Justice Information Sharing

    DF330 Advanced Digital Forensic Analysis: iOS & Android

    This course provides the advanced skills and knowledge necessary to analyze data on iOS devices (iPod Touch, iPhone, and iPad) and Android devices at an advanced level. Students use forensically-sound tools and techniques to analyze potential evidence, employing advanced techniques to uncover evidence potentially missed or misrepresented by commercial forensic tools. Topics include identifying potential threats to data stored on devices, available acquisition options, accessing locked devices, and the default folder structure. Core skills include analyzing artifacts such as device information, call history, voicemail, messages, web browser history, contacts, and photos. Instruction is provided on developing the hunt methodology for analyzing third party applications not supported by commercial forensic tools.

    Mobile device hardware fundamentals. How mobile devices work, store data, and interact with a variety of networks.
    Device handling. Properly preserving data for imaging and analysis. Identifying potential threats to data integrity.
    Device acquisition and security. Acquisition options (physical, logical, device backups). Bypassing passcodes and properly defeating encrypted backups of iOS devices.
    Advanced analysis techniques. Mounting images, partitioning scheme and default folder structure, types of artifacts (plists, SQLite databases, etc.).

    FC110 Financial Crimes Against Seniors

    This course promotes a multi-agency approach to the problem of financial exploitation of senior citizens. Bringing together law enforcement personnel and adult protective services investigators, the course enhances students investigative skills and interviewing techniques while facilitating networking and cooperation that can extend out of the classroom and into real cases. Topics include recognizing elder abuse, working with victims, identifying perpetrators, and resources for investigation and community awareness. Students work together to conduct a mock investigation into a hypothetical case.

    *Financial investigation basics. What constitutes elder abuse? Family and trusted persons as perpetrators. Statutes and sentencing enhancements.
    *Senior victims. Reasons for vulnerability. Special needs like Alzheimers or dementia.
    *Resources. Community awareness and investigative resources.
    *Hands-on experience. Work a case as part of an investigative team.

    DF205 Intermediate Digital Forensic Analysis: SQLite Primer

    Mobile devices dominate the intake list, and the desks of most digital forensics analyst globally. Devices are becoming more secure, with an increase in security the need for detailed analysis is increasing as well. SQLite is a self-contained, serverless database engine. It is found on nearly every operating system and dominates iOS, Android, and macOS as one of the most prevalent and relevant data storage mechanisms. Rather than hope our forensic tools support the newest applications or be tethered to how a certain utility parses data we can arm ourselves with the skills and techniques needed to conquer the analysis of nearly any application.

    What is SQLite and how to identify and analyze logically
    Recognizing relevant locations of valuable data within SQLite database.
    Develop skills needed for crafting custom SQLite queries.
    Learn how to recognize and decode a variety of common timestamp formats.
    Learn how to perform SQLite analysis with automation.

    Intelligence Analysis: Asked and Answered

    Join a team of experts from NW3C as they provide thoughtful and detailed answers to the intelligence analysis questions you submit. Submit questions regarding intelligence analysis skills, information collection, or general comments of analytic tradecraft and a panel of NW3C experts will provide answers during this live session.

    CI240 Intermediate Cyber Investigations: Virtual Currency

    This course provides students with the fundamental knowledge and skills they need to investigate crimes involving virtual currency. Instructors explain foundational concepts like the characteristics of money, virtual currency, and cryptocurrency. Blockchain technology, proof work, and proof of stake are covered; and students learn how industry-leading cryptocurrencies (Bitcoin, Ethereum, and Monero) work and how they differ from each other. Finally, students learn investigative techniques for tracking and documenting transactions; and best practices for seizing and securing cryptocurrency.

    *Virtual currency basics. History of money and of virtual currency. Categorizing virtual currency.
    *Blockchain. History of the blockchain. Understanding different protocols.
    *Cryptocurrencies in detail. Bitcoin, Ethereum, Monero and other privacy coins.
    *Investigative techniques. Seizing virtual currency; tracking transactions through the blockchain; documenting investigative results.

    CI101 Basic Cyber Investigations: Digital Footprints

    This course introduces learners to the concept of digital footprints and best practices in protecting personally identifiable information (PII). Topics include limiting an individuals digital footprint, protecting privacy on social media, and the consequences of oversharing personal information; as well as steps to take after becoming a target of doxing.

    *Current landscape. Emerging technology and trends that can aid criminals in the commission of identity theft, credit card theft, child exploitation, and production of counterfeit documents.
    *Personally identifiable information (PII). Learn what PII is, why it can threaten individuals safety, and the scams and exploits criminals use to obtain it.
    *Minimizing your digital footprint. Learn how and why you should remove PII, and how to find where information may be located. Instructors demonstrate how to secure digital devices and request removal of data from a website.
    *Social media. Use security and privacy settings to control the amount of available information on multiple platforms.
    *Resources. Identify resources that can help victims of identity theft, doxing, and other related crimes.

    IA300 Advanced Criminal Intelligence: Tradecraft and Analysis

    This three-day course is dedicated to studying the fundamentals of quantitative and qualitative data analysis and how to formulate arguments in support of criminal investigations and intelligence. Students will learn about data management techniques and a disciplined process to clean and standardize data in preparation for analysis. The course will also explore several common investigative objectives, including the discovery of associations between people and entities, the correlation between unlawful activity and suspects, behavioral affinities, and predictions. The course will introduce the Enterprise Theory of Crime and how to use network analysis to formulate conclusions about the structure of criminal organizations, their players and roles, the identification of facilitators, charting of financial arrangements, and connections to unlawful activity. The course enables the production of valuable, accurate, and efficient logical inferences produced by collecting data related to unlawful activity.

    FC105 Financial Records Examination and Analysis

    This course covers the acquisition, examination, and analysis of many types of financial records, including bank statements and checks, wire transfer records, and business records. Topics include recognizing and investigating common indicators of fraud, using spreadsheets to facilitate analysis and pattern recognition, and financial profiling. There is a strong focus on presenting financial evidence in multiple modalities: spreadsheet data outputs, graphic representations, and written/oral presentations.

    *Introduction to analysis. Best practices. Finding patterns. Indicators of fraud. Presenting your findings.
    *Financial records. Bank records. Business documents.
    *Financial profiling. Methods of profiling. Reasons to create a profile. Creating a profile.
    *Hands-on experience. Work a mock financial case as part of an investigative team.

    FC105 Financial Records Examination and Analysis

    This course covers the acquisition, examination, and analysis of many types of financial records, including bank statements and checks, wire transfer records, and business records. Topics include recognizing and investigating common indicators of fraud, using spreadsheets to facilitate analysis and pattern recognition, and financial profiling. There is a strong focus on presenting financial evidence in multiple modalities: spreadsheet data outputs, graphic representations, and written/oral presentations.

    *Introduction to analysis. Best practices. Finding patterns. Indicators of fraud. Presenting your findings.
    *Financial records. Bank records. Business documents.
    *Financial profiling. Methods of profiling. Reasons to create a profile. Creating a profile.
    *Hands-on experience. Work a mock financial case as part of an investigative team.

    FC101 Financial Investigations Practical Skills

    This course provides hands-on investigative training at a basic level. Students develop the practical skills, insight, and knowledge necessary to manage a successful financial investigation from start to finish, including the acquisition and examination of financial records, interview skills, and case management and organization. Additional topics include forgery and embezzlement, financial exploitation of the elderly, working with spreadsheets, financial profiling, and state-specific statutes and legal issues.

    *Emerging issues. Current trends in various types of financial crimes. Recent cases and their implications.
    *Financial records. Learn to obtain and manage bank records, including basic spreadsheeting skills.
    *Working with data. Extract leads and draw conclusions from bank records and other financial data.
    *Hands-on experience. Work a mock financial case as part of an investigative team.

    Pages