This course provides students with the fundamental knowledge and skills necessary to perform a limited digital forensic examination, validate hardware and software tools, and effectively use digital forensic suites and specialized tools. The course begins with a detailed review of the digital forensic examination process, including documentation, case management, evidence handling, validation, and virtualization. Students learn to use today's leading commercial and open source digital forensic suites: Magnet Axiom, X-ways Forensic, and Autopsy. Instruction on each suite will include an interface overview, configuration, hashing, file signature analysis, keyword searching, data carving, bookmarking, and report creation.
This course is for officers, investigators, and analysts who encounter cell phone evidence that includes information external to the phone. Class concepts include instruction on how to request, read, and analyze call detail records from cellular providers, and how to plot cellular site locations to determine the approximate position of a suspect during a given period. No special hardware or software is required. However, this course focuses heavily on analysis; as such, a strong working knowledge of Microsoft Excel is highly recommended. Students are provided with a free copy of the National White Collar Crime Center's (NW3C) PerpHound tool, which assists in the plotting of call detail record locations.
This course introduces analysts to the broader concepts of connecting the dots through link analysis. A critical portion of conducting a successful analytical investigation is the ability to link together and understand the complexities of the connectedness between people and organizations. Introduction to Link Analysis (ILA) expands on the basic principles of link and association analyses explored in the Foundations of Intelligence Analysis Training (FIAT) while building a framework for more advanced methods such as social network analysis.
This course teaches students to identify and collect volatile data, acquire forensically sound images of Apple Macintosh computers, and perform forensic analysis of macOS operating system and application artifacts. Students gain hands-on experience scripting and using automated tools to conduct a simulated live triage, and use multiple methods to acquire forensically sound images of Apple Macintosh computers. Topics include how the macOS default file system stores data, what happens when files are sent to the macOS Trash, where operating system and application artifacts are stored, and how they can be analyzed. Forensic artifacts covered include password recovery, recently opened files and applications, encryption handling, Mail, Safari, Messages, FaceTime, Photos, Chrome, and Firefox.
Communities are under siege by crimes for profit. When criminals make money (regardless of method: fraud, human trafficking, drugs, counterfeit or stolen goods, cargo, identity theft, or organized retail theft), they create a shadow economy. This illicit activity competes with and erodes the economic stability of our communities. Unique research into the economic impact of the shadow economy reveals the critical need to support skilled, targeted investigations and effective prosecution. Unfortunately, there are ever-increasing efforts to decriminalize non-violent crimes. These policies are fueling the unprecedented growth of the shadow economy. In order to defend communities from this threat, investigators will require a counter-narrative to illustrate how these policies are generating more crime, propagating violence, and ultimately leading to urban decay.
On November 20, 2020, at 3:30 p.m. ET, the Office for Victims of Crime Training and Technical Assistance Center will present an online Expert Q&A discussion with Sarah Deer and Peggy Bird on "Supporting Indigenous Victims of Violence."