticity of evidential material. Back to Grading |
Dissertation including presentation with questions |
S19
Apply knowledge of new technological risks and threats to influence change to the digital forensic examination process. Back to Grading |
Professional discussion underpinned by a portfolio |
Behaviour | Assessment methods |
---|---|
B1
A strong work ethic and commitment in order to meet the standards required. Back to Grading |
Professional discussion underpinned by a portfolio |
B2
Acts with integrity with respect to ethical, legal and regulation ensuring the protection of personal data, safety and security. Back to Grading |
Professional discussion underpinned by a portfolio |
B3
Shows initiative and personal responsibility to overcome digital forensic challenges. Back to Grading |
Professional discussion underpinned by a portfolio |
B4
Commitment to continuous professional development; maintaining knowledge and skills in digital forensic developments that influence their work. Back to Grading |
Professional discussion underpinned by a portfolio |
B5
Comfortable and confident interacting with people from technical and non-technical backgrounds. Back to Grading |
Dissertation including presentation with questions |
B6
Participates and shares best practice in their organisation and the wider community of Digital Forensics. Back to Grading |
Dissertation including presentation with questions |
B7
Maintains awareness of trends and innovations utilising a range of academic literature, online sources, community interaction, conference attendance and other methods that can deliver business value. Back to Grading |
Dissertation including presentation with questions |
B8
Leads by example, acting as a role model for equity, diversity and inclusion. Back to Grading |
Dissertation including presentation with questions |
KSBS GROUPED BY THEME | Knowledge | Skills | Behaviour |
---|---|---|---|
Digital Forensic Science: Investigation, legislation, Ethics and Quality Assurance
K1 K2 K3 K5 K6 K38 K39 S1 S2 S3 S17 S18 B6 B8 |
Interpretation, implication and application of legislation and guidance for the examination of digital devices and material for use in investigations. (K1) How to conduct investigations and leverage intelligence in order to identify and safeguard victims and vulnerable persons. (K2) Ethical handling and management of evidential material and its sources to ensure privacy. (K3) Processes for accrediting and embedding novel techniques in the laboratory, from proof of concept to approved techniques, associated risks and the impact of Quality Standard Requirements and Forensic Science Regulator (FSR) Codes of Practice (including information security, assurance, and business continuity). (K5) Scientific requirements needed to establish a technical standard for a new forensic science activity, including validation of methods and tools, practitioner competency, and training. (K6) Principles and policies of equity, diversity and inclusion in the workplace and their impact on the organisation. (K38) Techniques to identify evidential anomalies associated with manipulated or faked material. (K39) |
Apply legislation and guidance for the capture and examination of digital data to casework and decision-making. (S1) Conduct investigations and manage evidence ethically to ensure safeguarding of victims and vulnerable persons, including providing support in the technical working environment when dealing with digital devices and data that may contain personal, sensitive or potentially distressing information. (S2) Undertake work to support the accreditation of novel techniques, from proof of concept through to embedding approved techniques within the laboratory. (S3) Follow and apply sustainability, equity, diversity and inclusion policies and procedures. (S17) Use specialist multi-capability techniques to forensically identify and examine the authenticity of evidential material. (S18) |
Participates and shares best practice in their organisation and the wider community of Digital Forensics. (B6) Leads by example, acting as a role model for equity, diversity and inclusion. (B8) |
Complex Data Analysis and Reporting
K26 K27 S11 |
The importance of independent, impartial decision-making that respects the opinions and views of others in complex, unpredictable and changing circumstances. (K26) Tactical solutions and interpretation of local network architecture to inform plans for examining digital evidence. (K27) |
Solve complex problems and technically challenge the constraints of digital forensic methodologies. (S11) |
None |
Research Methods and Emerging Technologies
K32 K33 K34 K35 K36 K37 S14 S15 S16 B5 B7 |
Conducting literature reviews. (K32) Research methods and statistical analysis, including data science and Artificial Intelligence. (K33) Statistical methods and data interpretation. (K34) How to draw meaningful conclusions and the communication of research findings. (K35) How to effectively collaborate with partners and across disciplines to advance national digital forensics and evaluate emerging technology. (K36) How their role contributes to sustainability goals. (K37) |
Conduct literature reviews and select appropriate research methodologies to address research gaps in digital forensics. (S14) Research data collection, analyse information to draw meaningful conclusions, and communicate the research findings. (S15) Collaborate with partners across disciplines to advance national digital forensics and evaluate emerging technology. (S16) |
Comfortable and confident interacting with people from technical and non-technical backgrounds. (B5) Maintains awareness of trends and innovations utilising a range of academic literature, online sources, community interaction, conference attendance and other methods that can deliver business value. (B7) |
KSBS GROUPED BY THEME | Knowledge | Skills | Behaviour |
---|---|---|---|
Digital Forensic Science: Investigation, legislation, Ethics and Quality Assurance
K4 K7 K8 K9 K10 K30 K31 K40 S4 S5 S6 S13 S19 B1 B2 B4 |
Techniques for identifying and managing well-being within a digital forensic team and the strategies to address trauma and how to access support due to the impact that processing sensitive or potentially distressing content can have on an individual. (K4) Scope of techniques within digital forensics regarding the acquisition, preservation, handling, processing and analysis of digital intelligence. (K7) What a digital forensic strategy entails, and how this supports the investigation whilst mitigating the risks presented. (K8) Mentoring and how to support the professional development of others. (K9) Techniques to co-ordinate the allocation, delivery, and priority of team workload to advance and support investigation in line with organisational priorities. (K10) Requirements for providing unbiased interpretive evidence, understanding of the limitations of results, including unconscious bias and performance of tools. (K30) E-Discovery strategy for large and complex cases. (K31) Emerging trends and technological threats that could disrupt and influence the credibility of forensic evidence. (K40) |
Develop legal and ethical digital forensic strategies and communicate with a range of stakeholders to implement these to proactively support serious and complex investigations. (S4) Mentoring skills to support the performance of the digital forensics team. Providing advice and guidance with particular emphasis on embedding specialist techniques. (S5) Co-ordinate the allocation, delivery, and priority of team workload to advance and support investigation. (S6) Provide trusted digital forensic evidence for the investigative process, producing comprehensive reports, technical explanations, and statements in accordance with rules of evidence. Distinguishing between factual and interpretive expert reporting. (S13) Apply knowledge of new technological risks and threats to influence change to the digital forensic examination process. (S19) |
A strong work ethic and commitment in order to meet the standards required. (B1) Acts with integrity with respect to ethical, legal and regulation ensuring the protection of personal data, safety and security. (B2) Commitment to continuous professional development; maintaining knowledge and skills in digital forensic developments that influence their work. (B4) |
Complex Data Capture and Processing
K11 K12 K13 K14 K15 K20 K21 K22 K23 K24 K25 S7 S9 S10 B3 |
Horizon scanning, technological advances, and their value to inform strategies for triage and frontline and investigative capability. (K11) Core network design and storage technologies across multiple devices and common architectures. (K12) Specialist video multimedia, recovery, processing and analysis to enhance digital forensics compliance. (K13) Common data features across specialist forensics capabilities, including forensic linguistics, and image authenticity relevant to evidence handling and interpretation of digital forensic material. (K14) Opportunities for complementary evidence, for example open source, cell site, communications intelligence, text encoding initiative and vehicles. (K15) Encryption technologies and security methods employed by device manufacturers and their impact on forensic activity and circumventions. (K20) Artefact types across digital forensic disciplines, and how they can be exploited in investigations. (K21) Handling treatment opportunities and challenges of various storage media, including magnetic, optical, and flash memory. (K22) Applications and uses of artificial intelligence to identify and generate evidential material. (K23) Fault-finding and diagnostic techniques and equipment, including use of voltmeters, thermal imagers and continuity checkers for non-functional electronic devices. (K24) How to capture evidence compromised by environmental conditions. (K25) |
Lead the advanced application of specialist principles for digital forensic science, ensuring the use of cutting-edge technical evidence for the investigative process. (S7) Interrogate the components and artefacts of complex digital material in a forensic manner to find evidence relevant to investigations. (S9) Physically examine damaged or broken devices and remove data, utilising specialist tools and techniques, for example Chip-off and Joint Test Action Group (JTAG). (S10) |
Shows initiative and personal responsibility to overcome digital forensic challenges. (B3) |
Complex Data Analysis and Reporting
K16 K17 K18 K19 K28 K29 S8 S12 |
The function of, and forensic opportunities presented by, common block device file systems, for example New Technology File System (NTFS), File Allocation Table (FAT), Extended File System (ext), Hierarchical File System Plus (HFS+), Apple File System (APFS) and partitioning technologies. (K16) Common data structures for storage of text and media, for example text, XML, JSON, image, and video formats. (K17) Data and database-type structures for storage of system and application data, for example system logs, Windows Registry, system configuration, (b)plists, SQLite, RealmDB, ProtoBuffers. (K18) The complexities of technical and dynamic risks identified through the investigative process, for example data vulnerabilities. (K19) Script programs to extract and report data not processed by extraction tool capability, including writing structured query language (SQL) and scripts for interpretation of data, for example Python. (K28) Decomplication, reverse-engineering, static and dynamic analysis approaches, including application virtualisation. (K29) |
Process, analyse and interpret complex digital data for the purposes of establishing forensic evidence for investigations. (S8) Communicate, negotiate, and influence on various skill and sensitivity levels to support all parts of the investigative process, including addressing highly technical concepts in an accessible format. (S12) |
None |
Version | Change detail | Earliest start date | Latest start date | Latest end date |
---|---|---|---|---|
1.0 | Approved for delivery | 15/07/2024 | Not set | Not set |
Crown copyright © 2024. You may re-use this information (not including logos) free of charge in any format or medium, under the terms of the Open Government Licence. Visit www.nationalarchives.gov.uk/doc/open-government-licence