This three-day advanced level course will equip you with the practical skills and competencies required to identify and extract various sources of data recoverable from Unmanned Aircraft Systems (UAS), also known as Drones, including their associated control devices in line with approved best practices.
Using leading research and development from Spyder Forensics, this course will introduce you to the world of UAV’s and instruct you how to fly a Drone followed by best practices in conducting forensically sound extractions and analysis of UAS data for use as evidence or intelligence gathering. Attendees will learn how to collect data from within the aircraft using non-destructive processes utilizing industry-standard tools to create forensic collections of storage media that include flight logs, aircraft data, photo, and video files without the need to disassemble the aircraft or controller. Students will then learn procedures in the acquisition of application data found on the mobile device.
Once data has been acquired, attendees will master how to analyze the flight logs and user data using software originally designed to work with these types of structures, gaining knowledge on workflows to connect data between the drone application and the flight data recovered from the aircraft.
This course uses non-destructive processes to extract and analyze the data from all hardware in the UAS including the handheld device, mobile application, and drone. All software used in class can be used in the DFIR lab free of charge and without the need to purchase additional applications to conduct a Drone examination.
This is a five-day course is designed for the investigator/examiner entering the field of digital forensics and provides the fundamental knowledge to comprehend and investigate incidents involving electronic devices. The course covers in depth architecture and functionality of the NTFS and FAT File Systems and their related metadata pertaining to stored objects on the physical media. Attendees will gain insight into partitioning structures and disk layouts and the effects of formatting volumes that contain existing data. File management and directory structure characteristics will be examined in detail as well as techniques for discovering potential evidence that maybe pivotal to a successful examination. This will be followed by topical areas of interest to include file headers and file hashing and recovery of deleted files and basic analysis of a windows-based system. This course incorporates an investigative scenario, providing hands-on experience with examination of collected evidence
This 4 day intermediate class is designed to provide the student with the skills and techniques to response to a cyber intrusion incident. The students will learn the anatomy of an intrusion, collection of memory and volatile artifacts, and techniques to unravel the mystery of how the network was compromised.
The Advanced Windows 10 Forensic analysis class is an expert-level four-day training course, designed for examiners who are familiar with the principles of digital forensics and keen to expand their knowledge on advanced forensics using a host of third-party tools to improve their computer investigations.
The Spyder Forensic Advanced Windows® 10 Forensic Analysis course will give participants unbiased knowledge and skills necessary to analyze artifacts left behind through system and user interaction with the host system, utilizing industry standard tools and open source applications to explore the data in greater depth by learning how applications function and store data in the file system.
Students will learn to use various applications and utilities to successfully identify, process, understand and document numerous Windows® artifacts that are vitally important to forensic investigations. The participant will also gain knowledge on how to process Edge browser history, cookies, temp files InPrivate browsing challenges and analysis, BitLocker encryption, Windows® Action Center (Notifications SQLite Database) and other Windows® 10 specific artifacts. The course includes gaining in depth knowledge of JumpLists, Registry analysis and prefetch files, Timeline and how they relate to forensic investigations and conclude with an in-depth look into OneDrive and synchronization processes between trusted devices.
Students will use a variety of open source and leading forensic applications to examine key artifacts through multiple hands on labs and student practical’s.
ISP = In-System Programming Learning how to perform In-System Programming techniques to extract data from flash memory chips
JTAG = Joint Test Action Group Learning the proper steps to extract memory data and create pin-out views of integrated circuits
Advanced ISP – JTAG Cell Phone Data Recovery is a certified 5-day course where students learn how to recover data from embedded systems that are locked, damaged or unsupported. This recovery method works on newer devices that store data on eMMC or eMCP flash memory chips and recovered through the device’s test points. Students will learn how to properly identify test points and then create ISP pin-out diagrams that can be used for future digital forensic cases. Students will also learn how to access JTAG connections and apply techniques and methods in order to bypass security and perform memory acquisitions and analysis of this evidence. Course tuition includes the H-11 ISP-JTAG Forensic Kit.
The H-11 Python
for Advanced Mobile-Forensics Analysis Course will take a mobile-forensics
practitioner beyond simply pointing and clicking. This course will provide
students the ability to search out and decode data that hasn’t been found, was
missed, and not analyzed by automated mobile-forensic tools. Students will use
Python both in and outside the mobile-forensic tool to quickly take raw data
and make it presentable and reportable.
use a variety of proprietary and open-source tools, including database-analysis
tools, raw-data conversion utilities, Python libraries and other tools to learn
skills and techniques for finding low-level evidence data found on smart
The purpose of
this course is to give forensic analysts in-depth knowledge and techniques on
how smart devices connect and communicate on wireless networks and help them
use that information to further their investigations. Students will learn
skills to identify: geolocating and mapping historical device locations,
enumerating the ways in which the device communicates on the networks, find
additional devices and networks that the device has communicated with, enrich
the phone’s data with open-source intelligence (OSINT), use advanced Python
scripts to export evidence data, and create meaningful reports to convey
information to investigators.
|Apple® Forensic Investigations is composed of the essential techniques that every forensic professional needs. Specially crafted by BlackBag's expert instructors, this course has something for every level of forensic experience. 5 day course.|
|Over a period of two days, the BlackLight Basic Training course will offer a hands-on investigative approach addressing best practice techniques for authenticating, analyzing and reporting digital evidence found on Mac OS X computers, iOS (iPhone, iPad, and iPod Touch) devices and Windows systems. Coursework covers the use of BlackLight, a comprehensive triage and analysis tool designed to help investigators conduct digital forensic examinations. After a brief introduction to MacQuisition, BlackBag’s imaging tool, students will triage a full case and learn the advanced functions of BlackLight though instructor-led exercises and hands-on practical case|
Cellebrite Advanced Smartphone Analysis (CASA) Course - Advanced
The Cellebrite Advanced Smartphone Analysis (CASA) class is an expert level four day, twenty eight hour course lead by Cellebrite Certi ed Instructors (CCIs). During this Expert Series course students will take an in-depth look into the challenges presented by iOS, Android and Windows Mobile devices. This hands-on class focuses on forensic recovery of application data in SQLite databases, defeating passcodes. In addition, they will learn about analyzing user data in iOS, Android and Windows Mobile devices. In addition to Cellebrite Physical Analyzer software, a variety of forensic investigative methods are used to get the information you need
Cellebrite's Advanced JTAG Extraction (CAJE) training is an expert level four-day certification course lead by Cellebrite Certified Instructors (CCIs).During this course, participants will learn about the JTAG process, electrical theory, methodologies, and purpose as well as understand the equipment and accessories necessary for successful JTAG extractions. Instructors will help attendees to not only develop, but also to hone fundamental soldering skills, gain practical knowledge with hands-on practice as well as share best practices and legal considerations for processing JTAG extractions. Additionally, participants will learn how to fully leverage the Physical Analyzer to decode JTAG extractions properly. As part of their attendance, participants will receive a RIFF 2 JTAG box, a Z3X Pro (Easy JTAG) box, a Molex adapter kit, a class specific toolkit, and a Cellebrite soldering practice board.
|The Cellebrite Advanced Smartphone Analysis (CASA) class is an expert level four-day, 28-hour course lead by Cellebrite Certified Instructors (CCIs). During this Expert Series course, students will take an in-depth look at the forensic recovery of application data found in today’s smartphones. This class is recommended for those familiar with UFED Physical Analyzer or who have completed the CCPA course. In this course, participants will learn how to decode information which is not decoded by forensic tools. They will also utilize third-party software and Python scripts to analyze, verify and validate findings. NOTE: This course uses advanced functions in UFED Physical Analyzer software, attending CCPA prior to this course is strongly recommended.|
This is the the entry level course for Celebrate Operator training. The 2 day hands on course covers:
• UFED Touch overview and logical, password, and SIM
• extractions plus SIM cloning
• UFED Logical Analyzer and UFED reader overview
• Reporting on technical findings
This course is also available via on demand online (as a cheaper option)
|This is a hands on 3 days course for Physical Analyst. The course includes:|
• File systems and media encoding
• UFED Touch overview: File system & physical extractions with password bypass
• UFED Physical Analyzer overview
• Advanced search techniques
• Verification and validation of findings
• Reporting on technical findings
• Plug-in chain manager
• Smart device overview and challenges
This course is also available via on demand online (as a cheaper option)
|This hands-on course involves practical exercises and real-life simulations in the use of EnCase® Forensic (EnCase) Version 8. The class provides participants with an understanding of the proper handling of digital evidence from the initial seizure of the computer/media, acquisition concepts, including live evidence acquisition. Instruction then progresses to the analysis of the data. It concludes with basic report creation and archiving, validating the data, and restoring the case.|
|This hands-on 4 day course is designed for investigators with strong computer skills, prior computer forensics training, and experience using the EnCase® Forensic (EnCase). This course builds upon the skills covered in the DF120 – Foundations of Digital Forensics course and enhances the examiner's ability to work efficiently through the use of the unique features of EnCase. Students must understand evidence handling, the structure of the evidence file, creating and using case files, and data acquisition methods, including DOS-based, hardware write protected, crossover cable, and disk-to-disk. It is also important that the students are familiar with the methods for recovering deleted files and folders in a FAT environment, conducting keyword searches across logical and physical media, creating and using EnCase® bookmarks, file signatures and signature analysis, and locating and understanding Windows® artifacts. |
**Formerly EnCase Advanced Computer Forensics
This hands-on course is designed for examiners with solid computer skills, seeking to learn advanced concepts in analyzing Windows artifacts. The participants will be provided instruction that includes parsing and analysis techniques on registry data, volume shadow service, random access memory, zip file structures, prefetch, and SQLite content.
This hands-on course involves practical exercises and challenging real-life case investigations pertaining to Internet-based investigations. Artifacts from popular peer-to-peer and file sharing programs, such as BitTorrent, Ares, and Gigatribe will be retrieved and examined. Emails and the Internet are the cornerstones of consumer and business use. Virtually all examinations ranging from corporate to criminal to cybersecurity investigations will involve the interrogation of email and Internet data. Artifacts from the most widely utilized Internet browsers, including Internet Explorer/Edge, Firefox, and Chrome will be analyzed.
This online course is designed to provide owners of the EnCase eDiscovery product with essential skills to maximize use. At the end of this one-day course students will be able to create legal holds and manage custodians. The class provides participants with hands-on practice, browsing collected electronically stored information and tagging content appropriately. Finally legal team members will be able to report on the status of e-discovery legal holds, collections, and reviewed data.
This 3 day Advanced File Systems technical course will explore the workings of all the major file systems (FAT, NTFS, EXFAT, Ext2/3/4, HFS, HFS+).
Forensic Explorer (FEX) is a specialized software tool engineered for the preservation, analysis and presentation of electronic evidence. Primary users of this software are law enforcement, government, military and corporate investigation agencies. This three-day certified training course has been developed to educate all levels of digital forensic investigators on how to best utilize FEX. Participants will perform practical hands on assessment and theory test throughout the training. At the conclusion and successful completion of the course, participants will be awarded the Forensic Explorer Certified Examiner, (FEXCE).
3-Day instructor led course focused on systematic and efficient examination of computer media using X-Ways Forensics.
Complete and systematic coverage of all computer forensics features in WinHex and X-Ways Forensics. Hands-on exercises, simulating most aspects of the complete computer forensics process. Attendees are encouraged to immediately try newly gained insights as provided by the instructor, with sample image files. Many topics are explained along with their theoretical background (e.g. how .e01 files work internally, how hash databases are internally structured, how deleted partitions are found automatically, with what methods X-Ways Forensics finds deleted files). Other topics are forensically sound disk imaging and cloning, data recovery, search functions, dynamic filtering, report creation, ... Emphasis can be put on any aspect suggested by the participants. You will receive complete printed training material for later repetition. Prerequisite: basic knowledge of computer forensics.
3-Day instructor led course focused on systematic and efficient examination of computer media using X-Ways Forensics.
2-Day Instructor led course focused on file systems using X-Ways Forensics.
Extensive introduction to the file systems FAT12, FAT16, FAT32 (1/2 day), NTFS (1 day), and Ext2/Ext3 (1/2 day). By fully understanding the on-disk structures of the file system, you are able to recover data manually in many severe data loss scenarios, where automated recovery software fails, and to verify the correct function of computer forensics software and to collect meta information beyond what is reported automatically, which might yield clues for the given case. In general, this also leads to a better understanding of the data presented by forensic software, of how computer forensics software works and of its limitations.
This web-based class will enable users to become proficient in the use of IntellaÂ®, Voundâ€™s innovative email investigation and eDiscovery tool. Intellaâ€™s powerful indexing search engine, its unique visual presentation enables users to quickly, and easily search and review email and electronically stored information to find critical information, visualise relevant relationships, and drill down to the most pertinent evidence.
Advanced Computer Forensics (AX250) is an expert-level four-day training course, designed for participants who are somewhat familiar with the principles of digital forensics and who are seeking to expand their knowledge base on advanced forensics and leverage Magnet AXIOM, Magnet RAM Capture, and third-party tools to improve their computer investigations. AX250 will give participants the knowledge and skills they need to track computer access and file usage, utilizing Magnet AXIOM to explore the evidence in greater depth.
|Advanced Mobile Forensics (AX300) is an expert-level course, designed for participants who are familiar with the principles of digital forensics and who are seeking to leverage Magnet AXIOM to improve their mobile device investigations. At the conclusion of this 4-day training course, participants will have the knowledge and skills they need to acquire forensic images from mobile devices and utilize Magnet AXIOM to explore the evidence in greater depth, simplifying analysis activities by intuitively linking facts and data.|
AXIOM Examinations is a four-day intermediate-level course,
designed for participants who are familiar with the principles of digital
forensics, and seeking to use Magnet AXIOM for their investigations.
Participants will leave with the knowledge and skills they need to: acquire
smartphone, computer, removable media and other images; analyze the artifact,
file system and registry data using multiple views, verification features and
more; and share their findings quickly and easily. Now available in-person, online,
and online self-paced.
This course is an expert-level four-day training course, designed for participants who are somewhat familiar with the principles of digital forensics and who are seeking to expand their knowledge base on macOS and the forensic analysis of devices using the APFS file system and Magnet AXIOM. Examiners will investigate a scenario dealing with a misconfigured webserver that allowed hackers to exploit vulnerabilities and gain access to the network to perform nefarious activity and steal intellectual property and potentially customer data as well.
Because AX350 is an intermediate-level course, it is strongly recommended that students first complete Magnet AXIOM Examinations (AX200).
|IEF Examinations is a four-day intermediate level course, designed for participants who are familiar with the principles of digital forensics, and seeking to use Magnet IEF for their investigations. Participants will learn to configure Magnet IEF to recover key artifacts from computer and smartphone evidence platforms; use the IEF Report Viewer to explore the evidence, link facts, data, and potential user activities across multiple evidence platforms; and, prepare key artifacts for collaboration with other stakeholders.|
5-day, Expert-level Certification
Participants will learn to:
- Incorporate the Python scripting language fundamentals into your forensic investigations
- Explore data types and variables, look at strings, input, testing, and formatting
- Create programs that prompt users for input, then use conditional (True/False) logic and Python methods to interpret data from files and provide feedback for your reports
- Basic troubleshooting for your code
ruSolut USB-SD-NAND Data Recovery & Repair Forensics training teaches students how to access data from broken or damaged flash storage devices. In this course you will learn how to perform chip-off data recovery using digital forensics methodologies used in cases when data access through the standard interface is not possible. Students will learn how to access data on USB, SD, Smartphones and NAND devices. This course will use, and cover tools in the H-11 and ruSolut Standard, Professional, and/or Ultimate Chip-Off Lab Kits.
This is a 5 day class.
The Video Evidence Recovery and Analysis Course (VERA) is a five-day intermediate level course designed to introduce investigators, examiners and analysts to digital video technology and to meet the specific needs of the digital video examiner and analyst.
Students will learn proper methods to interrogate digital video evidence while receiving guided instruction throughout the process of recovering valuable evidence from video images. The course will also focus on specialized investigative techniques for the examination of video to explore issues relating to the use of force, speed estimation and identification. A variety of DVR, body-worn and in-car video sources will be examined in depth, testing data acquisition, file identification, image accuracy, video processing work flows and report writing. The course will provide students with an understanding of best practices and methodologies for extracting and examining digital media evidence while providing students with focused, practical use of DVR Examiner and iNPUT-ACE. Upon successful completion of the course, students will be offered an opportunity to take an industry-recognized certification examination, created in partnership with DME Forensics and iNPUT-ACE.
|This Webinar will discuss the new features of Evidence Centre with particular attention to EnCase 7 integration and detection of faked and altered images.|
Fulcrum have partnered with OpenText to bring you a special event:
What's new in EnCase Security and Forensic Investigations?
Join Jeff Headlesky (Tableau & EnCase Forensic Evangelist) and Manfred Hatzesberger (Director of Professional Development and Training for EnCase Products)
The challenge of protecting enterprise data has never been greater. A typical G2000 enterprise receives an average of a million security alerts a day and must detect, assess and recover from breaches in near-real time. Post breach, a security operations centre must determine how a breach occurred then take necessary steps to ensure the enterprise is protected going forward.
Join us to meet and network with digital investigators, legal teams and security professionals. Share your ideas, learn about emerging trends and find out how OpenText™ solutions deliver insights that help to solve the most challenging security issues.
Learn how to:
· Get the most from your OpenText™ EnCase™ investments.
· Detect endpoint threats and quickly respond with forensic-grade remediation.
· Avoid investigation roadblocks with the most supported digital investigation solution available.