Justice Information Sharing

    DF205 Intermediate Digital Forensic Analysis: SQLite Primer

    Mobile devices dominate the intake list, and the desks of most digital forensics analyst globally. Devices are becoming more secure, with an increase in security the need for detailed analysis is increasing as well. SQLite is a self-contained, serverless database engine. It is found on nearly every operating system and dominates iOS, Android, and macOS as one of the most prevalent and relevant data storage mechanisms. Rather than hope our forensic tools support the newest applications or be tethered to how a certain utility parses data we can arm ourselves with the skills and techniques needed to conquer the analysis of nearly any application.

    What is SQLite and how to identify and analyze logically
    Recognizing relevant locations of valuable data within SQLite database.
    Develop skills needed for crafting custom SQLite queries.
    Learn how to recognize and decode a variety of common timestamp formats.
    Learn how to perform SQLite analysis with automation.

    CI102 Basic Cyber Investigations: Dark Web & Open Source Intelligence

    This course provides expert guidance in the skills law enforcement officers need to conduct successful online investigations. Topics include IP addresses and domains, an overview of currently popular social media platforms, best practices for building an undercover profile, foundational knowledge related to the dark web, and the use of the dark web as an investigative tool. Instructors demonstrate both open-source and commercially-available investigative tools for social engineering, information gathering, and artifacts related to social media; as well as automated utilities to capture information and crawl websites.

    *Internet basics. IP address assignment; resolving domains and IP addresses; networking overview.
    *Popular sites. Facebook, Twitter, KiK Messenger, Snapchat, Instagram, tumblr, and more.
    *The dark web. Surface, deep, and dark web; how data flows through the internet. Who uses the dark web and how?
    *Tor. How to access Tor; how Tor traffic works; how a Tor Hidden Service works; installing and configuring the Tor Browser Bundle.

    DF100 Basic Digital Forensic Analysis: Seizure

    This course introduces the information and techniques law enforcement personnel need to safely and methodically collect and preserve digital evidence at a crime scene. Topics include recognizing potential sources of digital evidence; planning and executing a digital evidence-based seizure; and the preservation, packaging, documentation, and transfer of digital evidence.

    *Prepare. Prepare to respond to an incident or crime scene where digital evidence may be present.
    *Identify. Learn tow to identify relevant sources of digital evidence in an ever-evolving landscape.
    *Collect. Learn the proper methods of digital evidence collection.
    *Preserve. Build upon the three previous principles to ensure valid and legal preservation of digital evidence can occur.

    FC122 Intellectual Property Theft Training

    This course introduces the problem of intellectual property theft and provides tools, techniques, and resources for investigating and prosecuting these crimes. A combination of lecture, discussion, and interactive exercises illustrates the potential dangers and economic repercussions of counterfeit products, as well as best practices and techniques for investigating IP theft. Students are provided with a state-specific folder that includes relevant statutes, sample organizational documents for IP investigations, and additional resources for investigators and prosecutors.

    This course is presented in collaboration with the National Association of Attorneys General (NAAG).
    Awareness. Types of IP crimes. The criminals who commit these crimes. Impacts and dangers.
    Investigation. Online and traditional techniques. Working with brand experts and the private sector. Large amounts of evidence. Resources.
    Statutes. Prosecutorial theories. State-specific discussion.
    Hands-on experience. Work with real counterfeit products. Identify fakes with expert guidance.

    FC105 Financial Records Examination and Analysis

    This course covers the acquisition, examination, and analysis of many types of financial records, including bank statements and checks, wire transfer records, and business records. Topics include recognizing and investigating common indicators of fraud, using spreadsheets to facilitate analysis and pattern recognition, and financial profiling. There is a strong focus on presenting financial evidence in multiple modalities: spreadsheet data outputs, graphic representations, and written/oral presentations.

    *Introduction to analysis. Best practices. Finding patterns. Indicators of fraud. Presenting your findings.
    *Financial records. Bank records. Business documents.
    *Financial profiling. Methods of profiling. Reasons to create a profile. Creating a profile.
    *Hands-on experience. Work a mock financial case as part of an investigative team.

    FC203 Financial Investigations: Beyond the Basics

    This three-day course covers the fundamentals of financial investigations and incorporates some of the more advanced processes that elevate an investigation. During this course, students will learn about investigative processes, practical tools, and sources of information necessary to plan and conduct financial investigations. The course begins with a description of the basic composition of elements within illicit financial networks and how they work to compromise legitimate business and financial sectors. Course material will describe government, regulatory, and investigative actions within the United States, and by international partners to detect and investigate illicit actors and networks. The course also includes considerations for investigation planning and promotion of creative thinking.

    IA105 Intelligence Writing and Briefing

    This course covers basic intelligence writing and briefing principles as well as methods for effective and clear intelligence sharing. Topics covered include creative and critical thinking, critical reading skills, source evaluation, privacy and civil rights, intelligence writing style and structure, and generating and presenting intelligence briefings. With guidance from experienced experts, students gain hands-on experience by working through data sets based on real cases to produce intelligence products. Instructors and peers provide feedback on briefings and reports produced and presented in class.

    *Foundational skills. Creative thinking. Critical thinking. Critical reading.
    *Information sources. Identify sources of intelligence information. Evaluate sources for validity and reliability.
    *Analytical reports. Develop a structured and actionable analytical report based on a data set given in class.
    *Privacy considerations. Ensure protection of privacy and civil rights while producing intelligence products.
    *Briefings. Construct and deliver an intelligence briefing based on a data set given in class.

    CI130 Basic Cyber Investigations: Cellular Records Analysis

    This course is for officers, investigators, and analysts who encounter cell phone evidence that includes information external to the phone. Class concepts include instruction on how to request, read, and analyze call detail records from cellular providers; and how to plot cellular site locations to determine the approximate position of a suspect during a given period. No special hardware or software is required. However, this course focuses heavily on analysis; as such, a strong working knowledge of Microsoft Excel is highly recommended. Students are provided with a free copy of NW3Cs PerpHound tool, which assists in the plotting of call detail record locations.

    *Cellular technology. Land-line and cellular networks. Types and generations of cell phones. Cell site design and its implications for law enforcement.
    *Analysis of call detail records. Request information from service providers. Convert records into a useful format. *Merge two related spreadsheets. Read and analyze using filters, sorting, and pivot tables. Plot location information.
    *Hands-on experience. Hands-on experience with NW3Cs free software tool PerpHound and Microsoft Excel to analyze various types of records that are available from cellular providers.

    IA103 Introduction to Strategic Intelligence Analysis

    This course introduces analysts to the broader concepts of connecting the dots through link analysis. A critical portion of conducting a successful analytical investigation is the ability to link together and understand the complexities of the connectedness between people and organizations. Introduction to Link Analysis (ILA) expands on the basic principles of link and association analyses explored in the Foundations of Intelligence Analysis Training (FIAT) while building a framework for more advanced methods such as social network analysis.

    Expanding basic knowledge of link and association analysis
    Explaining the process of social network analysis
    Understanding the visual mapping and mathematical components associated with link and social network analyses

    IA103 Introduction to Strategic Intelligence Analysis

    This course introduces analysts to the broader concepts of connecting the dots through link analysis. A critical portion of conducting a successful analytical investigation is the ability to link together and understand the complexities of the connectedness between people and organizations. Introduction to Link Analysis (ILA) expands on the basic principles of link and association analyses explored in the Foundations of Intelligence Analysis Training (FIAT) while building a framework for more advanced methods such as social network analysis.

    Expanding basic knowledge of link and association analysis
    Explaining the process of social network analysis
    Understanding the visual mapping and mathematical components associated with link and social network analyses

    Pages