Knowledge of processes for collecting, packaging, transporting, and storing electronic evidence while maintaining chain of custody. Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges,...