Training Delivery - Live Video (VTC)

DF330 Advanced Digital Forensic Analysis: iOS & Android

This course provides the advanced skills and knowledge necessary to analyze data on iOS devices (iPod Touch, iPhone, and iPad) and Android devices at an advanced level. Students use forensically-sound tools and techniques to analyze potential evidence, employing advanced techniques to uncover evidence potentially missed or misrepresented by commercial forensic tools. Topics include identifying potential threats to data stored on devices, available acquisition options, accessing locked devices, and the default folder structure. Core skills include analyzing artifacts such as device information, call history, voicemail, messages, web browser history, contacts, and photos. Instruction is provided on developing the hunt methodology for analyzing third party applications not supported by commercial forensic tools.

Mobile device hardware fundamentals. How mobile devices work, store data, and interact with a variety of networks.
Device handling. Properly preserving data for imaging and analysis. Identifying potential threats to data integrity.
Device acquisition and security. Acquisition options (physical, logical, device backups). Bypassing passcodes and properly defeating encrypted backups of iOS devices.
Advanced analysis techniques. Mounting images, partitioning scheme and default folder structure, types of artifacts (plists, SQLite databases, etc.).

FC122 Intellectual Property Theft Training

This course introduces the problem of intellectual property theft and provides tools, techniques, and resources for investigating and prosecuting these crimes. A combination of lecture, discussion, and interactive exercises illustrates the potential dangers and economic repercussions of counterfeit products, as well as best practices and techniques for investigating IP theft. Students are provided with a state-specific folder that includes relevant statutes, sample organizational documents for IP investigations, and additional resources for investigators and prosecutors.

This course is presented in collaboration with the National Association of Attorneys General (NAAG).
Awareness. Types of IP crimes. The criminals who commit these crimes. Impacts and dangers.
Investigation. Online and traditional techniques. Working with brand experts and the private sector. Large amounts of evidence. Resources.
Statutes. Prosecutorial theories. State-specific discussion.
Hands-on experience. Work with real counterfeit products. Identify fakes with expert guidance.

CI102 Basic Cyber Investigations: Dark Web & Open Source Intelligence

This course provides expert guidance in the skills law enforcement officers need to conduct successful online investigations. Topics include IP addresses and domains, an overview of currently popular social media platforms, best practices for building an undercover profile, foundational knowledge related to the dark web, and the use of the dark web as an investigative tool. Instructors demonstrate both open-source and commercially-available investigative tools for social engineering, information gathering, and artifacts related to social media; as well as automated utilities to capture information and crawl websites.

*Internet basics. IP address assignment; resolving domains and IP addresses; networking overview.
*Popular sites. Facebook, Twitter, KiK Messenger, Snapchat, Instagram, tumblr, and more.
*The dark web. Surface, deep, and dark web; how data flows through the internet. Who uses the dark web and how?
*Tor. How to access Tor; how Tor traffic works; how a Tor Hidden Service works; installing and configuring the Tor Browser Bundle.

DF320 Advanced Digital Forensic Analysis: macOS

This course prepares students to identify various artifacts typically located in property lists and SQLite databases on MacOS-based computers, as well as learn how to perform forensic analysis. Students gain hands-on practical experience writing basic SQL queries and using to analyze operating system artifacts that includes, but is not limited to, user login passwords, FaceTime, messages, mail, contacts, calendars, reminders, notes, photos, Safari, Google Chrome, and Mozilla Firefox.

FC105 Financial Records Examination and Analysis

This course covers the acquisition, examination, and analysis of many types of financial records, including bank statements and checks, wire transfer records, and business records. Topics include recognizing and investigating common indicators of fraud, using spreadsheets to facilitate analysis and pattern recognition, and financial profiling. There is a strong focus on presenting financial evidence in multiple modalities: spreadsheet data outputs, graphic representations, and written/oral presentations.

*Introduction to analysis. Best practices. Finding patterns. Indicators of fraud. Presenting your findings.
*Financial records. Bank records. Business documents.
*Financial profiling. Methods of profiling. Reasons to create a profile. Creating a profile.
*Hands-on experience. Work a mock financial case as part of an investigative team.

DF101 Basic Digital Forensic Analysis: Windows Acquisition

This course provides the fundamental knowledge and skills required to acquire forensic backup images of commonly encountered forms of digital evidence (Microsoft Windows based computers and external storage devices) in a forensically sound manner. Presentations and hands-on practical exercises cover topics on storage media and how data is stored, the forensic acquisition process, tool validation, hardware and software write blockers, forensic backup image formats, and multiple forensic acquisition methods. Students will use third party tools, both free and commercial, that are currently used by practitioners in the field.

CI240 Intermediate Cyber Investigations: Virtual Currency

This course provides students with the fundamental knowledge and skills they need to investigate crimes involving virtual currency. Instructors explain foundational concepts like the characteristics of money, virtual currency, and cryptocurrency. Blockchain technology, proof work, and proof of stake are covered; and students learn how industry-leading cryptocurrencies (Bitcoin, Ethereum, and Monero) work and how they differ from each other. Finally, students learn investigative techniques for tracking and documenting transactions; and best practices for seizing and securing cryptocurrency.

*Virtual currency basics. History of money and of virtual currency. Categorizing virtual currency.
*Blockchain. History of the blockchain. Understanding different protocols.
*Cryptocurrencies in detail. Bitcoin, Ethereum, Monero and other privacy coins.
*Investigative techniques. Seizing virtual currency; tracking transactions through the blockchain; documenting investigative results.

FC101 Financial Investigations Practical Skills

This course provides hands-on investigative training at a basic level. Students develop the practical skills, insight, and knowledge necessary to manage a successful financial investigation from start to finish, including the acquisition and examination of financial records, interview skills, and case management and organization. Additional topics include forgery and embezzlement, financial exploitation of the elderly, working with spreadsheets, financial profiling, and state-specific statutes and legal issues.

*Emerging issues. Current trends in various types of financial crimes. Recent cases and their implications.
*Financial records. Learn to obtain and manage bank records, including basic spreadsheeting skills.
*Working with data. Extract leads and draw conclusions from bank records and other financial data.
*Hands-on experience. Work a mock financial case as part of an investigative team.

DF202 Intermediate Digital Forensic Analysis: Windows File Systems

This course provides students with the fundamental knowledge and skills necessary to perform a limited digital forensic examination, validate hardware and software tools, and effectively use digital forensic suites and specialized tools. The course begins with a detailed study of the digital forensic examination process, including documentation, case management, evidence handling, validation, and virtualization. Students learn to use todays leading commercial and open source digital forensic suites: Magnet Axiom, X-ways Forensic, and Autopsy. Instruction on each suite will include an interface overview, configuration, hashing, file signature analysis, keyword searching, data carving, bookmarking, and report creation.

*Digital forensic process. Evidence review; requests for examination; case management.
*Validation. Creation of validation images; validation testing.
*Effective tool usage. Tool interface; hashing; file signature analysis; data carving; searching; metadata; bookmarking.
*Reporting. General report structure; report templates; using tool-generated reports.

FC201 Financial Records Investigative Skills

This course builds on the concepts introduced in FC101 (FIPS) and FC105 (FREA), introducing investigators and prosecutors to emerging issues in financial crime. Topics include money laundering, analyzing large financial data sets, conducting effective interviews, and managing large amounts of financial evidence. This course consists of a mix of lecture, discussion, and hands-on exercises. Students conduct a mock investigation that includes interviews, data analysis, and the examination of various documents.

*Money laundering. Methods of laundering money. Tracing illegal funds. Emerging issues. FinCEN.
*Spreadsheeting skills. Spreadsheet architecture. Formulas and calculations. Pivot tables.
*Working with financial data. Benfords law analysis. Disentangling commingled funds.
*Hands-on experience. Work a mock financial case as part of an investigative team.

Pages