Justice Information Sharing

    FC203 Financial Investigations: Beyond the Basics

    This three-day course covers the fundamentals of financial investigations and incorporates some of the more advanced processes that elevate an investigation. During this course, students will learn about investigative processes, practical tools, and sources of information necessary to plan and conduct financial investigations. The course begins with a description of the basic composition of elements within illicit financial networks and how they work to compromise legitimate business and financial sectors. Course material will describe government, regulatory, and investigative actions within the United States, and by international partners to detect and investigate illicit actors and networks. The course also includes considerations for investigation planning and promotion of creative thinking.

    DF205 Intermediate Digital Forensic Analysis: SQLite Primer

    Mobile devices dominate the intake list, and the desks of most digital forensics analyst globally. Devices are becoming more secure, with an increase in security the need for detailed analysis is increasing as well. SQLite is a self-contained, serverless database engine. It is found on nearly every operating system and dominates iOS, Android, and macOS as one of the most prevalent and relevant data storage mechanisms. Rather than hope our forensic tools support the newest applications or be tethered to how a certain utility parses data we can arm ourselves with the skills and techniques needed to conquer the analysis of nearly any application.

    What is SQLite and how to identify and analyze logically
    Recognizing relevant locations of valuable data within SQLite database.
    Develop skills needed for crafting custom SQLite queries.
    Learn how to recognize and decode a variety of common timestamp formats.
    Learn how to perform SQLite analysis with automation.

    DF310 Advanced Digital Forensic Analysis: Windows

    This course covers the identification and extraction of artifacts associated with the Microsoft Windows operating system. Topics include the Change Journal, BitLocker, and a detailed examination of the various artifacts found in each of the Registry hive files. Students also examine Event Logs, Volume Shadow Copies, link files, and thumbnails. This course uses a mixture of lecture, discussion, demonstration, and hands-on exercises.

    FC101 Financial Investigations Practical Skills

    This course provides hands-on investigative training at a basic level. Students develop the practical skills, insight, and knowledge necessary to manage a successful financial investigation from start to finish, including the acquisition and examination of financial records, interview skills, and case management and organization. Additional topics include forgery and embezzlement, financial exploitation of the elderly, working with spreadsheets, financial profiling, and state-specific statutes and legal issues.

    *Emerging issues. Current trends in various types of financial crimes. Recent cases and their implications.
    *Financial records. Learn to obtain and manage bank records, including basic spreadsheeting skills.
    *Working with data. Extract leads and draw conclusions from bank records and other financial data.
    *Hands-on experience. Work a mock financial case as part of an investigative team.

    FC105 Financial Records Examination and Analysis

    This course covers the acquisition, examination, and analysis of many types of financial records, including bank statements and checks, wire transfer records, and business records. Topics include recognizing and investigating common indicators of fraud, using spreadsheets to facilitate analysis and pattern recognition, and financial profiling. There is a strong focus on presenting financial evidence in multiple modalities: spreadsheet data outputs, graphic representations, and written/oral presentations.

    *Introduction to analysis. Best practices. Finding patterns. Indicators of fraud. Presenting your findings.
    *Financial records. Bank records. Business documents.
    *Financial profiling. Methods of profiling. Reasons to create a profile. Creating a profile.
    *Hands-on experience. Work a mock financial case as part of an investigative team.

    FC105 Financial Records Examination and Analysis

    This course covers the acquisition, examination, and analysis of many types of financial records, including bank statements and checks, wire transfer records, and business records. Topics include recognizing and investigating common indicators of fraud, using spreadsheets to facilitate analysis and pattern recognition, and financial profiling. There is a strong focus on presenting financial evidence in multiple modalities: spreadsheet data outputs, graphic representations, and written/oral presentations.

    *Introduction to analysis. Best practices. Finding patterns. Indicators of fraud. Presenting your findings.
    *Financial records. Bank records. Business documents.
    *Financial profiling. Methods of profiling. Reasons to create a profile. Creating a profile.
    *Hands-on experience. Work a mock financial case as part of an investigative team.

    FC204 Combating Transnational Crime & Terrorism Financing

    An effective financial investigation can disrupt terrorism organizations and interrupt, deter, or even stop operational terrorism activities before they can begin. In this three-day course, students develop an understanding of how financial systems are used to support terrorism activities and transnational criminal organizations. Students will work with tools and methods to investigate the manipulation of financial, communication, and business systems used for illicit purposes. Students will learn how to work with suspicious activity reports, crucial financial records such as Society for Worldwide Interbank Financial Telecommunications (SWIFT) messaging, and records used in banking and money services businesses. They will also learn how to gather information and evidence on other means of value transfer methods associated with money laundering, the black-market peso and forms of trade-based money laundering, hawala, and other alternate remittance systems, and virtual assets (cryptocurrency).

    FC122 Intellectual Property Theft Training

    This course introduces the problem of intellectual property theft and provides tools, techniques, and resources for investigating and prosecuting these crimes. A combination of lecture, discussion, and interactive exercises illustrates the potential dangers and economic repercussions of counterfeit products, as well as best practices and techniques for investigating IP theft. Students are provided with a state-specific folder that includes relevant statutes, sample organizational documents for IP investigations, and additional resources for investigators and prosecutors.

    This course is presented in collaboration with the National Association of Attorneys General (NAAG).
    Awareness. Types of IP crimes. The criminals who commit these crimes. Impacts and dangers.
    Investigation. Online and traditional techniques. Working with brand experts and the private sector. Large amounts of evidence. Resources.
    Statutes. Prosecutorial theories. State-specific discussion.
    Hands-on experience. Work with real counterfeit products. Identify fakes with expert guidance.

    IA103 Introduction to Strategic Intelligence Analysis

    This course introduces analysts to the broader concepts of connecting the dots through link analysis. A critical portion of conducting a successful analytical investigation is the ability to link together and understand the complexities of the connectedness between people and organizations. Introduction to Link Analysis (ILA) expands on the basic principles of link and association analyses explored in the Foundations of Intelligence Analysis Training (FIAT) while building a framework for more advanced methods such as social network analysis.

    Expanding basic knowledge of link and association analysis
    Explaining the process of social network analysis
    Understanding the visual mapping and mathematical components associated with link and social network analyses

    CI130 Basic Cyber Investigations: Cellular Records Analysis

    This course is for officers, investigators, and analysts who encounter cell phone evidence that includes information external to the phone. Class concepts include instruction on how to request, read, and analyze call detail records from cellular providers; and how to plot cellular site locations to determine the approximate position of a suspect during a given period. No special hardware or software is required. However, this course focuses heavily on analysis; as such, a strong working knowledge of Microsoft Excel is highly recommended. Students are provided with a free copy of NW3Cs PerpHound tool, which assists in the plotting of call detail record locations.

    *Cellular technology. Land-line and cellular networks. Types and generations of cell phones. Cell site design and its implications for law enforcement.
    *Analysis of call detail records. Request information from service providers. Convert records into a useful format. *Merge two related spreadsheets. Read and analyze using filters, sorting, and pivot tables. Plot location information.
    *Hands-on experience. Hands-on experience with NW3Cs free software tool PerpHound and Microsoft Excel to analyze various types of records that are available from cellular providers.

    Pages