Training Delivery - Live Video (VTC)

CI130 Basic Cyber Investigations: Cellular Records Analysis

This course is for officers, investigators, and analysts who encounter cell phone evidence that includes information external to the phone. Class concepts include instruction on how to request, read, and analyze call detail records from cellular providers; and how to plot cellular site locations to determine the approximate position of a suspect during a given period. No special hardware or software is required. However, this course focuses heavily on analysis; as such, a strong working knowledge of Microsoft Excel is highly recommended. Students are provided with a free copy of NW3Cs PerpHound tool, which assists in the plotting of call detail record locations.

*Cellular technology. Land-line and cellular networks. Types and generations of cell phones. Cell site design and its implications for law enforcement.
*Analysis of call detail records. Request information from service providers. Convert records into a useful format. *Merge two related spreadsheets. Read and analyze using filters, sorting, and pivot tables. Plot location information.
*Hands-on experience. Hands-on experience with NW3Cs free software tool PerpHound and Microsoft Excel to analyze various types of records that are available from cellular providers.

DF320 Advanced Digital Forensic Analysis: macOS

This course prepares students to identify various artifacts typically located in property lists and SQLite databases on MacOS-based computers, as well as learn how to perform forensic analysis. Students gain hands-on practical experience writing basic SQL queries and using to analyze operating system artifacts that includes, but is not limited to, user login passwords, FaceTime, messages, mail, contacts, calendars, reminders, notes, photos, Safari, Google Chrome, and Mozilla Firefox.

FC122 Intellectual Property Theft Training

This course introduces the problem of intellectual property theft and provides tools, techniques, and resources for investigating and prosecuting these crimes. A combination of lecture, discussion, and interactive exercises illustrates the potential dangers and economic repercussions of counterfeit products, as well as best practices and techniques for investigating IP theft. Students are provided with a state-specific folder that includes relevant statutes, sample organizational documents for IP investigations, and additional resources for investigators and prosecutors.

This course is presented in collaboration with the National Association of Attorneys General (NAAG).
Awareness. Types of IP crimes. The criminals who commit these crimes. Impacts and dangers.
Investigation. Online and traditional techniques. Working with brand experts and the private sector. Large amounts of evidence. Resources.
Statutes. Prosecutorial theories. State-specific discussion.
Hands-on experience. Work with real counterfeit products. Identify fakes with expert guidance.

DF205 Intermediate Digital Forensic Analysis: SQLite Primer

Mobile devices dominate the intake list, and the desks of most digital forensics analyst globally. Devices are becoming more secure, with an increase in security the need for detailed analysis is increasing as well. SQLite is a self-contained, serverless database engine. It is found on nearly every operating system and dominates iOS, Android, and macOS as one of the most prevalent and relevant data storage mechanisms. Rather than hope our forensic tools support the newest applications or be tethered to how a certain utility parses data we can arm ourselves with the skills and techniques needed to conquer the analysis of nearly any application.

What is SQLite and how to identify and analyze logically
Recognizing relevant locations of valuable data within SQLite database.
Develop skills needed for crafting custom SQLite queries.
Learn how to recognize and decode a variety of common timestamp formats.
Learn how to perform SQLite analysis with automation.

FC201 Financial Records Investigative Skills

This course builds on the concepts introduced in FC101 (FIPS) and FC105 (FREA), introducing investigators and prosecutors to emerging issues in financial crime. Topics include money laundering, analyzing large financial data sets, conducting effective interviews, and managing large amounts of financial evidence. This course consists of a mix of lecture, discussion, and hands-on exercises. Students conduct a mock investigation that includes interviews, data analysis, and the examination of various documents.

*Money laundering. Methods of laundering money. Tracing illegal funds. Emerging issues. FinCEN.
*Spreadsheeting skills. Spreadsheet architecture. Formulas and calculations. Pivot tables.
*Working with financial data. Benford's law analysis. Disentangling commingled funds.
*Hands-on experience. Work a mock financial case as part of an investigative team.

DF205 Intermediate Digital Forensic Analysis: SQLite Primer

Mobile devices dominate the intake list, and the desks of most digital forensics analyst globally. Devices are becoming more secure, with an increase in security the need for detailed analysis is increasing as well. SQLite is a self-contained, serverless database engine. It is found on nearly every operating system and dominates iOS, Android, and macOS as one of the most prevalent and relevant data storage mechanisms. Rather than hope our forensic tools support the newest applications or be tethered to how a certain utility parses data we can arm ourselves with the skills and techniques needed to conquer the analysis of nearly any application.

What is SQLite and how to identify and analyze logically
Recognizing relevant locations of valuable data within SQLite database.
Develop skills needed for crafting custom SQLite queries.
Learn how to recognize and decode a variety of common timestamp formats.
Learn how to perform SQLite analysis with automation.

DF201 Intermediate Digital Forensic Analysis: Automated Forensic Tools

This course provides students with the fundamental knowledge and skills necessary to perform a limited digital forensic examination, validate hardware and software tools, and effectively use digital forensic suites and specialized tools. The course begins with a detailed study of the digital forensic examination process, including documentation, case management, evidence handling, validation, and virtualization. Students learn to use todays leading commercial and open source digital forensic suites: Magnet Axiom, X-ways Forensic, and Autopsy. Instruction on each suite will include an interface overview, configuration, hashing, file signature analysis, keyword searching, data carving, bookmarking, and report creation.

*Digital forensic process. Evidence review; requests for examination; case management.
*Validation. Creation of validation images; validation testing.
*Effective tool usage. Tool interface; hashing; file signature analysis; data carving; searching; metadata; bookmarking.
*Reporting. General report structure; report templates; using tool-generated reports.

CI240 Intermediate Cyber Investigations: Virtual Currency

This course provides students with the fundamental knowledge and skills they need to investigate crimes involving virtual currency. Instructors explain foundational concepts like the characteristics of money, virtual currency, and cryptocurrency. Blockchain technology, proof work, and proof of stake are covered; and students learn how industry-leading cryptocurrencies (Bitcoin, Ethereum, and Monero) work and how they differ from each other. Finally, students learn investigative techniques for tracking and documenting transactions; and best practices for seizing and securing cryptocurrency.

*Virtual currency basics. History of money and of virtual currency. Categorizing virtual currency.
*Blockchain. History of the blockchain. Understanding different protocols.
*Cryptocurrencies in detail. Bitcoin, Ethereum, Monero and other privacy coins.
*Investigative techniques. Seizing virtual currency; tracking transactions through the blockchain; documenting investigative results.

IA101 Foundations of Intelligence Analysis Training

This course addresses the critical need for well-trained intelligence analysts to interpret growing amounts of information. Topics include the intelligence cycle, analytical thinking skills, the importance of strategic analysis, communication and social media analysis, recommendation development, and legal and ethical issues. Students work hands-on with specialized software to synthesize information and develop various products of intelligence. The course was developed by a consortium that included NW3C, Law Enforcement Intelligence Units (LEIU), the International Association of Law Enforcement Intelligence Analysis (IALEIA), and the Regional Information Sharing System (RISS).

*Analysis basics. History and purpose of intelligence analysis. Legal issues and ethics. Sources of information. The intelligence cycle.
*Types of analysis. Crime patterns. Associations. Flow. Communications. Financial analysis.
*Creative and critical thinking. Brainstorming. Mind mapping. Steps to critical thinking.
*Deterring crime. Strategic analysis as a tool for law enforcement personnel.
*Hands-on experience. Work as part of a team to analyze information pertaining to several hypothetical cases.

FC111 Financial Crimes Against Seniors Seminar

This course promotes a multi-agency approach to the problem of financial exploitation of senior citizens. Topics include working with senior victims, examining documents like bank records and power of attorney, and resources for investigation and community awareness. Detailed examination of a case study from initial complaint to prosecution reinforces and illustrates the course content. With a dual focus on financial abuse by trusted persons and common scams aimed at seniors, the course introduces senior-specific investigative skills while facilitating networking and cooperation that can extend out of the classroom and into real cases.

Pages