Prosecutors

CI 101 - Secure Techniques for Onsite Previewing (June 2018)

This course covers the usage and configuration of two tools (Paladin/Autopsy and osTriage) designed to preview a non-mobile digital device and export files of evidentiary value. Day One is designed to preview a non-mobile digital device and export files of evidentiary value from a device that is powered on. Day Two is designed to preview a non-mobile digital device and export files of evidentiary value from a device that is powered off. Students who bring an external USB hard drive (32GB minimum) will be able to leave with the same setup shown in class. Other topics include a detailed examination of the process of previewing: what previewing is, why and when it should be done, who can conduct a preview, and differences in procedure for starting a preview depending on whether a device is on or off. * What is previewing? Learn why you should preview, who can perform a preview, when to conduct a preview, and how to start a preview whether a device is on or off. * Paladin/Autopsy. Forensically boot a device, then quickly preview and export digital evidence found on scene. * osTriage. Identify when encryption is present, image RAM memory, display browser history, preview and export existing files, and much more. * Hands-on experience. Work with Paladin/Autopsy and osTriage, and leave the course with the same setup shown in class.

CC 201 - Digital Evidence Examination and Processing (July 2018)

This course builds on the concepts introduced in "Cybercop 101 - Basic Digital Forensic Imaging." It covers the architecture and functionality of the Windows NT File System, the FAT and the ExFAT File System, and related directory entry information for locating files on electronic devices. Topical areas include file headers and file hashing, recovery of deleted files and long file names, and techniques for discovering potential evidence that might otherwise be overlooked.

CC 101 - Basic Digital Forensic Imaging (June 2018)

This course covers the fundamentals of computer operations, hardware function, and configuration, as well as best practices for the protection, preservation, and imaging of digital evidence. Presentations and hands-on exercises cover topics such as partitioning, data storage, hardware and software write blockers, the boot-up and shutdown processes, live imaging, encryption detection, and duplicate imaging. This course incorporates computer forensic applications that experienced practitioners are currently using in the field.

CC 201 - Digital Evidence Examination and Processing (July - Aug 2018)

This course builds on the concepts introduced in "Cybercop 101 - Basic Digital Forensic Imaging." It covers the architecture and functionality of the Windows NT File System, the FAT and the ExFAT File System, and related directory entry information for locating files on electronic devices. Topical areas include file headers and file hashing, recovery of deleted files and long file names, and techniques for discovering potential evidence that might otherwise be overlooked.

CI 201 - Social Media & Open Source Intelligence

This course covers the skills investigators need to conduct successful online investigations involving social media. Topics include internet basics such as IP addresses and domains, an overview of currently popular social media platforms, and best practices for building an online undercover profile. Instructors demonstrate both open-source and commercially available investigative tools for social engineering, information gathering, and artifacts related to social media, as well as automated utilities to capture information and crawl websites.

CI 101 - Secure Techniques for Onsite Previewing (July 2018)

This course covers the usage and configuration of two tools (Paladin/Autopsy and osTriage) designed to preview a non-mobile digital device and export files of evidentiary value. Day One is designed to preview a non-mobile digital device and export files of evidentiary value from a device that is powered on. Day Two is designed to preview a non-mobile digital device and export files of evidentiary value from a device that is powered off.

CC 315 - Windows Artifacts (July 2018)

This course covers the identification and extraction of artifacts associated with the current versions of Microsoft Windows operating systems (Vista through Windows 10) and the NT file system. Topics include the change journal, BitLocker, and a detailed examination of the various artifacts found in each of the registry hive files. Students examine event logs, volume shadow copies, link files, and thumbnails. This course uses a mixture of lecture, discussion, demonstration, and hands-on exercises.

CC 315 - Windows Artifacts (July 2018)

This course covers the identification and extraction of artifacts associated with the current versions of Microsoft Windows operating systems (Vista through Windows 10) and the NT file system. Topics include the change journal, BitLocker, and a detailed examination of the various artifacts found in each of the registry hive files. Students examine event logs, volume shadow copies, link files, and thumbnails. This course uses a mixture of lecture, discussion, demonstration, and hands-on exercises.

Child Protector App: An Investigative and Educational Tool

Learn more about Child Protector, a free application designed to improve the investigative, administrative, and judicial handling of child physical abuse cases, as well as child fatalities, in a manner that reduces trauma to the child and family.

FC 111 - Financial Crimes Against Seniors Seminar (Apr 2018)

This course promotes a multiagency approach to the problem of financial exploitation of senior citizens. Topics include working with senior victims, examining documents like bank records and power of attorney, and using resources for investigation and community awareness. Detailed examination of a case study, from initial complaint to prosecution, reinforces and illustrates the course content. With a dual focus on financial abuse by trusted persons and common scams aimed at seniors, the course introduces senior-specific investigative skills while facilitating networking and cooperation that can extend out from the classroom and into real cases.

Pages