Training Delivery - Live Video (VTC)

DF320 Advanced Digital Forensic Analysis: macOS

This course prepares students to identify various artifacts typically located in property lists and SQLite databases on MacOS-based computers, as well as learn how to perform forensic analysis. Students gain hands-on practical experience writing basic SQL queries and using to analyze operating system artifacts that includes, but is not limited to, user login passwords, FaceTime, messages, mail, contacts, calendars, reminders, notes, photos, Safari, Google Chrome, and Mozilla Firefox.

FC105 Financial Records Examination and Analysis

This course covers the acquisition, examination, and analysis of many types of financial records, including bank statements and checks, wire transfer records, and business records. Topics include recognizing and investigating common indicators of fraud, using spreadsheets to facilitate analysis and pattern recognition, and financial profiling. There is a strong focus on presenting financial evidence in multiple modalities: spreadsheet data outputs, graphic representations, and written/oral presentations.

*Introduction to analysis. Best practices. Finding patterns. Indicators of fraud. Presenting your findings.
*Financial records. Bank records. Business documents.
*Financial profiling. Methods of profiling. Reasons to create a profile. Creating a profile.
*Hands-on experience. Work a mock financial case as part of an investigative team.

FC201 Financial Records Investigative Skills

This course builds on the concepts introduced in FC101 (FIPS) and FC105 (FREA), introducing investigators and prosecutors to emerging issues in financial crime. Topics include money laundering, analyzing large financial data sets, conducting effective interviews, and managing large amounts of financial evidence. This course consists of a mix of lecture, discussion, and hands-on exercises. Students conduct a mock investigation that includes interviews, data analysis, and the examination of various documents.

*Money laundering. Methods of laundering money. Tracing illegal funds. Emerging issues. FinCEN.
*Spreadsheeting skills. Spreadsheet architecture. Formulas and calculations. Pivot tables.
*Working with financial data. Benfords law analysis. Disentangling commingled funds.
*Hands-on experience. Work a mock financial case as part of an investigative team.

IA103 Introduction to Strategic Intelligence Analysis

This course introduces analysts to the broader concepts of connecting the dots through link analysis. A critical portion of conducting a successful analytical investigation is the ability to link together and understand the complexities of the connectedness between people and organizations. Introduction to Link Analysis (ILA) expands on the basic principles of link and association analyses explored in the Foundations of Intelligence Analysis Training (FIAT) while building a framework for more advanced methods such as social network analysis.

Expanding basic knowledge of link and association analysis
Explaining the process of social network analysis
Understanding the visual mapping and mathematical components associated with link and social network analyses

DF205 Intermediate Digital Forensic Analysis: SQLite Primer

Mobile devices dominate the intake list, and the desks of most digital forensics analyst globally. Devices are becoming more secure, with an increase in security the need for detailed analysis is increasing as well. SQLite is a self-contained, serverless database engine. It is found on nearly every operating system and dominates iOS, Android, and macOS as one of the most prevalent and relevant data storage mechanisms. Rather than hope our forensic tools support the newest applications or be tethered to how a certain utility parses data we can arm ourselves with the skills and techniques needed to conquer the analysis of nearly any application.

What is SQLite and how to identify and analyze logically
Recognizing relevant locations of valuable data within SQLite database.
Develop skills needed for crafting custom SQLite queries.
Learn how to recognize and decode a variety of common timestamp formats.
Learn how to perform SQLite analysis with automation.

DF100 Basic Digital Forensic Analysis: Seizure

This course introduces the information and techniques law enforcement personnel need to safely and methodically collect and preserve digital evidence at a crime scene. Topics include recognizing potential sources of digital evidence; planning and executing a digital evidence-based seizure; and the preservation, packaging, documentation, and transfer of digital evidence.

*Prepare. Prepare to respond to an incident or crime scene where digital evidence may be present.
*Identify. Learn tow to identify relevant sources of digital evidence in an ever-evolving landscape.
*Collect. Learn the proper methods of digital evidence collection.
*Preserve. Build upon the three previous principles to ensure valid and legal preservation of digital evidence can occur.

CI240 Intermediate Cyber Investigations: Virtual Currency

This course provides students with the fundamental knowledge and skills they need to investigate crimes involving virtual currency. Instructors explain foundational concepts like the characteristics of money, virtual currency, and cryptocurrency. Blockchain technology, proof work, and proof of stake are covered; and students learn how industry-leading cryptocurrencies (Bitcoin, Ethereum, and Monero) work and how they differ from each other. Finally, students learn investigative techniques for tracking and documenting transactions; and best practices for seizing and securing cryptocurrency.

*Virtual currency basics. History of money and of virtual currency. Categorizing virtual currency.
*Blockchain. History of the blockchain. Understanding different protocols.
*Cryptocurrencies in detail. Bitcoin, Ethereum, Monero and other privacy coins.
*Investigative techniques. Seizing virtual currency; tracking transactions through the blockchain; documenting investigative results.

IA103 Introduction to Strategic Intelligence Analysis

This course introduces analysts to the broader concepts of connecting the dots through link analysis. A critical portion of conducting a successful analytical investigation is the ability to link together and understand the complexities of the connectedness between people and organizations. Introduction to Link Analysis (ILA) expands on the basic principles of link and association analyses explored in the Foundations of Intelligence Analysis Training (FIAT) while building a framework for more advanced methods such as social network analysis.

Expanding basic knowledge of link and association analysis
Explaining the process of social network analysis
Understanding the visual mapping and mathematical components associated with link and social network analyses

DF330 Advanced Digital Forensic Analysis: iOS & Android

This course provides the advanced skills and knowledge necessary to analyze data on iOS devices (iPod Touch, iPhone, and iPad) and Android devices at an advanced level. Students use forensically-sound tools and techniques to analyze potential evidence, employing advanced techniques to uncover evidence potentially missed or misrepresented by commercial forensic tools. Topics include identifying potential threats to data stored on devices, available acquisition options, accessing locked devices, and the default folder structure. Core skills include analyzing artifacts such as device information, call history, voicemail, messages, web browser history, contacts, and photos. Instruction is provided on developing the hunt methodology for analyzing third party applications not supported by commercial forensic tools.

Mobile device hardware fundamentals. How mobile devices work, store data, and interact with a variety of networks.
Device handling. Properly preserving data for imaging and analysis. Identifying potential threats to data integrity.
Device acquisition and security. Acquisition options (physical, logical, device backups). Bypassing passcodes and properly defeating encrypted backups of iOS devices.
Advanced analysis techniques. Mounting images, partitioning scheme and default folder structure, types of artifacts (plists, SQLite databases, etc.).

DF310 Advanced Digital Forensic Analysis: Windows

This course covers the identification and extraction of artifacts associated with the Microsoft Windows operating system. Topics include the Change Journal, BitLocker, and a detailed examination of the various artifacts found in each of the Registry hive files. Students also examine Event Logs, Volume Shadow Copies, link files, and thumbnails. This course uses a mixture of lecture, discussion, demonstration, and hands-on exercises.

Pages