Training Schedule


Jun 06, 2017
08:00 AM - 04:00 PM

Location: GHRCFL

Basic Network Intrusion Investigations

BNII covers the skills and techniques involved in responding to a network security incident. The course focuses on the identification, extraction, and detailed examination of artifacts associated with network and intrusions. Memory analysis, host machine forensics, network traffic and log analysis, malware analysis, and virtual machine sandboxing are covered through lecture, discussion, and hands-on exercises. Additional topics include key cybersecurity concepts and issues, as well as the various classifications and types of network attacks. Detailed description seen here: http://www.nw3c.org/training/cybercrime/126

Register


Jun 26, 2017
08:00 AM - 04:00 PM

Location: GHRCFL

Secure Techniques for Onsite Previewing

STOP covers the usage and configuration of two tools (WinFE and osTriage) designed to preview a non-mobile digital device and export files of evidentiary value. Students who bring the suggested materials listed above will be able to leave STOP with the same setup shown in class. Other topics include a detailed examination of the process of previewing: what previewing is, why and when it should be done, who can conduct a preview, and differences in procedure for starting a preview depending on whether a device is on or off. Detailed description seen here: http://www.nw3c.org/training/cybercrime/13

Register


Jun 28, 2017
08:00 AM - 04:00 PM

Location: GHRCFL

Basic Data Recovery and Acquisition

BDRA covers the fundamentals of computer operations, hardware function, configuration, and best practices for the protection, preservation, and imaging of digital evidence. Presentations and hands-on exercises cover topics such as partitioning, data storage, hardware and software write blockers, the boot-up and shut down processes, live imaging, encryption detection, and duplicate imaging. BDRA incorporates computer forensic applications that experienced practitioners are currently using in the field. Detailed description seen here: http://www.nw3c.org/training/cybercrime/4

Register


Aug 01, 2017
08:00 AM - 04:00 PM

Location: GHRCFL

Intermediate Data Recovery and Analysis

IDRA builds on the concepts introduced in BDRA. It covers the architecture and functionality of the Windows NT File System (NTFS), the FAT File System, and related directory entry information for locating files on electronic devices. Topical areas include file headers and file hashing, recovery of deleted files and long file names, and techniques for discovering potential evidence that might otherwise be overlooked. IDRA incorporates an investigative scenario, providing hands-on experience with hard drive examination. Detailed description seen here: http://www.nw3c.org/training/cybercrime/16

Register


Sep 12, 2017
08:00 AM - 04:00 PM

Location: GHRCFL

Windows Artifacts

WinArt covers the identification and extraction of artifacts associated with the current versions of Microsoft Windows operating systems (Vista through Windows 10) and the NT file system. Topics include the change journal, BitLocker, and a detailed examination of the various artifacts found in each of the registry hive files. Students examine event logs, volume shadow copies, link files, and thumbnails. WinArt uses a mixture of lecture, discussion, demonstration, and hands-on exercises. Detailed description seen here: http://www.nw3c.org/training/cybercrime/22

Register