NCAE Mapping Hub Authoritative cross-reference for DCWF, NCAE Knowledge Units, O*NET, and the EWU Cyber Operations program

Security+ · 4.0 Security Operations

Chain of custody

The documented handling of evidence from collection through analysis to court admission. Every person who touched it, when, what they did. Required for forensic evidence to hold up.

How this shows up at NCAE

Not directly scored at NCAE, but the CTF forensics category and the DCWF 212 Forensics Analyst role are built on this. For NCAE: if you find a backdoor, preserve the original file before modifying.