Justice Information Sharing

DF310 Advanced Digital Forensic Analysis: Windows (May 2019, Iowa)

This course covers the identification and extraction of artifacts associated with the Microsoft Windows operating system. Topics include the Change Journal, BitLocker, and a detailed examination of the various artifacts found in each of the Registry hive files. Students also examine Event Logs, Volume Shadow Copies, link files, and thumbnails. This course uses a mixture of lecture, discussion, demonstration, and hands-on exercises.

CI102 Basic Cyber Investigations: Dark Web & Open Source Intelligence (May 2019, New York)

This course provides expert guidance in the skills law enforcement officers need to conduct successful online investigations. Topics include IP addresses and domains, an overview of currently popular social media platforms, best practices for building an undercover profile, foundational knowledge related to the dark web, and the use of the dark web as an investigative tool. Instructors demonstrate both open source and commercially available investigative tools for social engineering, information gathering, and artifacts related to social media, as well as automated utilities to capture information and crawl websites. 

FC105 Financial Records Examination and Analysis (May 2019, Texas)

This course covers the acquisition, examination, and analysis of many types of financial records, including bank statements and checks, wire transfer records, and business records. Topics include recognizing and investigating common indicators of fraud, using spreadsheets to facilitate analysis and pattern recognition, and financial profiling. There is a strong focus on presenting financial evidence in multiple modalities: spreadsheet data outputs, graphic representations, and written/oral presentations.

DF102 Basic Digital Forensic Analysis: Previewing (May 2019, Georgia)

This course provides the fundamental knowledge and skills necessary to preview the most commonly encountered forms of digital evidence. The course covers Windows-based and macOS-based computers, mobile devices, and removable storage media. In a combination of lecture, discussion, and practical exercises, instructors introduce the previewing process, legal considerations, live previewing, and dead-box previewing. Students gain hands-on experience with free and commercial third-party previewing tools that are in current use by practitioners in the field.

DF201 Intermediate Digital Forensic Analysis: Automated Forensic Tools (May 2019, Delaware)

This course provides students with the fundamental knowledge and skills necessary to perform a limited digital forensic examination, validate hardware and software tools, and effectively use digital forensic suites and specialized tools. The course begins with a detailed review of the digital forensic examination process, including documentation, case management, evidence handling, validation, and virtualization. Students learn to use today's leading commercial and open source digital forensic suites: Magnet Axiom, X-ways Forensic, and Autopsy. Instruction on each suite will include an interface overview, configuration, hashing, file signature analysis, keyword searching, data carving, bookmarking, and report creation. 

FC201 Financial Records Investigative Skills (May 2019)

This course builds on the concepts introduced in "Financial Crime (FC) 101 - Financial Investigations Practical Skills" and "FC 105 - Financial Records Examination and Analysis," introducing investigators and prosecutors to emerging issues in financial crime. Topics include money laundering, analyzing large financial data sets, conducting effective interviews, and managing large amounts of financial evidence. This course consists of a mix of lecture, discussion, and hands-on exercises. Students conduct a mock investigation that includes interviews, data analysis, and the construction of an electronic case file.

DF103 Basic Digital Forensic Analysis: Acquisition (May 2019, Georgia)

This course provides students with the fundamental knowledge and skills required to acquire images in a forensically sound manner from Windows-based and macOS-based computers, as well as mobile devices. Presentations and hands-on practical exercises cover topics including the digital forensic process, hardware and software write blockers, forensic image formats, live imaging, and multiple forensic acquisition methods. Students gain hands-on experience with free and commercial third-party imaging tools that are currently used by practitioners in the field.

CI240 Intermediate Cyber Investigations: Virtual Currency (May 2019, New York)

This course provides students with the fundamental knowledge and skills they need to investigate crimes involving virtual currency. Instructors explain foundational concepts like the characteristics of money, virtual currency, and cryptocurrency. Blockchain technology, proof work, and proof of stake are covered, and students learn how industry-leading cryptocurrencies (Bitcoin, Ethereum, and Monero) work and how they differ from each other. Finally, students learn investigative techniques for tracking and documenting transactions and best practices for seizing and securing cryptocurrency.

CI130 Basic Cyber Investigations: Cellular Records Analysis (May 2019, Maryland)

This course is for officers, investigators, and analysts who encounter cell phone evidence that includes information external to the phone. Class concepts include instruction on how to request, read, and analyze call detail records from cellular providers, and how to plot cellular site locations to determine the approximate position of a suspect during a given period. No special hardware or software is required. However, this course focuses heavily on analysis; as such, a strong working knowledge of Microsoft Excel is highly recommended. Students are provided with a free copy of the National White Collar Crime Center's (NW3C) PerpHound tool, which assists in the plotting of call detail record locations.

PT201 Digital Evidence Basics & the CLOUD Act (May 2019, Minnesota)

This course provides the technical and legal information prosecutors need to see cases involving digital evidence through the entire criminal justice process, from seizure and extraction to admissibility to verdict. Topics include digital evidence commonly seized during the execution of a search warrant, digital evidence stored remotely by third-party service providers, and the processes investigators use to obtain this evidence (such as the interrogation of digital devices). There is a strong focus on case law and other legal issues surrounding the collection and custody of digital evidence, as well as its use at trial. The course also examines new legislation like the CLOUD Act, which is reforming the digital evidence landscape just as rapidly as the ever-changing case law.

Pages