STOP covers the usage and configuration of two tools (WinFE and osTriage) designed to preview a non-mobile digital device and export files of evidentiary value. Students who bring the suggested materials listed above will be able to leave STOP with the same setup shown in class. Other topics include a detailed examination of the process of previewing: what previewing is, why and when it should be done, who can conduct a preview, and differences in procedure for starting a preview depending on whether a device is on or off.
• What is previewing? Learn why you should preview, who can perform a preview, when to conduct a preview, and how to start a preview whether a device is on or off.
• WinFE. Forensically boot a device, then quickly preview and export digital evidence found on scene.
• OsTriage. Identify when encryption is present, image RAM memory, display browser history, preview and export existing files, and much more.
• Hands-on experience. Work with WinFE and OsTriage, and leave the course with the same setup shown in class.
STOP is a 2-day classroom course.
Prerequisites:
• CI 099 – Basic Computer Skills for Law Enforcement (BCS-WB) online course Register
• CI 100 – Identifying & Seizing Electronic Evidence (ISEE-WB) online course Register
Do the following before coming to class:
• Download Windows 10 Single Language 32 bit ISO http://bit.ly/Win1032Bit
• Bring an external hard drive (500GB minimum)
Please check the box next to the following questions if the answer is 'yes'.
Please enter the applicable Event Date if there is an Event associated with this TTA.
When entering an Event Date, the Time is also required.
If the TTA is targeted to a particular audience or location, please complete the questions below.
Milestones are an element, activity, work product, or key task associated with completing the TTA (e.g. kick-off meeting, collect data from stake holders, deliver initial data analysis).
Please complete the fields below, if applicable, to create a milestone for this TTA.
Please respond to the Performance Metrics below. The Performance Metrics questions are based on the TTA Type indicated in the General Information section of the TTA.
Please submit a signed letter of support from your agency’s executive or other senior staff member. The letter can be emailed to or uploaded with this request. The letter should be submitted on official letterhead and include the following information:
- General information regarding the request for TTA services, i.e., the who, what, where, when, and why.
- The organizational and/or community needs specific to the request for TTA services.
- The benefits or anticipated outcomes from the receipt of TTA services.
By submitting this application to BJA NTTAC, I understand that upon approval of this application for TTA, the requestor agrees to keep BJA NTTAC informed of any circumstances that may impact the delivery of the TTA, including changes in the date of the event, event cancellation, or difficulties communicating with the assigned TTA provider.
Please call [site:phone] if you need further assistance completing this application.