Judges

This webinar presented by subject matter experts will cover the skills necessary to perform advanced cyber investigations using legal, open source, and closed source data. Attendees will learn the concepts and possibilities on how to identify those committing the most heinous crimes. We will look at a range of techniques for finding the who done it, from obtaining more evidence to looking through the eye of the criminal and discovering how they chose and researched their victim. We will look at what can be done for crimes committed in public and private spaces. We will look at solutions for finding those selling opioids on the dark web through good, old-fashioned police work. We will discuss the interconnections between legal returns, open source, and closed source information by examining each and then walking through case studies where the methods were applied. We will discuss techniques for unmasking people who are using VPNs, TOR, encrypted email services, sock-puppet accounts, and more, followed by a conversation on the way of solving an investigation through the eyes and actions of a criminal, from before and after he/she committed the act. The webinar will provide a roadmap on how to complete these tasks efficiently and cost-effectively while protecting the civil rights of those we are committed to safeguarding. The NCPTF provides ongoing consultation, assistance, and guidance as needed to implement this training. The webinar is for executives and investigators from senior cyber and homicide investigators to new investigators, prosecutors, analysts, supervisors, and everyone in between.

This course introduces analysts to the broader concepts of connecting the dots through link analysis. A critical portion of conducting a successful analytical investigation is the ability to link together and understand the complexities of the connectedness between people and organizations. Introduction to Link Analysis expands on the basic principles of link and association analyses explored in the Foundations of Intelligence Analysis Training while building a framework for more advanced methods such as social network analysis.

This course introduces learners to the concept of digital footprints and best practices in protecting personally identifiable information (PII). Topics include limiting an individual’s digital footprint, protecting privacy on social media, and the consequences of oversharing personal information, as well as steps to take after becoming a target of doxing.

This one-day course, focused on device location information, is for law enforcement investigators and analysts. Class concepts include device identifiers (IDs) in general, advertising IDs in detail, important legal considerations, overall investigative process, and tools available to law enforcement. Students will use commercially available investigative tools for querying databases of Advertising IDs and displaying their recorded broadcast locations.

Mobile devices dominate the intake list and the desks of most digital forensics analysts globally. Devices are becoming more secure, with an increase in security; the need for detailed analysis is increasing as well. SQLite is a self-contained, serverless database engine. It is found on nearly every operating system and dominates iOS, Android, and macOS as one of the most prevalent and relevant data storage mechanisms. Rather than hope our forensic tools support the newest applications or be tethered to how a certain utility parses data, we can arm ourselves with the skills and techniques needed to conquer the analysis of nearly any application.

This course introduces analysts to the broader concepts of connecting the dots through link analysis. A critical portion of conducting a successful analytical investigation is the ability to link together and understand the complexities of the connectedness between people and organizations. Introduction to Link Analysis (ILA) expands on the basic principles of link and association analyses explored in the Foundations of Intelligence Analysis Training (FIAT) while building a framework for more advanced methods such as social network analysis.

This course provides expert guidance in the skills law enforcement officers need to conduct successful online investigations. Topics include IP addresses and domains, an overview of currently popular social media platforms, best practices for building an undercover profile, foundational knowledge related to the dark web, and the use of the dark web as an investigative tool. Instructors demonstrate both open source and commercially available investigative tools for social engineering, information gathering, and artifacts related to social media, as well as automated utilities to capture information and crawl websites.

Mobile devices dominate the intake list and the desks of most digital forensics analysts globally. Devices are becoming more secure, with an increase in security; the need for detailed analysis is increasing as well. SQLite is a self-contained, serverless database engine. It is found on nearly every operating system and dominates iOS, Android, and macOS as one of the most prevalent and relevant data storage mechanisms. Rather than hope our forensic tools support the newest applications or be tethered to how a certain utility parses data, we can arm ourselves with the skills and techniques needed to conquer the analysis of nearly any application.

This course provides students with the fundamental knowledge and skills they need to investigate crimes involving virtual currency. Instructors explain foundational concepts like the characteristics of money, virtual currency, and cryptocurrency. Blockchain technology, proof work, and proof of stake are covered, and students learn how industry-leading cryptocurrencies (Bitcoin, Ethereum, and Monero) work and how they differ from each other. Finally, students learn investigative techniques for tracking and documenting transactions and best practices for seizing and securing cryptocurrency.

This course provides the advanced skills and knowledge necessary to analyze data on iOS devices (iPod Touch, iPhone, and iPad) and Android devices at an advanced level. Students use forensically sound tools and techniques to analyze potential evidence, employing advanced techniques to uncover evidence potentially missed or misrepresented by commercial forensic tools. Topics include identifying potential threats to data stored on devices, using available acquisition options, accessing locked devices, and understanding the default folder structure. Core skills include analyzing artifacts such as device information, call history, voicemail, messages, web browser history, contacts, and photos. Instruction is provided on developing the "hunt" methodology for analyzing third-party applications not supported by commercial forensic tools.