Judges

    DF202 Intermediate Digital Forensic Analysis: Windows File Systems

    This course provides students with the fundamental knowledge and skills necessary to perform a limited digital forensic examination, validate hardware and software tools, and effectively use digital forensic suites and specialized tools. The course begins with a detailed study of the digital forensic examination process, including documentation, case management, evidence handling, validation, and virtualization. Students learn to use todays leading commercial and open source digital forensic suites: Magnet Axiom, X-ways Forensic, and Autopsy. Instruction on each suite will include an interface overview, configuration, hashing, file signature analysis, keyword searching, data carving, bookmarking, and report creation.

    *Digital forensic process. Evidence review; requests for examination; case management.
    *Validation. Creation of validation images; validation testing.
    *Effective tool usage. Tool interface; hashing; file signature analysis; data carving; searching; metadata; bookmarking.
    *Reporting. General report structure; report templates; using tool-generated reports.

    FC105 Financial Records Examination and Analysis

    This course covers the acquisition, examination, and analysis of many types of financial records, including bank statements and checks, wire transfer records, and business records. Topics include recognizing and investigating common indicators of fraud, using spreadsheets to facilitate analysis and pattern recognition, and financial profiling. There is a strong focus on presenting financial evidence in multiple modalities: spreadsheet data outputs, graphic representations, and written/oral presentations.

    *Introduction to analysis. Best practices. Finding patterns. Indicators of fraud. Presenting your findings.
    *Financial records. Bank records. Business documents.
    *Financial profiling. Methods of profiling. Reasons to create a profile. Creating a profile.
    *Hands-on experience. Work a mock financial case as part of an investigative team.

    DF100 Basic Digital Forensic Analysis: Seizure

    This course introduces the information and techniques law enforcement personnel need to safely and methodically collect and preserve digital evidence at a crime scene. Topics include recognizing potential sources of digital evidence; planning and executing a digital evidence-based seizure; and the preservation, packaging, documentation, and transfer of digital evidence.

    *Prepare. Prepare to respond to an incident or crime scene where digital evidence may be present.
    *Identify. Learn tow to identify relevant sources of digital evidence in an ever-evolving landscape.
    *Collect. Learn the proper methods of digital evidence collection.
    *Preserve. Build upon the three previous principles to ensure valid and legal preservation of digital evidence can occur.

    FC203 Financial Investigations: Beyond the Basics

    This three-day course covers the fundamentals of financial investigations and incorporates some of the more advanced processes that elevate an investigation. During this course, students will learn about investigative processes, practical tools, and sources of information necessary to plan and conduct financial investigations. The course begins with a description of the basic composition of elements within illicit financial networks and how they work to compromise legitimate business and financial sectors. Course material will describe government, regulatory, and investigative actions within the United States, and by international partners to detect and investigate illicit actors and networks. The course also includes considerations for investigation planning and promotion of creative thinking.

    FC101 Financial Investigations Practical Skills

    This course provides hands-on investigative training at a basic level. Students develop the practical skills, insight, and knowledge necessary to manage a successful financial investigation from start to finish, including the acquisition and examination of financial records, interview skills, and case management and organization. Additional topics include forgery and embezzlement, financial exploitation of the elderly, working with spreadsheets, financial profiling, and state-specific statutes and legal issues.

    *Emerging issues. Current trends in various types of financial crimes. Recent cases and their implications.
    *Financial records. Learn to obtain and manage bank records, including basic spreadsheeting skills.
    *Working with data. Extract leads and draw conclusions from bank records and other financial data.
    *Hands-on experience. Work a mock financial case as part of an investigative team.

    CI240 Intermediate Cyber Investigations: Virtual Currency

    This course provides students with the fundamental knowledge and skills they need to investigate crimes involving virtual currency. Instructors explain foundational concepts like the characteristics of money, virtual currency, and cryptocurrency. Blockchain technology, proof work, and proof of stake are covered; and students learn how industry-leading cryptocurrencies (Bitcoin, Ethereum, and Monero) work and how they differ from each other. Finally, students learn investigative techniques for tracking and documenting transactions; and best practices for seizing and securing cryptocurrency.

    *Virtual currency basics. History of money and of virtual currency. Categorizing virtual currency.
    *Blockchain. History of the blockchain. Understanding different protocols.
    *Cryptocurrencies in detail. Bitcoin, Ethereum, Monero and other privacy coins.
    *Investigative techniques. Seizing virtual currency; tracking transactions through the blockchain; documenting investigative results.

    FC122 Intellectual Property Theft Training

    This course introduces the problem of intellectual property theft and provides tools, techniques, and resources for investigating and prosecuting these crimes. A combination of lecture, discussion, and interactive exercises illustrates the potential dangers and economic repercussions of counterfeit products, as well as best practices and techniques for investigating IP theft. Students are provided with a state-specific folder that includes relevant statutes, sample organizational documents for IP investigations, and additional resources for investigators and prosecutors.

    This course is presented in collaboration with the National Association of Attorneys General (NAAG).
    Awareness. Types of IP crimes. The criminals who commit these crimes. Impacts and dangers.
    Investigation. Online and traditional techniques. Working with brand experts and the private sector. Large amounts of evidence. Resources.
    Statutes. Prosecutorial theories. State-specific discussion.
    Hands-on experience. Work with real counterfeit products. Identify fakes with expert guidance.

    FC099 Basic Level Spreadsheeting Skills

    This one-day course provides foundational spreadsheeting knowledge and skills to enhance workplace productivity. The course covers basic navigation of Microsoft Excel by combining live demonstrations and hands-on exercises.

    Work with multiple worksheets within a workbook
    Hide, unhide, and protect worksheets
    Adjust rows and columns
    Use copy and paste options
    Find, select, and sort data

    IA300 Advanced Criminal Intelligence: Tradecraft and Analysis

    This three-day course is dedicated to studying the fundamentals of quantitative and qualitative data analysis and how to formulate arguments in support of criminal investigations and intelligence. Students will learn about data management techniques and a disciplined process to clean and standardize data in preparation for analysis. The course will also explore several common investigative objectives, including the discovery of associations between people and entities, the correlation between unlawful activity and suspects, behavioral affinities, and predictions. The course will introduce the Enterprise Theory of Crime and how to use network analysis to formulate conclusions about the structure of criminal organizations, their players and roles, the identification of facilitators, charting of financial arrangements, and connections to unlawful activity. The course enables the production of valuable, accurate, and efficient logical inferences produced by collecting data related to unlawful activity.

    Digital Evidence Basics for Non-Technical Investigators

    This is the replacement class for Securecube.

    This course will familiarize Non-Technical Investigators related to the fundamentals of handling digital evidence which may present in the course of their investigations. The course will address the digital evidence source landscape, collection and preservation, examination and authentication, and considerations for managing third party sources. The student will receive a broad and balanced understanding of how digital evidence can enhance their investigations and the fundamentals of handling such evidence.

    Presented by:
    Jim Emerson, Vice President, High Tech Crimes, NW3C

    Pages