Training

This course introduces analysts to the broader concepts of connecting the dots through link analysis. A critical portion of conducting a successful analytical investigation is the ability to link together and understand the complexities of the connectedness between people and organizations. Introduction to Link Analysis (ILA) expands on the basic principles of link and association analyses explored in the Foundations of Intelligence Analysis Training (FIAT) while building a framework for more advanced methods such as social network analysis.

Expanding basic knowledge of link and association analysis
Explaining the process of social network analysis
Understanding the visual mapping and mathematical components associated with link and social network analyses

This course is for officers, investigators, and analysts who encounter cell phone evidence that includes information external to the phone. Class concepts include instruction on how to request, read, and analyze call detail records from cellular providers; and how to plot cellular site locations to determine the approximate position of a suspect during a given period. No special hardware or software is required. However, this course focuses heavily on analysis; as such, a strong working knowledge of Microsoft Excel is highly recommended. Students are provided with a free copy of NW3Cs PerpHound tool, which assists in the plotting of call detail record locations.

*Cellular technology. Land-line and cellular networks. Types and generations of cell phones. Cell site design and its implications for law enforcement.
*Analysis of call detail records. Request information from service providers. Convert records into a useful format. *Merge two related spreadsheets. Read and analyze using filters, sorting, and pivot tables. Plot location information.
*Hands-on experience. Hands-on experience with NW3Cs free software tool PerpHound and Microsoft Excel to analyze various types of records that are available from cellular providers.

This course introduces the problem of intellectual property theft and provides tools, techniques, and resources for investigating and prosecuting these crimes. A combination of lecture, discussion, and interactive exercises illustrates the potential dangers and economic repercussions of counterfeit products, as well as best practices and techniques for investigating IP theft. Students are provided with a state-specific folder that includes relevant statutes, sample organizational documents for IP investigations, and additional resources for investigators and prosecutors.

This course is presented in collaboration with the National Association of Attorneys General (NAAG).
Awareness. Types of IP crimes. The criminals who commit these crimes. Impacts and dangers.
Investigation. Online and traditional techniques. Working with brand experts and the private sector. Large amounts of evidence. Resources.
Statutes. Prosecutorial theories. State-specific discussion.
Hands-on experience. Work with real counterfeit products. Identify fakes with expert guidance.

This course provides the advanced skills and knowledge necessary to analyze data on iOS devices (iPod Touch, iPhone, and iPad) and Android devices at an advanced level. Students use forensically-sound tools and techniques to analyze potential evidence, employing advanced techniques to uncover evidence potentially missed or misrepresented by commercial forensic tools. Topics include identifying potential threats to data stored on devices, available acquisition options, accessing locked devices, and the default folder structure. Core skills include analyzing artifacts such as device information, call history, voicemail, messages, web browser history, contacts, and photos. Instruction is provided on developing the hunt methodology for analyzing third party applications not supported by commercial forensic tools.

Mobile device hardware fundamentals. How mobile devices work, store data, and interact with a variety of networks.
Device handling. Properly preserving data for imaging and analysis. Identifying potential threats to data integrity.
Device acquisition and security. Acquisition options (physical, logical, device backups). Bypassing passcodes and properly defeating encrypted backups of iOS devices.
Advanced analysis techniques. Mounting images, partitioning scheme and default folder structure, types of artifacts (plists, SQLite databases, etc.).