Law Enforcement

Cyber Investigation 150 Introduction to Cellular Investigations ICI (Jan - Feb 2018)

The "Cyber Investigation (CI) 150 Introduction to Cellular Investigations" (ICI) course covers the acquisition and analysis of the various types of call detail records obtained from cellular providers. It focuses on data analysis using Microsoft Excel, as well as techniques for presenting findings in case reports or in court. Students receive a copy of PerpHound, National White Collar Crime Center's (NW3C) free software tool for the analysis of call detail records. This course also covers the best practices for seizing, preserving, and acquiring evidence internal to a cellular phone.

Cybercop 325 - Macintosh Forensic Analysis

The "Cybercop (CC) 325 - Macintosh Forensics Analysis" (MFA) course provides the fundamental knowledge and skills necessary to identify and collect volatile data, acquire forensically-sound images of Apple Macintosh computers, and perform forensic analysis of the macOS operating system and application artifacts. Students gain hands-on experience scripting and using automated tools to conduct a simulated live triage. Students will use multiple methods to acquire forensically-sound images of Apple Macintosh computers and identify unique challenges that this task may present.

Cybercop 315 Windows Artifacts - WinArt

The "Cybercop (CC) 315 Windows Artifacts - WinArt" (WinArt) course covers the identification and extraction of artifacts associated with the current versions of Microsoft Windows operating systems (Vista through Windows 10) and the New Technology file system. Topics include the change journal, BitLocker, and a detailed examination of the various artifacts found in each of the registry hive files. Students examine event logs, volume shadow copies, link files, and thumbnails. This course uses a mixture of lecture, discussion, demonstration, and hands-on exercises.

Cyber Investigation 156 - Post Seizure Evidentiary Concerns - LC6 WB

In contrast to the other LCDE modules, which deal primarily with the acquisition of digital evidence, LC6-WB addresses legal issues that appear relatively late in the investigative and judicial process. Topics include the Fifth Amendment as it applies to passwords and login credentials, determining the ownership of files on digital devices, and the admissibility of online evidence.

LC6-WB is the sixth of seven modules in the training series Legal Concerns for Digital Evidence Responders. It can be completed as a stand-alone course or in combination with the other six modules.

Cyber Investigation 101 - Secure Techniques for Onsite Preview (Jan 2018)

The "Cyber Investigation (CI) - Secure Techniques for Onsite Preview" course covers the usage and configuration of two tools (Paladin/Autopsy and osTriage) designed to preview a non-mobile digital device and export files of evidentiary value. DAY ONE is designed to preview a non-mobile digital device and export files of evidentiary value from a device that is powered on. DAY TWO is designed to preview a non-mobile digital device and export files of evidentiary value from a device that is powered off.

Drone Forensics 101: Extracting & Examining Data from Drones

The National White Collar Crime Center (NW3C) understands how important it is for law enforcement professionals to be up to speed on emerging technologies. In recent months, drones have been a subject of controversy and are being used more frequently by criminals. These devices store data and need to be handled appropriately. Active cases are currently being prosecuted in border, battlefield, and correctional facility scenarios. Having the capability to quickly recover and analyze data from drones has become critically important.

Cybercop 201 - Intermediate Data Recovery and Analysis - IDRA

The "Cybercop (CC) 201 - Intermediate Data Recovery and Analysis" (IDRA) course builds on the concepts introduced in "CC 101 - Basic Data Recovery and Acquisition" (BDRA). This course covers the architecture and functionality of the Windows NT File System (NTFS), the FAT File System, and related directory entry information for locating files on electronic devices. Topical areas include file headers and file hashing, recovery of deleted files and long file names, and techniques for discovering potential evidence that might otherwise be overlooked.

Cybercop 201 - Digital Evidence Examination and Processing

The "Cybercop (CC) 201 - Digital Evidence Examination and Processing" (DEEP) course builds on the concepts introduced in "CC 101: Basic Digital Forensic Imaging" (BDFI). This course covers the architecture and functionality of the Windows NT File System (NTFS), the FAT File System, and related directory entry information for locating files on electronic devices. Topical areas include file headers and file hashing, recovery of deleted files and long file names, and techniques for discovering potential evidence that might otherwise be overlooked.

Pharmaceutical Crime - Advanced Investigative Techniques (TX; Dec 2017)

This course is for the detective who is assigned to a pharmaceutical crime unit or investigation. This course will address the crimes associated with pharmaceutical drug diversion, criminal methods, investigative techniques, evidence collection, and the importance of involving a prosecutor at the onset to prepare the case for successful prosecution.

Pharmaceutical Crime - Tools for the Street (Dec 2017)

This course is for the street patrol officers/new detectives who need to understand the scope of the problem, the types of crimes that may be encountered, how to respond to the scene, awareness of associated evidence, interview techniques, and documentation to further an investigation for a successful prosecution.

Pages