Skills Needed and Difficulty
The Certified Computer Examiner (CCE)® certification testing process will require a candidate to have:
- A good understanding of basic rules of evidence, as they relate to:
- The seizure or acquisition of magnetic media
- The handling, marking and storage of electronic evidence
- Appropriate chain of custody
- Right to privacy
- A good understanding of:
- How to wipe, verify and validate media
- How to protect the original media for accidental writes
- How to make and verify exact copies of media
- A basic understanding of PC hardware
- A basic understanding of PC networking
- A good understanding of Microsoft Office applications and how to access the metadata that is stored within MS Office documents
- A basic understanding of common data formats by header, appearance, etc.
- A basic understanding of how to defeat passwords
- A basic understanding of CDR recording processes
- A basic understanding of Internet issues, such as doing a "who is" search , determining ownership of a domain name, etc.
- The ability to write clear, understandable, and comprehensive examination reports in the English language
- The ability to organize and present exhibits in or as an attachment to reports
The examination will cover essential forensic computer examination procedures, basic PC hardware construction and theory, very basic networking theory and basic data recovery techniques.
Although the CCE is an international certification, note that all testing materials are provided in the English language. Likewise, all candidate submissions are expected to be written in English unless otherwise previously agreed upon by the ISFCE. Note that the ISFCE's assessors are aware that many candidates may not speak English as a primary language. In cases such as this, grammatical consideration and allowance is provided.
The CCE process should not be too difficult for experienced examiners who have a good knowledge of forensic examination procedures, basic legal considerations, basic networking principles, basic data recovery techniques, authenticating documents, basic password recovery and basic Internet issues.
The concepts tested for certification are designed to be similar to what an examiner may encounter in civil or law enforcement examinations. No extreme measures have been taken to hide data, such as bit shifting and splitting files. The certification problems are designed to be straight forward and reflect situations found during professional practice.