Training Schedule


May 16, 2017
08:00 AM - 04:00 PM

Location: GHRCFL

Cell Phone Mapping and Analysis

CPMA covers the acquisition and analysis of the various types of call detail records obtained from cellular providers. CPMA focuses on data analysis using Microsoft Excel, as well as techniques for presenting findings in case reports or in court. CPMA students receive a copy of PerpHound, NW3C’s free software tool for the analysis of call detail records. Detailed description seen here: http://www.nw3c.org/training/cybercrime/118

Register


May 18, 2017
08:00 AM - 04:00 PM

Location: GHRCFL

Social Media & Technical Skills

SMTS covers the skills investigators need to conduct successful online investigations involving social media. Topics include internet basics such as IP addresses and domains, an overview of currently popular social media platforms, and best practices for building an online undercover profile. Instructors demonstrate both open-source and commercially-available investigative tools for social engineering, information gathering, and artifacts related to social media; as well as automated utilities to capture information and crawl websites. Detailed description seen here: http://www.nw3c.org/training/cybercrime/100

Register


Jun 06, 2017
08:00 AM - 04:00 PM

Location: GHRCFL

Basic Network Intrusion Investigations

BNII covers the skills and techniques involved in responding to a network security incident. The course focuses on the identification, extraction, and detailed examination of artifacts associated with network and intrusions. Memory analysis, host machine forensics, network traffic and log analysis, malware analysis, and virtual machine sandboxing are covered through lecture, discussion, and hands-on exercises. Additional topics include key cybersecurity concepts and issues, as well as the various classifications and types of network attacks. Detailed description seen here: http://www.nw3c.org/training/cybercrime/126

Register


Jun 26, 2017
08:00 AM - 04:00 PM

Location: GHRCFL

Secure Techniques for Onsite Previewing

STOP covers the usage and configuration of two tools (WinFE and osTriage) designed to preview a non-mobile digital device and export files of evidentiary value. Students who bring the suggested materials listed above will be able to leave STOP with the same setup shown in class. Other topics include a detailed examination of the process of previewing: what previewing is, why and when it should be done, who can conduct a preview, and differences in procedure for starting a preview depending on whether a device is on or off. Detailed description seen here: http://www.nw3c.org/training/cybercrime/13

Register


Jun 28, 2017
08:00 AM - 04:00 PM

Location: GHRCFL

Basic Data Recovery and Acquisition

BDRA covers the fundamentals of computer operations, hardware function, configuration, and best practices for the protection, preservation, and imaging of digital evidence. Presentations and hands-on exercises cover topics such as partitioning, data storage, hardware and software write blockers, the boot-up and shut down processes, live imaging, encryption detection, and duplicate imaging. BDRA incorporates computer forensic applications that experienced practitioners are currently using in the field. Detailed description seen here: http://www.nw3c.org/training/cybercrime/4

Register


Aug 01, 2017
08:00 AM - 04:00 PM

Location: GHRCFL

Intermediate Data Recovery and Analysis

IDRA builds on the concepts introduced in BDRA. It covers the architecture and functionality of the Windows NT File System (NTFS), the FAT File System, and related directory entry information for locating files on electronic devices. Topical areas include file headers and file hashing, recovery of deleted files and long file names, and techniques for discovering potential evidence that might otherwise be overlooked. IDRA incorporates an investigative scenario, providing hands-on experience with hard drive examination. Detailed description seen here: http://www.nw3c.org/training/cybercrime/16

Register


Sep 12, 2017
08:00 AM - 04:00 PM

Location: GHRCFL

Windows Artifacts

WinArt covers the identification and extraction of artifacts associated with the current versions of Microsoft Windows operating systems (Vista through Windows 10) and the NT file system. Topics include the change journal, BitLocker, and a detailed examination of the various artifacts found in each of the registry hive files. Students examine event logs, volume shadow copies, link files, and thumbnails. WinArt uses a mixture of lecture, discussion, demonstration, and hands-on exercises. Detailed description seen here: http://www.nw3c.org/training/cybercrime/22

Register