Department Policy on Certificated Computer Forensics

On Dec. 4, 2008 the department implemented a policy detailing acceptable certification in computer forensics as stated at Section 6(1)(f)(iv) of the Professional Investigator Act, as amended.  The Policy states that Departmentally acceptable certificated studies in the computer forensic industry shall be computer forensic certification programs that are comprised of the following two components:

Component 1
A general information security certification.  Such certification must have a peer reviewed, common body of knowledge and must include the completion of 40 hours of general security continuing education per year for 3 consecutive years.  Examples of such general information security certification are Certified Information Systems Security Professional certification (CISSP) offered by "(ISC)²"; Certified Information Systems Auditor (CISA) offered by the Information Systems Audit and Control Association or "ISACA"; Certified Information Security Manager (CISM) offered by ISACA; or similar information security certification programs deemed acceptable by the department. And;

 Component 2
Computer forensic (as defined at Section 2(b) of the Act) specific certification.  The certification program must include:


Ø      40 hours of training which includes the following curriculum:

·         Technical material

·         Legal aspects of computer forensics (as defined by the Act)

·         Search and seizure

·         Preservation of evidence

·         Investigative best practices

Ø      A written examination, and

·         Either a practical exam or a peer reviewed paper.