Training Delivery - Classroom Training / Onsite

Cybersecurity 235 - Basic Network Intrusion Investigations BNII (Feb - Mar 2018)

The "Cybersecurity (CS) 235 - Basic Network Intrusion Investigations" (BNII) course covers the skills and techniques involved in responding to a network security incident. The course focuses on the identification, extraction, and detailed examination of artifacts associated with network and intrusions. Memory analysis, host machine forensics, network traffic and log analysis, malware analysis, and virtual machine sandboxing are covered through lecture, discussion, and hands-on exercises.

Cybersecurity 235 - Basic Network Intrusion Investigations BNII (Feb 2018)

The "Cybersecurity (CS) 235 - Basic Network Intrustion Investigations" (BNII) course covers the skills and techniques involved in responding to a network security incident. The course focuses on the identification, extraction, and detailed examination of artifacts associated with network and intrusions. Memory analysis, host machine forensics, network traffic and log analysis, malware analysis, and virtual machine sandboxing are covered through lecture, discussion, and hands-on exercises.

Cyber Investigation 150 Introduction to Cellular Investigations ICI (Jan - Feb 2018)

The "Cyber Investigation (CI) 150 Introduction to Cellular Investigations" (ICI) course covers the acquisition and analysis of the various types of call detail records obtained from cellular providers. It focuses on data analysis using Microsoft Excel, as well as techniques for presenting findings in case reports or in court. Students receive a copy of PerpHound, National White Collar Crime Center's (NW3C) free software tool for the analysis of call detail records. This course also covers the best practices for seizing, preserving, and acquiring evidence internal to a cellular phone.

Cybercop 325 - Macintosh Forensic Analysis

The "Cybercop (CC) 325 - Macintosh Forensics Analysis" (MFA) course provides the fundamental knowledge and skills necessary to identify and collect volatile data, acquire forensically-sound images of Apple Macintosh computers, and perform forensic analysis of the macOS operating system and application artifacts. Students gain hands-on experience scripting and using automated tools to conduct a simulated live triage. Students will use multiple methods to acquire forensically-sound images of Apple Macintosh computers and identify unique challenges that this task may present.

Cybercop 315 Windows Artifacts - WinArt

The "Cybercop (CC) 315 Windows Artifacts - WinArt" (WinArt) course covers the identification and extraction of artifacts associated with the current versions of Microsoft Windows operating systems (Vista through Windows 10) and the New Technology file system. Topics include the change journal, BitLocker, and a detailed examination of the various artifacts found in each of the registry hive files. Students examine event logs, volume shadow copies, link files, and thumbnails. This course uses a mixture of lecture, discussion, demonstration, and hands-on exercises.

Cyber Investigation 101 - Secure Techniques for Onsite Preview (Jan 2018)

The "Cyber Investigation (CI) - Secure Techniques for Onsite Preview" course covers the usage and configuration of two tools (Paladin/Autopsy and osTriage) designed to preview a non-mobile digital device and export files of evidentiary value. DAY ONE is designed to preview a non-mobile digital device and export files of evidentiary value from a device that is powered on. DAY TWO is designed to preview a non-mobile digital device and export files of evidentiary value from a device that is powered off.

Cybercop 350 Mobile Device Forensic Analysis (Oct 2017)

The "Cybercop (CC) 350 - Mobile Device Forensic Analysis" (MDFA) course provides the fundamental knowledge and skills necessary to preserve, acquire, and analyze data on iOS devices (iPod Touch, iPhone, and iPad), as well as various Android devices. Students use forensically sound tools and techniques to acquire and analyze potential evidence. Topics include identifying potential threats to data stored on devices, available imaging options, accessing locked devices, and the default folder structure.

Cyber Investigation 201 - Social Media & Open Source Investigations SMOSI

The "Cyber Investigations 201 - Social Media & Open Source Investigations" (SMOSI) course covers the skills investigators need to conduct successful online investigations involving social media. Topics include internet basics, such as IP addresses and domains; an overview of currently popular social media platforms; and best practices for building an online undercover profile.

Cyber Investigation 105 Cell Phone Mapping & Analysis CPMA

This two-day course is for officers, investigators, and analysts that encounter cell phone evidence that includes the acquisition and analysis of information external to the phone. Class concepts include instruction on how to request, read, and analyze Call Detail Records from cellular providers, as well as how to plot cellular site locations to determine the approximate position of a suspect during a given time frame.

Cybercop 201 - Intermediate Data Recovery and Analysis - IDRA

The "Cybercop (CC) 201 - Intermediate Data Recovery and Analysis" (IDRA) course builds on the concepts introduced in "CC 101 - Basic Data Recovery and Acquisition" (BDRA). This course covers the architecture and functionality of the Windows NT File System (NTFS), the FAT File System, and related directory entry information for locating files on electronic devices. Topical areas include file headers and file hashing, recovery of deleted files and long file names, and techniques for discovering potential evidence that might otherwise be overlooked.

Pages