By the end of this session delegates will be able to:

• Explain the procedural provisions of the Budapest Convention.
• Explain the importance of conditions and safeguards and the way they can be determined.
• Identify the Budapest Cybercrime Convention Articles in national legislation.

At the end of this session participants will be able to:

• Explain the proper planning and preparation of a search raid where digital evidence may be found.
• List the tools and items maybe needed for a search raid where digital evidence may be found.
• Explain how they would secure and document a crime scene where digital evidence occur. 

At the end of this session participants will be able to:

• Identify sources of electronic evidence based on shown scenarios.
• Describe Standard Operation Procedures for packaging, transport and storage of electronic evidence.
• Differentiate different SOPs based on the type of the device.
• Discuss techniques to check the power status of a computer system.
• Apply general seizure instructions for electronic devices.

At the end of this session participants will be able to:

• Define the terms “Volatile Data“, “Transient Data“ and “Live Data Forensics“.
• Explain the value of volatile data for investigations.
• List at least four types of data that would get lost without Live Data Forensics.
• Perform measures of first response when facing a running computer system.
• Name at least four tools to acquire volatile data including Live Response and Boot-DVDs.
• Describe the challenges of encryption and the chances of Live Data Forensics in scenarios involving encryption.
• Discuss the challenges and different legal frameworks in scenarios where data is stored remotely, e.g. cloud services.
• Define the term „Cloud Computing“.
• Compare at least three cloud services.