Training Delivery - Live Video (VTC) | Page 8

CI130 Basic Cyber Investigations: Cellular Records Analysis

This course is for officers, investigators, and analysts who encounter cell phone evidence that includes information external to the phone. Class concepts include instruction on how to request, read, and analyze call detail records from cellular providers; and how to plot cellular site locations to determine the approximate position of a suspect during a given period. No special hardware or software is required. However, this course focuses heavily on analysis; as such, a strong working knowledge of Microsoft Excel is highly recommended. Students are provided with a free copy of NW3Cs PerpHound tool, which assists in the plotting of call detail record locations.

*Cellular technology. Land-line and cellular networks. Types and generations of cell phones. Cell site design and its implications for law enforcement.
*Analysis of call detail records. Request information from service providers. Convert records into a useful format. *Merge two related spreadsheets. Read and analyze using filters, sorting, and pivot tables. Plot location information.
*Hands-on experience. Hands-on experience with NW3Cs free software tool PerpHound and Microsoft Excel to analyze various types of records that are available from cellular providers.

DF202 Intermediate Digital Forensic Analysis: Windows File Systems

This course provides students with the fundamental knowledge and skills necessary to perform a limited digital forensic examination, validate hardware and software tools, and effectively use digital forensic suites and specialized tools. The course begins with a detailed study of the digital forensic examination process, including documentation, case management, evidence handling, validation, and virtualization. Students learn to use todays leading commercial and open source digital forensic suites: Magnet Axiom, X-ways Forensic, and Autopsy. Instruction on each suite will include an interface overview, configuration, hashing, file signature analysis, keyword searching, data carving, bookmarking, and report creation.

*Digital forensic process. Evidence review; requests for examination; case management.
*Validation. Creation of validation images; validation testing.
*Effective tool usage. Tool interface; hashing; file signature analysis; data carving; searching; metadata; bookmarking.
*Reporting. General report structure; report templates; using tool-generated reports.

DF330 Advanced Digital Forensic Analysis: iOS & Android

This course provides the advanced skills and knowledge necessary to analyze data on iOS devices (iPod Touch, iPhone, and iPad) and Android devices at an advanced level. Students use forensically-sound tools and techniques to analyze potential evidence, employing advanced techniques to uncover evidence potentially missed or misrepresented by commercial forensic tools. Topics include identifying potential threats to data stored on devices, available acquisition options, accessing locked devices, and the default folder structure. Core skills include analyzing artifacts such as device information, call history, voicemail, messages, web browser history, contacts, and photos. Instruction is provided on developing the hunt methodology for analyzing third party applications not supported by commercial forensic tools.

Mobile device hardware fundamentals. How mobile devices work, store data, and interact with a variety of networks.
Device handling. Properly preserving data for imaging and analysis. Identifying potential threats to data integrity.
Device acquisition and security. Acquisition options (physical, logical, device backups). Bypassing passcodes and properly defeating encrypted backups of iOS devices.
Advanced analysis techniques. Mounting images, partitioning scheme and default folder structure, types of artifacts (plists, SQLite databases, etc.).

DF310 Advanced Digital Forensic Analysis: Windows

This course covers the identification and extraction of artifacts associated with the Microsoft Windows operating system. Topics include the Change Journal, BitLocker, and a detailed examination of the various artifacts found in each of the Registry hive files. Students also examine Event Logs, Volume Shadow Copies, link files, and thumbnails. This course uses a mixture of lecture, discussion, demonstration, and hands-on exercises.

FC101 Financial Investigations Practical Skills

This course provides hands-on investigative training at a basic level. Students develop the practical skills, insight, and knowledge necessary to manage a successful financial investigation from start to finish, including the acquisition and examination of financial records, interview skills, and case management and organization. Additional topics include forgery and embezzlement, financial exploitation of the elderly, working with spreadsheets, financial profiling, and state-specific statutes and legal issues.

*Emerging issues. Current trends in various types of financial crimes. Recent cases and their implications.
*Financial records. Learn to obtain and manage bank records, including basic spreadsheeting skills.
*Working with data. Extract leads and draw conclusions from bank records and other financial data.
*Hands-on experience. Work a mock financial case as part of an investigative team.

IA101 Foundations of Intelligence Analysis Training

This course addresses the critical need for well-trained intelligence analysts to interpret growing amounts of information. Topics include the intelligence cycle, analytical thinking skills, the importance of strategic analysis, communication and social media analysis, recommendation development, and legal and ethical issues. Students work hands-on with specialized software to synthesize information and develop various products of intelligence. The course was developed by a consortium that included NW3C, Law Enforcement Intelligence Units (LEIU), the International Association of Law Enforcement Intelligence Analysis (IALEIA), and the Regional Information Sharing System (RISS).

*Analysis basics. History and purpose of intelligence analysis. Legal issues and ethics. Sources of information. The intelligence cycle.
*Types of analysis. Crime patterns. Associations. Flow. Communications. Financial analysis.
*Creative and critical thinking. Brainstorming. Mind mapping. Steps to critical thinking.
*Deterring crime. Strategic analysis as a tool for law enforcement personnel.
*Hands-on experience. Work as part of a team to analyze information pertaining to several hypothetical cases.

FC203 Financial Investigations: Beyond the Basics

This three-day course covers the fundamentals of financial investigations and incorporates some of the more advanced processes that elevate an investigation. During this course, students will learn about investigative processes, practical tools, and sources of information necessary to plan and conduct financial investigations. The course begins with a description of the basic composition of elements within illicit financial networks and how they work to compromise legitimate business and financial sectors. Course material will describe government, regulatory, and investigative actions within the United States, and by international partners to detect and investigate illicit actors and networks. The course also includes considerations for investigation planning and promotion of creative thinking.

IA300 Advanced Criminal Intelligence: Tradecraft and Analysis

This three-day course is dedicated to studying the fundamentals of quantitative and qualitative data analysis and how to formulate arguments in support of criminal investigations and intelligence. Students will learn about data management techniques and a disciplined process to clean and standardize data in preparation for analysis. The course will also explore several common investigative objectives, including the discovery of associations between people and entities, the correlation between unlawful activity and suspects, behavioral affinities, and predictions. The course will introduce the Enterprise Theory of Crime and how to use network analysis to formulate conclusions about the structure of criminal organizations, their players and roles, the identification of facilitators, charting of financial arrangements, and connections to unlawful activity. The course enables the production of valuable, accurate, and efficient logical inferences produced by collecting data related to unlawful activity.

FC204 Combating Transnational Crime & Terrorism Financing

An effective financial investigation can disrupt terrorism organizations and interrupt, deter, or even stop operational terrorism activities before they can begin. In this three-day course, students develop an understanding of how financial systems are used to support terrorism activities and transnational criminal organizations. Students will work with tools and methods to investigate the manipulation of financial, communication, and business systems used for illicit purposes. Students will learn how to work with suspicious activity reports, crucial financial records such as Society for Worldwide Interbank Financial Telecommunications (SWIFT) messaging, and records used in banking and money services businesses. They will also learn how to gather information and evidence on other means of value transfer methods associated with money laundering, the black-market peso and forms of trade-based money laundering, hawala, and other alternate remittance systems, and virtual assets (cryptocurrency).

Search form

Training Delivery - Live Video (VTC)

Pages