Judges

Collecting Evidence from Online Social Media: Building a Cyber-OSINT Toolbox

There is a rapid evolution in the technologies people use to communicate and share material with each other, in the companies providing the sharing platforms, and in how people choose to communicate with each other. People are increasingly choosing to communicate using text, images, and videos rather than traditional electronic voice communications. And they increasingly choose to use platforms that make this communication openly available for others to view. This means that evidence associated with not just metadata but also content of communications can often be collected through open sources long after the communication is completed. While evidence of criminality and victimization can be recovered through open source investigative techniques, many of the commercial tools marketed to criminal investigators and analysts are expensive. This sometimes places them outside the reach of police departments, and social media companies are increasingly blocking API connections for commercial tools that allow the tools to be used for "surveillance." Therefore, it is increasingly important for criminal investigators and analysts to build an inexpensive cyber-OSINT toolbox. This webinar will discuss the rapidly evolving ecosystem of online social media and how people are changing how they choose to communicate. It will then detail and demonstrate free and inexpensive cyber-OSINT tools that criminal investigators and analysts can use to start building a cyber-OSINT toolbox.

CI102 Basic Cyber Investigations: Dark Web & Open Source Intelligence (March 2020, Texas)

This course provides expert guidance in the skills law enforcement officers need to conduct successful online investigations. Topics include IP addresses and domains, an overview of currently popular social media platforms, best practices for building an undercover profile, foundational knowledge related to the dark web, and the use of the dark web as an investigative tool. Instructors demonstrate both open source and commercially available investigative tools for social engineering, information gathering, and artifacts related to social media, as well as automated utilities to capture information and crawl websites.

CI130 Basic Cyber Investigations: Cellular Records Analysis (March 2020, Texas)

This course is for officers, investigators, and analysts who encounter cell phone evidence that includes information external to the phone. Class concepts include instruction on how to request, read, and analyze call detail records from cellular providers, and how to plot cellular site locations to determine the approximate position of a suspect during a given period. No special hardware or software is required. However, this course focuses heavily on analysis; as such, a strong working knowledge of Microsoft Excel is highly recommended. Students are provided with a free copy of the National White Collar Crime Center's (NW3C) PerpHound tool, which assists in the plotting of call detail record locations.

FC110 Financial Crimes Against Seniors (May 2020, Tennessee)

This course promotes a multiagency approach to the problem of financial exploitation of senior citizens. Bringing together law enforcement personnel and adult protective services investigators, the course enhances students' investigative skills and interviewing techniques while facilitating networking and cooperation that can extend out of the classroom and into real cases. Topics include recognizing elder abuse, working with victims, and identifying perpetrators, as well as resources for investigation and community awareness. Students work together to conduct a mock investigation into a hypothetical case.

What Might Your Forensic Acquisitions Be Hiding?

The process of acquiring forensic images is well understood, and the industry has never been better equipped for the analysis. However, common practices are set to fail, and analysis may be missing malware and indicators of compromise. This webinar will highlight shortcomings in common methods and provide a framework for an improved approach to allow for more efficient and thorough investigations.

DF330 Advanced Digital Forensic Analysis: iOS & Android (March 2020, North Carolina)

This course provides the advanced skills and knowledge necessary to analyze data on iOS devices (iPod Touch, iPhone, and iPad) and Android devices at an advanced level. Students use forensically sound tools and techniques to analyze potential evidence, employing advanced techniques to uncover evidence potentially missed or misrepresented by commercial forensic tools. Topics include identifying potential threats to data stored on devices, using available acquisition options, accessing locked devices, and understanding the default folder structure. Core skills include analyzing artifacts such as device information, call history, voicemail, messages, web browser history, contacts, and photos. Instruction is provided on developing the "hunt" methodology for analyzing third-party applications not supported by commercial forensic tools.

DF310 Advanced Digital Forensic Analysis: Windows (March 2020, Oregon)

This course covers the identification and extraction of artifacts associated with the Microsoft Windows operating system. Topics include the Change Journal, BitLocker, and a detailed examination of the various artifacts found in each of the Registry hive files. Students also examine Event Logs, Volume Shadow Copies, link files, and thumbnails. This course uses a mixture of lecture, discussion, demonstration, and hands-on exercises.

FC105 Financial Records Examination and Analysis (March 2020, California)

This course covers the acquisition, examination, and analysis of many types of financial records, including bank statements and checks, wire transfer records, and business records. Topics include recognizing and investigating common indicators of fraud, using spreadsheets to facilitate analysis and pattern recognition, and financial profiling. There is a strong focus on presenting financial evidence in multiple modalities: spreadsheet data outputs, graphic representations, and written/oral presentations.

DF201 Intermediate Digital Forensic Analysis: Automated Forensic Tools (Feb. 2020, Connecticut)

This course provides students with the fundamental knowledge and skills necessary to perform a limited digital forensic examination, validate hardware and software tools, and effectively use digital forensic suites and specialized tools. The course begins with a detailed review of the digital forensic examination process, including documentation, case management, evidence handling, validation, and virtualization. Students learn to use today's leading commercial and open source digital forensic suites: Magnet Axiom, X-ways Forensic, and Autopsy. Instruction on each suite will include an interface overview, configuration, hashing, file signature analysis, keyword searching, data carving, bookmarking, and report creation.

CI102 Basic Cyber Investigations: Dark Web & Open Source Intelligence (Feb. 2020, Alabama)

This course provides expert guidance in the skills law enforcement officers need to conduct successful online investigations. Topics include IP addresses and domains, an overview of currently popular social media platforms, best practices for building an undercover profile, foundational knowledge related to the dark web, and the use of the dark web as an investigative tool. Instructors demonstrate both open source and commercially available investigative tools for social engineering, information gathering, and artifacts related to social media, as well as automated utilities to capture information and crawl websites.

Pages