Training Delivery - Classroom Training/Onsite

This course provides attendees with fundamental knowledge and skills related to the dark web and virtual currency. The course focuses on the investigation of crimes committed on or through the dark web, how the dark web can be used as an investigative tool, and the investigation of crimes involving virtual currency.

Course structure:

This course provides the fundamental knowledge and skills necessary to preserve, acquire, and analyze data on iOS devices (iPod Touch, iPhone, and iPad), as well as various Android devices. Students use forensically sound tools and techniques to acquire and analyze potential evidence. Topics include identifying potential threats to data stored on devices, available imaging options, accessing locked devices, and the default folder structure. The forensic artifacts covered include device information, call history, voicemail, messages, web browser history, contacts, and photos.

This course covers the skills and techniques involved in responding to a network security incident. The course focuses on the identification, extraction, and detailed examination of artifacts associated with network and intrusions. Memory analysis, host machine forensics, network traffic and log analysis, malware analysis, and virtual machine sandboxing are covered through lecture, discussion, and hands-on exercises. Additional topics include key cybersecurity concepts and issues, as well as the various classifications and types of network attacks.

This course covers the usage and configuration of two tools (Paladin/Autopsy and osTriage) designed to preview a non-mobile digital device and export files of evidentiary value. Day One is designed to preview a non-mobile digital device and export files of evidentiary value from a device that is powered on. Day Two is designed to preview a non-mobile digital device and export files of evidentiary value from a device that is powered off. Students who bring an external USB hard drive (32GB minimum) will be able to leave with the same setup shown in class. Other topics include a detailed examination of the process of previewing: what previewing is, why and when it should be done, who can conduct a preview, and differences in procedure for starting a preview depending on whether a device is on or off. * What is previewing? Learn why you should preview, who can perform a preview, when to conduct a preview, and how to start a preview whether a device is on or off. * Paladin/Autopsy. Forensically boot a device, then quickly preview and export digital evidence found on scene. * osTriage. Identify when encryption is present, image RAM memory, display browser history, preview and export existing files, and much more. * Hands-on experience. Work with Paladin/Autopsy and osTriage, and leave the course with the same setup shown in class.