Training Delivery - Classroom Training / Onsite

FC 130 - Targeting Investment Fraud

This course provides investigators and prosecutors with the knowledge and tools they need to respond to the growing problem of investment fraud. Topics include what constitutes a security, using the Howey Test to determine if a particular offering is a security, identifying investment fraud schemes, and investigative strategies for working with victims and perpetrators. The course also covers fraud prevention strategies, and students are provided with additional resources for both prevention and investigation.

CC 350 - Mobile Device Forensic Analysis (July 2018)

This course provides the fundamental knowledge and skills necessary to preserve, acquire, and analyze data on iOS devices (iPod Touch, iPhone, and iPad), as well as various Android devices. Students use forensically sound tools and techniques to acquire and analyze potential evidence. Topics include identifying potential threats to data stored on devices, available imaging options, accessing locked devices, and the default folder structure. The forensic artifacts covered include device information, call history, voicemail, messages, web browser history, contacts, and photos.

FC 105 - Financial Records Examination and Analysis (July 2018)

This course covers the acquisition, examination, and analysis of many types of financial records, including bank statements and checks, wire transfer records, and business records. Topics include recognizing and investigating common indicators of fraud, using spreadsheets to facilitate analysis and pattern recognition, and financial profiling. There is a strong focus on presenting financial evidence in multiple modalities: spreadsheet data outputs, graphic representations, and written/oral presentations.

Course structure:

CS 235 - Basic Network Intrusion Investigations (June 2018)

This course covers the skills and techniques involved in responding to a network security incident. The course focuses on the identification, extraction, and detailed examination of artifacts associated with network and intrusions. Memory analysis, host machine forensics, network traffic and log analysis, malware analysis, and virtual machine sandboxing are covered through lecture, discussion, and hands-on exercises. Additional topics include key cybersecurity concepts and issues, as well as the various classifications and types of network attacks.

CI 201 - Social Media & Open Source Intelligence (July 26 2018)

This course covers the skills investigators need to conduct successful online investigations involving social media. Topics include internet basics such as IP addresses and domains, an overview of currently popular social media platforms, and best practices for building an online undercover profile. Instructors demonstrate both open-source and commercially available investigative tools for social engineering, information gathering, and artifacts related to social media, as well as automated utilities to capture information and crawl websites.

Course structure:

CI 101 - Secure Techniques for Onsite Previewing (June 2018)

This course covers the usage and configuration of two tools (Paladin/Autopsy and osTriage) designed to preview a non-mobile digital device and export files of evidentiary value. Day One is designed to preview a non-mobile digital device and export files of evidentiary value from a device that is powered on. Day Two is designed to preview a non-mobile digital device and export files of evidentiary value from a device that is powered off. Students who bring an external USB hard drive (32GB minimum) will be able to leave with the same setup shown in class. Other topics include a detailed examination of the process of previewing: what previewing is, why and when it should be done, who can conduct a preview, and differences in procedure for starting a preview depending on whether a device is on or off. * What is previewing? Learn why you should preview, who can perform a preview, when to conduct a preview, and how to start a preview whether a device is on or off. * Paladin/Autopsy. Forensically boot a device, then quickly preview and export digital evidence found on scene. * osTriage. Identify when encryption is present, image RAM memory, display browser history, preview and export existing files, and much more. * Hands-on experience. Work with Paladin/Autopsy and osTriage, and leave the course with the same setup shown in class.

CC 201 - Digital Evidence Examination and Processing (July 2018)

This course builds on the concepts introduced in "Cybercop 101 - Basic Digital Forensic Imaging." It covers the architecture and functionality of the Windows NT File System, the FAT and the ExFAT File System, and related directory entry information for locating files on electronic devices. Topical areas include file headers and file hashing, recovery of deleted files and long file names, and techniques for discovering potential evidence that might otherwise be overlooked.

CC 101 - Basic Digital Forensic Imaging (June 2018)

This course covers the fundamentals of computer operations, hardware function, and configuration, as well as best practices for the protection, preservation, and imaging of digital evidence. Presentations and hands-on exercises cover topics such as partitioning, data storage, hardware and software write blockers, the boot-up and shutdown processes, live imaging, encryption detection, and duplicate imaging. This course incorporates computer forensic applications that experienced practitioners are currently using in the field.

CC 201 - Digital Evidence Examination and Processing (July - Aug 2018)

This course builds on the concepts introduced in "Cybercop 101 - Basic Digital Forensic Imaging." It covers the architecture and functionality of the Windows NT File System, the FAT and the ExFAT File System, and related directory entry information for locating files on electronic devices. Topical areas include file headers and file hashing, recovery of deleted files and long file names, and techniques for discovering potential evidence that might otherwise be overlooked.

CI 201 - Social Media & Open Source Intelligence

This course covers the skills investigators need to conduct successful online investigations involving social media. Topics include internet basics such as IP addresses and domains, an overview of currently popular social media platforms, and best practices for building an online undercover profile. Instructors demonstrate both open-source and commercially available investigative tools for social engineering, information gathering, and artifacts related to social media, as well as automated utilities to capture information and crawl websites.

Pages