Training Delivery - Classroom Training/Onsite

DF202 Intermediate Digital Forensic Analysis: Windows File Systems

This course provides students with the fundamental knowledge and skills necessary to perform a limited digital forensic examination, validate hardware and software tools, and effectively use digital forensic suites and specialized tools. The course begins with a detailed study of the digital forensic examination process, including documentation, case management, evidence handling, validation, and virtualization. Students learn to use today's leading commercial and open source digital forensic suites: Magnet Axiom, X-ways Forensic, and Autopsy. Instruction on each suite will include an interface overview, configuration, hashing, file signature analysis, keyword searching, data carving, bookmarking, and report creation.

*Digital forensic process. Evidence review; requests for examination; case management.
*Validation. Creation of validation images; validation testing.
*Effective tool usage. Tool interface; hashing; file signature analysis; data carving; searching; metadata; bookmarking.
*Reporting. General report structure; report templates; using tool-generated reports.

NLERSP Executive Workshop (In Person) - Missouri Safety Center/ KCPD

Missouri POST Accredited! Lead your agency in roadway safety. Attend this no-cost 4-hour executive course where you will participate in discussions with other mid-level and executive-level officers about how to increase officer safety during roadway operations.

CI240 Intermediate Cyber Investigations: Virtual Currency

This course provides students with the fundamental knowledge and skills they need to investigate crimes involving virtual currency. Instructors explain foundational concepts like the characteristics of money, virtual currency, and cryptocurrency. Blockchain technology, proof work, and proof of stake are covered; and students learn how industry-leading cryptocurrencies (Bitcoin, Ethereum, and Monero) work and how they differ from each other. Finally, students learn investigative techniques for tracking and documenting transactions; and best practices for seizing and securing cryptocurrency.

*Virtual currency basics. History of money and of virtual currency. Categorizing virtual currency.
*Blockchain. History of the blockchain. Understanding different protocols.
*Cryptocurrencies in detail. Bitcoin, Ethereum, Monero and other privacy coins.
*Investigative techniques. Seizing virtual currency; tracking transactions through the blockchain; documenting investigative results.

The Role of Online Social Media in Predicting and Interdicting Spree Killings: Case Studies and Analysis

Online social media and emerging methods of electronic communication are changing how people communicate and interact with world around them. Increasingly, those contemplating engaging acts of spree violence express themselves in online social media. It is important that investigators, analysts, and those responsible for school, workplace, and public safety understand how this behavior plays a key role in predicting and interdicting the violence. Items of evidentiary value can now often be recovered from online communities. This evidence can provide indicators of planned violence and help to shed light on the thought processes and motivations that led to the tipping point of violence.
The training will explore the interaction between social media and spree violence through a historical examination of case studies ranging in time from 1927 to 2022. Police, prosecutors, probation officers, school and university administrators, and others responsible for workplace and public safety can all benefit from this training.

DF330 Advanced Digital Forensic Analysis: iOS & Android

This course provides the advanced skills and knowledge necessary to analyze data on iOS devices (iPod Touch, iPhone, and iPad) and Android devices at an advanced level. Students use forensically-sound tools and techniques to analyze potential evidence, employing advanced techniques to uncover evidence potentially missed or misrepresented by commercial forensic tools. Topics include identifying potential threats to data stored on devices, available acquisition options, accessing locked devices, and the default folder structure. Core skills include analyzing artifacts such as device information, call history, voicemail, messages, web browser history, contacts, and photos. Instruction is provided on developing the hunt methodology for analyzing third party applications not supported by commercial forensic tools.

Mobile device hardware fundamentals. How mobile devices work, store data, and interact with a variety of networks.
Device handling. Properly preserving data for imaging and analysis. Identifying potential threats to data integrity.
Device acquisition and security. Acquisition options (physical, logical, device backups). Bypassing passcodes and properly defeating encrypted backups of iOS devices.
Advanced analysis techniques. Mounting images, partitioning scheme and default folder structure, types of artifacts (plists, SQLite databases, etc.).

Protecting the Protectors: Maximizing Officer Safety During Traffic Safety Operation - NLERSP IACP Impaired Driving and Traffic Safety Conference 2022

In 2021, law enforcement experienced a 10-year high in fatalities from crashes and struck-by incidents (NLEOMF, 2022). Conducting traffic safety operations is a dangerous ordeal, but actions can be taken to reduce risk. This workshop will identify the major risk factors for collisions and struck-by incidents and discuss how officers can improve their safety while working in and around the roadways.

NLERSP Executive Course (In-Person, Abbreviated) - Georgia Chiefs of Police Summer Training Conference

Abbreviated NLERSP Executive Workshop provided as part of the Georgia Chiefs of Police Summer Training Conference. Lead your agency in roadway safety. Attend this 2-hour workshop with other mid-level and executive-level officers where you will discuss policies, training, and technological innovations that can reduce the risk of officer-involved collisions and struck-by incidents.

NLERSP Executive Course (In-Person, Abbreviated) - Georgia Chiefs of Police Summer Training Conference

Abbreviated NLERSP Executive Workshop provided as part of the Georgia Chiefs of Police Summer Training Conference. Lead your agency in roadway safety. Attend this 2-hour workshop with other mid-level and executive-level officers where you will discuss policies, training, and technological innovations that can reduce the risk of officer-involved collisions and struck-by incidents.

DF201 Intermediate Digital Forensic Analysis: Automated Forensic Tools

This course provides students with the fundamental knowledge and skills necessary to perform a limited digital forensic examination, validate hardware and software tools, and effectively use digital forensic suites and specialized tools. The course begins with a detailed study of the digital forensic examination process, including documentation, case management, evidence handling, validation, and virtualization. Students learn to use today's leading commercial and open source digital forensic suites: Magnet Axiom, X-ways Forensic, and Autopsy. Instruction on each suite will include an interface overview, configuration, hashing, file signature analysis, keyword searching, data carving, bookmarking, and report creation.

*Digital forensic process. Evidence review; requests for examination; case management.
*Validation. Creation of validation images; validation testing.
*Effective tool usage. Tool interface; hashing; file signature analysis; data carving; searching; metadata; bookmarking.
*Reporting. General report structure; report templates; using tool-generated reports.

DF310 Advanced Digital Forensic Analysis: Windows

This course covers the identification and extraction of artifacts associated with the Microsoft Windows operating system. Topics include the Change Journal, BitLocker, and a detailed examination of the various artifacts found in each of the Registry hive files. Students also examine Event Logs, Volume Shadow Copies, link files, and thumbnails. This course uses a mixture of lecture, discussion, demonstration, and hands-on exercises.

Pages