Law Enforcement

What's New in DF330 Advanced Android and iOS Forensic Analysis

This webinar will highlight the changes to the DF330 course and will focus on the advanced skills and knowledge required to analyze data on iOS devices (iPod Touch, iPhone, and iPad) and Android devices. Students will use forensically sound methods and techniques to analyze potential evidence, employing advanced techniques to uncover evidence that was potentially missed or misrepresented by commercial forensic tools. Core skills include analyzing artifacts such as device information, call history, voicemail, messages, web browser history, contacts, and photos. Students will learn how to develop the "hunt" methodology for analyzing third party applications that are not supported by commercial forensic tools. In addition to finding data, students will learn how to analyze data by writing custom SQLite queries and will learn to use the terminal as a powerful tool in investigations.

The Tables Have Turned: Igniting the Power of Survivors in Abuse Investigation and Prosecution

In many sexual abuse cases, DNA or other traditional forensic evidence does not exist, and the outcome often depends on the abilities of a multidisciplinary team to maximize the strength of survivors throughout the investigation and at trial. A former prosecutor and an abuse survivor who recorded the perpetrator's confession share investigative tips, best practices for interacting with survivors, and trial strategies to dismantle the power dynamics of perpetrator and victim.

The Truth About the Dark Web Fraud Trade

The dark web is often seen as a mysterious and malevolent creature, built out of the myths and legends created by popular media and clickbait headlines. In reality, the dark web is home to a vibrant and thriving criminal ecosystem, with a resilient fraud trade at the center of the action. What is the dark web fraud economy? What drives it? What can we do about it?

Office 365 Forensics and Business Email Compromises

This webinar will discuss the types of evidence that should be collected in response to a business email compromise/Office 365 email investigation. It will also discuss methods of email compromise (phishing, malware, brute force attacks, and external compromise/credential stuffing), types of data at risk, and commonly seen schemes.

Through the Looking Glass: Protecting Yourself While Conducting Internet-Based Investigations

"Through the looking glass" is a metaphorical expression meaning on the strange side, in the twilight zone, or in a strange, parallel world. While the internet can be considered a strange, parallel world, it can also be an informative, interesting, yet scary place when conducting different types of investigations. There are various technologies and methods that you can use to protect your identity and information while conducting internet-based investigations. This webinar will illustrate these technologies and methods to keep you safe when investigating online.

CI130 Basic Cyber Investigations: Cellular Records Analysis (Oct. 2019, Massachusetts)

This course is for officers, investigators, and analysts who encounter cell phone evidence that includes information external to the phone. Class concepts include instruction on how to request, read, and analyze call detail records from cellular providers, and how to plot cellular site locations to determine the approximate position of a suspect during a given period. No special hardware or software is required. However, this course focuses heavily on analysis; as such, a strong working knowledge of Microsoft Excel is highly recommended. Students are provided with a free copy of the National White Collar Crime Center's (NW3C) PerpHound tool, which assists in the plotting of call detail record locations.

FC111 Financial Crimes Against Seniors Seminar (Oct. 31, 2019, Florida)

This course promotes a multiagency approach to the problem of financial exploitation of senior citizens. Topics include working with senior victims, examining documents like bank records and power of attorney, and using resources for investigation and community awareness. Detailed examination of a case study, from initial complaint to prosecution, reinforces and illustrates the course content. With a dual focus on financial abuse by trusted persons and common scams aimed at seniors, the course introduces senior-specific investigative skills while facilitating networking and cooperation that can extend out of the classroom and into real cases.

DF330 Advanced Digital Forensic Analysis: iOS & Android (Jan. 2020, Maryland)

This course provides the advanced skills and knowledge necessary to analyze data on iOS devices (iPod Touch, iPhone, and iPad) and Android devices at an advanced level. Students use forensically sound tools and techniques to analyze potential evidence, employing advanced techniques to uncover evidence potentially missed or misrepresented by commercial forensic tools. Topics include identifying potential threats to data stored on devices, using available acquisition options, accessing locked devices, and understanding the default folder structure. Core skills include analyzing artifacts such as device information, call history, voicemail, messages, web browser history, contacts, and photos. Instruction is provided on developing the "hunt" methodology for analyzing third-party applications not supported by commercial forensic tools.

CI102 Basic Cyber Investigations: Dark Web & Open Source Intelligence (Jan. 2020, Texas)

This course provides expert guidance in the skills law enforcement officers need to conduct successful online investigations. Topics include IP addresses and domains, an overview of currently popular social media platforms, best practices for building an undercover profile, foundational knowledge related to the dark web, and the use of the dark web as an investigative tool. Instructors demonstrate both open source and commercially available investigative tools for social engineering, information gathering, and artifacts related to social media, as well as automated utilities to capture information and crawl websites.

DF101 Basic Digital Forensic Analysis (Jan. 2020, New Mexico)

This course provides the fundamental knowledge and skills required to preview and acquire images from Windows-based and macOS-based computers, mobile devices, and removable storage media in a forensically sound manner.

Presentations and hands-on practical exercises cover the following topics:

  • Storage media and how data is stored;
  • Firmware interfaces (BIOS, UEFI);
  • The previewing process;
  • Live and dead-box previewing;
  • The forensic acquisition process;
  • Tool validation;
  • Hardware and software write blockers;
  • Forensic image formats; and
  • Multiple forensic acquisition methods.

Students will use free and commercial third-party tools that are currently used by practitioners in the field.