Justice Information Sharing

DF205 Intermediate Digital Forensic Analysis: SQLite Primer (May 13, 2021, Virtual)

Mobile devices dominate the intake list and the desks of most digital forensics analysts globally. Devices are becoming more secure, with an increase in security; the need for detailed analysis is increasing as well. SQLite is a self-contained, serverless database engine. It is found on nearly every operating system and dominates iOS, Android, and macOS as one of the most prevalent and relevant data storage mechanisms. Rather than hope our forensic tools support the newest applications or be tethered to how a certain utility parses data, we can arm ourselves with the skills and techniques needed to conquer the analysis of nearly any application.

DF330 Advanced Digital Forensic Analysis: iOS & Android (Jun. 7–10, 2021)

This course provides the advanced skills and knowledge necessary to analyze data on iOS devices (iPod Touch, iPhone, and iPad) and Android devices at an advanced level. Students use forensically sound tools and techniques to analyze potential evidence, employing advanced techniques to uncover evidence potentially missed or misrepresented by commercial forensic tools. Topics include identifying potential threats to data stored on devices, using available acquisition options, accessing locked devices, and understanding the default folder structure. Core skills include analyzing artifacts such as device information, call history, voicemail, messages, web browser history, contacts, and photos. Instruction is provided on developing the "hunt" methodology for analyzing third-party applications not supported by commercial forensic tools.

CI102 Basic Cyber Investigations: Dark Web & Open Source Intelligence (May 3–5, 2021, Virtual)

This course provides expert guidance in the skills law enforcement officers need to conduct successful online investigations. Topics include IP addresses and domains, an overview of currently popular social media platforms, best practices for building an undercover profile, foundational knowledge related to the dark web, and the use of the dark web as an investigative tool. Instructors demonstrate both open source and commercially available investigative tools for social engineering, information gathering, and artifacts related to social media, as well as automated utilities to capture information and crawl websites.

DF100 Basic Digital Forensic Analysis: Seizure (Jun. 22, 2021, Virtual)

This course introduces the information and techniques law enforcement personnel need to safely and methodically collect and preserve digital evidence at a crime scene. Topics include recognizing potential sources of digital evidence; planning and executing a digital evidence-based seizure; and the preservation, packaging, documentation, and transfer of digital evidence.

DF310 Advanced Digital Forensic Analysis: Windows (Jun. 21–24, 2021, Virtual)

This course covers the identification and extraction of artifacts associated with the Microsoft Windows operating system. Topics include the Change Journal, BitLocker, and a detailed examination of the various artifacts found in each of the Registry hive files. Students also examine Event Logs, Volume Shadow Copies, link files, and thumbnails. This course uses a mixture of lecture, discussion, demonstration, and hands-on exercises.

DF205 Intermediate Digital Forensic Analysis: SQLite Primer (Jun. 15, 2021, Virtual)

Mobile devices dominate the intake list and the desks of most digital forensics analysts globally. Devices are becoming more secure, with an increase in security; the need for detailed analysis is increasing as well. SQLite is a self-contained, serverless database engine. It is found on nearly every operating system and dominates iOS, Android, and macOS as one of the most prevalent and relevant data storage mechanisms. Rather than hope our forensic tools support the newest applications or be tethered to how a certain utility parses data, we can arm ourselves with the skills and techniques needed to conquer the analysis of nearly any application.

CI103 Basic Cyber Investigations: Advertising Identifiers (May 26, 2021, Virtual)

This one-day course, focused on device location information, is for law enforcement investigators and analysts. Class concepts include device identifiers (IDs) in general, advertising IDs in detail, important legal considerations, overall investigative process, and tools available to law enforcement. Students will use commercially available investigative tools for querying databases of Advertising IDs and displaying their recorded broadcast locations.

CI103 Basic Cyber Investigations: Advertising Identifiers (May 20, 2021, Virtual)

This one-day course, focused on device location information, is for law enforcement investigators and analysts. Class concepts include device identifiers (IDs) in general, advertising IDs in detail, important legal considerations, overall investigative process, and tools available to law enforcement. Students will use commercially available investigative tools for querying databases of Advertising IDs and displaying their recorded broadcast locations.

CI103 Basic Cyber Investigations: Advertising Identifiers (June 2, 2021, Virtual)

This one-day course, focused on device location information, is for law enforcement investigators and analysts. Class concepts include device identifiers (IDs) in general, advertising IDs in detail, important legal considerations, overall investigative process, and tools available to law enforcement. Students will use commercially available investigative tools for querying databases of Advertising IDs and displaying their recorded broadcast locations.

Impact Justice, with support from the Bureau of Justice Assistance, manages The National Prison Rape Elimination Act (PREA) Resource Center (PRC). The PRC helps state, local, and tribal agencies to implement PREA standards. The PRC also supports the U.S. Department of Justice’s (DOJ) audit function.

Pages