Digital Forenscis Trainings


Vendor Neutral Training Courses : Foundation training
CompTIA A+

1.1 CompTIA A+

1.1.1 Objective

If you are getting ready for a career as an entry-level information technology (IT) professional or personal computer (PC) service technician, the CompTIA® A+ course is the first step in your preparation. The course will build on your existing user-level knowledge and experience with personal computer software and hardware to present fundamental skills and concepts that you will use on the job. In this course, you will install, upgrade, repair, configure, optimize, troubleshoot, and perform preventative maintenance on basic personal computer hardware and operating systems.

Training Days: 5

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have the following skills: End-user skills with Windows-based personal computers, including the ability to: Browse and search for information on the Internet. Start up and shut down the computer.

1.1.3 Content

Day 1

  • Personal Computer Components
  • Operating System Fundamentals
  • PC Technician Professional Best Practices

Day 2

  • Installing and Configuring Peripheral Components
  • Installing and Configuring System Components

· Maintaining and Troubleshooting Peripheral Components

  • Troubleshooting System Components

Day 3

  • Installing and Configuring Operating Systems

· Maintaining and Troubleshooting Microsoft Windows

  • Network Technologies

Day 4

  • Installing and Managing Network Connections

· Supporting Laptops and Portable Computing Devices

  • Supporting Printers and Scanners

Day 5

  • Personal Computer Security Concepts
  • Supporting Personal Computer Security

1.1.4 Examination / Certification

CompTIA A+ certification

1.1.5 Comment

NA.

AGT's Digital Forensics Fundamentals Course

1.1 AGT's Digital Forensics Fundamentals Course

1.1.1 Objective

The course provides an introduction into digital forensics. It familiarizes the students with basics of digital forensics, computer structure, storage structure, mobile devices, etc. The course will also cover the basic techniques to research and document scenes and evidence. This course contains both theoretical and practical elements

Training Days: 5

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed CompTIA A+ or have equivalent level of knowledge.

1.1.3 Content

Day 1

· Cybercrime & Digital Forensics Overview

  • The Digital Crime Scene

· Practical Exercise: The Digital Crime Scene

  • Hard Drives and File Systems I

Day 2

  • Hard Drives and File Systems II

· Hard Drives and File Systems + Practical Exercise: Hex Workshop

· Hard Drives and File Systems + Practical: MBR Analysis

· Hard Drives and File Systems Wrap Up

Day 3

  • Static Data Acquisition

· Static Data Acquisition + Practical Exercise: Hashing

· Static Data Acquisition + Practical Exercise: Imaging

  • Live Data Acquisition

Day 4

  • Triage
  • Practical Exercise: Triage + Analyzing Computer Based Evidence

· Analyzing Computer Based Evidence

  • Practical Exercise: Evidence Analysis

Day 5

· Mobil Forensics Fundamentals + Practical Exercise: SIM cards

· Mobile Forensics Acquisition & Analysis

· Practical Exercise: Mobile Acquisition & Security Codes

1.1.4 Examination / Certification

Upon pass the exam and the practical, participant will be issued with AGT Certified Digital Forensics Fundamentals.

1.1.5 Comment

This course is highly recommended by AGT for all individuals who are interested in entering digital forensics field.

AGT's Digital Forensics Intermediate Course

1.1 AGT's Digital Forensics Intermediate Course

1.1.1 Objective

This course is delivered for new digital forensics examiners as an intermediate level skills development practice course. Students should have mastery of the AGT's Digital Forensics Fundamentals Course

Training Days: 5

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed AGT's Digital Forensics Fundamentals Course.

1.1.3 Content

Day 1

  • File Signature Analysis

· Unused area examination, File Slack, File Carving

· Metadata (NTFS MFT, FAT Directory entry)

· Investigating The Master File Table (MFT)

Day 2

· Timestamps, Time Zone Issue, Time Line Analysis

  • Basic Index searches
  • Using the GREP operators
  • Hash Analysis

Day 3

  • Windows Registry I
  • Windows Registry II

Day 4

· Windows Artifacts: User account information and associated data

· Recovering Internet Usage Data

  • RAM Capture and Analysis

Day 5

  • Anti-Forensics
  • Steganography

· Word document forensics and password cracking

1.1.4 Examination / Certification

This course has a written assessment at the end of last day.

1.1.5 Comment

This course is considered the best preparation for vender tool specific trainings.

Lab processes and procedures / Case Management System

1.1 Lab processes and procedures / Case Management System

1.1.1 Objective

This course covers international procedures, best practices, compliance and it is a must for any digital forensics lab. It provides anyone who handles digital evidence with a guide to proper procedure throughout the chain of custody--from incident response through analysis in the lab. Students will be trained on using a comprehensive End-to-End Case Management system that is simple to use and yet utilizes a disciplined and exacting process for managing case work.

Training Days: 3

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed AGT's Digital Forensics Fundamentals Course.

1.1.3 Content

· Quality and Good Laboratory Practice

· The Forensic Laboratory Policies

· ISO 9001 for the Forensic Laboratory

· The Forensic Laboratory Integrated Management System

  • Create Cases and Submissions

· Add Evidence and Exhibits of different types to a case

· Load photographs and other data about evidence and exhibits

· Manage the pre-imaging and imaging process in your forensic workflow

· Keep contemporaneous notes of your forensic examination

· Record details about your forensic assets in line with ISO 17025 and ASCLD/LAB accreditations

· Manage controlled documents in line with your requirements for case reporting and ISO 9001

· Manage security settings to ensure case confidentiality

  • Conduct management reporting
  • Conduct case reporting

1.1.4 Examination / Certification

NA.

1.1.5 Comment

NA.

Case Management Admin Training

1.1 Case Management Admin Training

1.1.1 Objective

This course introduces very complete instructions on how to easy setup and admin the purchased case management system. The Administrator module sets up and configures the database and then a wizard runs and allows configuration of the product for use by the administrator and the Client module.

Training Days: 2

Max. Number Trainees: 6

1.1.2 Prequalification

Students taking this course should have completed AGT's Digital Forensics Fundamentals Course.

1.1.3 Content

· The contents of this course is decided with the client based on the purchased case management system.

1.1.4 Examination / Certification

NA.

1.1.5 Comment

NA.

AGT's First Responder Training

1.1 AGT's First Responder Training

1.1.1 Objective

This course is intended for staff who identify and seize digital evidence from the crime scene. It educates first responders on how to react quickly to identify data breaches and minimize potential losses. Make sure evidence is properly preserved in those first critical minutes after detection. Students will be trained using hands-on experience taking a forensics image and preserving volatile memory.

Training Days: 3

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed AGT's Digital Forensics Fundamentals Course.

1.1.3 Content

Day 1

  • Digital Forensics
  • Digital Media & Storage
  • Digital Forensics Methodology & Terminology
  • The Crime Scene
  • First Responder – Theory

Day 2

  • First Responder – Toolkit
  • First Responder – Practical
  • Data Acquisition – Theory
  • Data Acquisition from Dead System – Practical

Day 3

  • Data Acquisition from Live System – Practical
  • Triage

· Standard & Quality Management for Digital Forensics Investigation

  • Cyber Law
  • Expert Witness

1.1.4 Examination / Certification

Upon pass the exam and the practical, participant will be issued with AGT Certified Digital Forensics First Responder.

1.1.5 Comment

NA.

Specialized Vendor Training: Forensics Foundation
Digital Media - Acquisition and Triage

1.1 Digital Media - Acquisition and Triage

1.1.1 Objective

This course is an overview of the basic principles of what constitutes digital media and the fundamental responsibilities of those working with electronic evidence. The students will learn how to acquire digital evidence from various sources, such as turned-off computers, Mactinosh systems, and smartphones, utilizing both software and hardware acquisition tools, including EnCase® LinEn, WinAcq, and the Guidance Software Tableau write-blocking devices. The students will then learn how to create and use the various types of jobs within EnCase Portable to acquire evidence and create reports.

Training Days: 3

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed AGT's Digital Forensics Fundamentals Course or at least the CompTIA A+ course.

1.1.3 Content

Day 1

  • Core principles
  • Evidence identification
  • Acquisition concepts
  • Best practices for live and dead acquisitions
  • Using WinAcq and WinEn for live acquisitions

· Direct Network Preview and Acquisition now included in EnCase® Forensic

Day 2

  • Acquisition hardware
  • Performing acquisitions on powered-off computers
  • Conducting acquisitions with EnCase LinEn

· Using forensic bridges, such as the Tableau T8, T9, and TD3, to conduct specialty acquisitions

· Using EnCase Forensic to conduct acquisitions on smartphones

· The purpose and potential of using EnCase Portable

· How to install, set up, and administer EnCase Portable function

Day 3

  • How to prepare the EnCase Portable storage drive
  • Managing information within EnCase Portable
  • How to collect data from a running computer

· How to analyze collected data and create reports from the acquired data

  • How to conduct default, triage, and reporting jobs
  • Collecting data from a turned-off computer

1.1.4 Examination / Certification

NA.

1.1.5 Comment

NA.

ADF Triage for Investigators

1.1.1 Objective

A two-day class intended for users; typically, case agents who have computer skills but are involved in digital investigations. Students will learn what it means to search a computer for evidence/intelligence, how to do it without compromising the chain of custody, and what to expect from triaging a suspect computer.

Training Days: 2

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed AGT's Digital Forensics Fundamentals Course or at least the CompTIA A+ course.

1.1.3 Content

Day 1

  • Computer Basics
  • Searching a Computer
  • Triage Concept
  • Preserving Evidence
  • Triage Scenario 1

Day 2

  • Triage Scenario 2
  • Live vs. Boot Triage Options
  • Triage Scenario 3
  • Triage Scenarios 4, 5
  • Summary, QA

1.1.4 Examination / Certification

NA.

1.1.5 Comment

NA.

X-Ways Forensics I

1.1 X-Ways Forensics I

1.1.1 Objective

This main training course is focused on

complete and systematic coverage of most computer forensics features in

WinHex

and

X-Ways Forensics

. Hands-on exercises, simulating most aspects of the complete computer forensics process. Many topics are explained along with their theoretical background (slack space, partially initialized space, how hash databases are internally structured, how deleted partitions are found automatically, with what methods X-Ways Forensics finds deleted files, etc. etc.).

Training Days: 4

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed AGT's Digital Forensics Intermediate Course or at least the AGT's Digital Forensics Fundamentals Course.

1.1.3 Content

Day 1

  • Basic setup of the software
  • Learning the user interface components
  • Navigating disks and file systems
  • Understanding the Data Interpreter

Day 2

  • Creating disk images
  • Creating a case/adding evidence objects
  • Hash calculation and checking

· Using the gallery view and skin color detection efficiently

· Detecting data hiding methods like alternate data streams, host-protected areas (HPA), misnamed files

  • Previewing file contents

Day 3

  • Calendar view and event list (timeline)

· Registry Viewer and Registry Reports, Registry Report definition files

  • Working with the directory browser
  • Filtering files

· Creating report tables and report table associations

· Using report tables for filtering and classification

· Report creation: Basic reports, report tables and activity log

Day 4

  • Refining Volume Snapshots
  • The Hash Database
  • Various methods of file recovery
  • Customizing file signatures
  • Using search functions effectively
  • Decoding Base64, Uuencode, etc.

1.1.4 Examination / Certification

X-PERT certification process

1.1.5 Comment

NA.

Belkasoft Evidence Center 2016

1.1 Belkasoft Evidence Center 2016

1.1.1 Objective

Training is comprised of the Basic Elements of the Evidence Center program, and the Advanced User Tasks associated with conducting forensic examinations using the program. Certification validates user’s ability to conduct advanced computer forensic operations using Belkasoft® Evidence Center™. This class is designed for practical instruction for investigators and officers of all types.

Training Days: 3

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed AGT's Digital Forensics Intermediate Course.

1.1.3 Content

Day 1

· Overview of Belkasoft Evidence Center capabilities;

  • Methods to extract evidence from a disk;

· Downloading, registering and installing Belkasoft Evidence Center;

  • Regular extraction of data;
  • Encoding;
  • Bookmarking;
  • Search and Search Window;
  • Working with browsers and emails;

Day 2

  • PCAP. Capturing, working with PCAP files;
  • Mobile backups;
  • Search for encrypted file;
  • Working with pictures and videos;
  • Working with forensic image
  • Data carving;
  • Live RAM analysis;
  • Analyzing RAM dump in Belkasoft

Day 3

  • Working with System Files and SQLite databases;
  • Forgery detection plugin;
  • Saving pictures in database;

· Working with Filters and complex queries for picture and documents search;

  • Managing cases and Belkasoft Evidence Reader;
  • Exporting and Options;
  • Keyframe extraction options;

· Task Manager, Hex Viewer, SQLite Viewer and other GUI parts;

  • Working with MS SQL Server. EnCase integration;
  • Belkasoft Facebook Profile Saver

1.1.4 Examination / Certification

Belkasoft Evidence Center User Certification (BECU)

1.1.5 Comment

NA.

Magnet AXIOM Essentials – Computers

1.1 Magnet AXIOM Essentials – Computers

1.1.1 Objective

The three-day Magnet IEF Essentials – Computer in-class training courses have been developed to provide students with detailed instruction on the features and functions of Magnet IEF, key artifacts supported by Magnet IEF, the interoperability of Magnet IEF and other forensic tools, and the importance of Magnet IEF in the investigative workflow. The Magnet IEF Essentials – Computer training course also includes extensive instructor-led and student practical exercises in a scenario based format to help reinforce the learning concepts. At the conclusion of the course, students will participate in a Practical Skills Assessment (PSA) designed to test their understanding and practical application of the course materials.

Training Days: 3

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed AGT's Digital Forensics Intermediate Course.

1.1.3 Content

Day 1

  • Module 1: Introduction and Product Installation
  • Module 2: Magnet IEF Main Interface

· Module 3: Adding Evidence and Managing Search Profiles

· Module 4: Magnet IEF Report Viewer User Interface

Day 2

  • Module 5: Artifact Categories
  • Module 6: Managing Searches
  • Module 7: Managing Filters
  • Module 8: Managing Bookmarks

Day 3

  • Module 9: Timeline and World Map Interfaces
  • Module 10: Case Reporting
  • Module 11: Magnet IEF Portable Cases
  • Module 12: Practical Skills Assessment (PSA)

1.1.4 Examination / Certification

Magnet Certified Forensic Examiner (MCFE) certification

1.1.5 Comment

NA.

Guidance EnCase® v7 Computer Forensics I

1.1 Guidance EnCase® v7 Computer Forensics I

1.1.1 Objective

This hands-on course involves practical exercises and real-life simulations in the use of EnCase® Forensic version 7 (EnCase v7). The class provides participants with an understanding of the proper handling of digital evidence from the initial seizure of the computer/media, acquisition concepts, including live evidence acquisition. Instruction then progresses to the analysis of the data. It concludes with archiving, validating the data, and basic report creation.

Training Days: 4

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed AGT's Digital Forensics Intermediate Course.

1.1.3 Content

Day 1

  • Creating a case file in EnCase
  • Navigating within the EnCase environment

· Understanding concepts of digital evidence and disk/volume allocation

  • Documenting EnCase concepts
  • Acquiring media in a forensically sound manner

Day 2

· Using the Direct Network Preview function to preview a live running computer, perhaps one that is employing full disk encryption

· Running other EnCase utilities to capture RAM and to image a live running computer

  • Processing evidence

· Bookmarking and tagging search results for reporting purposes

· Creating and conducting raw keyword searches and index search queries to locate keywords of interest

Day 3

· Creating and conducting index search queries and raw keyword searches

· Incorporating the use of installed external viewers used by examiners into EnCase

· Copying files, folders, and data from EnCase to the local file system for analysis by other tools

· Performing signature analysis to determine the true identities of file objects and to ascertain if files were renamed to hide their true identities

· Conducting hash analysis using unique values calculated based on file logical content to identify and/or exclude files

· Running entropy analysis to locate files that may be near matches to other files or that may be password protected, obfuscated, or encrypted.

Day 4

· Locating and recovering evidence, including images, documents, and videos in unallocated space manually and by using EnScript programs

· Creating a report of files and data bookmarked during the examination

· Reacquiring evidence to change evidence file settings

· Restore evidence to run proprietary software or as required by a court order

  • Archiving and reopening an archived case
  • Comprehensive final practical exercise

1.1.4 Examination / Certification

This is the first training course toward Guidance Encase ENCE Certificate.

1.1.5 Comment

NA.

Guidance EnCase® v7 Computer Forensics II

1.1 Guidance EnCase® v7 Computer Forensics II

1.1.1 Objective

This hands-on course is designed for investigators with strong computer skills, prior computer forensics training, and experience using the EnCase® Forensic (EnCase). This course builds upon the skills covered in the EnCase® Computer Forensics I course and enhances the examiner's ability to work efficiently through the use of the unique features of EnCase. Students must understand evidence handling, the structure of the evidence file, creating and using case files, and data acquisition methods, including DOS-based, hardware write protected, crossover cable, and disk-to-disk. It is also important that the students are familiar with the methods for recovering deleted files and folders in a FAT environment, conducting keyword searches across logical and physical media, creating and using EnCase® bookmarks, file signatures and signature analysis, and locating and understanding Windows® artifacts

Training Days: 4

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed Guidance EnCase® v7 Computer Forensics I Course

1.1.3 Content

Day 1

· Review of EnCase Forensic case creation and adding evidence

  • Examining data encrypted with BitLocker

· Understanding the Master Boot Record partitioning scheme

· Principles of attempting to recover data lost through the partitioning process

  • Partition recovery
  • Compound files
  • Windows Registry
  • Locating and mounting the Registry hive files

· Examination of time zone settings with the Registry

  • Applying time zones within EnCase Forensic
  • Using conditions to filter data
  • Evidence Processor overview

Day 2

  • FAT, ExFAT, and NT Files Systems

· Using the GREP operators within EnCase to construct advanced search terms

· Suitability of GREP, proper syntax, and potential results

  • Single files and logical evidence files

Day 3

  • Advanced search techniques
  • Windows artifacts
  • Shortcut or link files
  • The Windows Recycle Bin
  • Print spooler recovery
  • Email and Internet history

Day 4

  • Internet artifacts
  • Removable USB device identification

1.1.4 Examination / Certification

This is the second training course toward Guidance Encase ENCE Certificate.

1.1.5 Comment

NA.

Guidance Encase ENCE Prep Course

1.1 Guidance Encase ENCE Prep Course

1.1.1 Objective

This course is designed for EnCase® users who are preparing for the EnCE (EnCase Certified Examiner) certification process. The EnCE certification is a highly sought-after accreditation, which requires significant knowledge of computer forensics and Guidance Software’s EnCase® product to successfully achieve. The two-phase testing process is based upon a written examination and also the completion of a thorough practical scenario examination and preparation of an investigative report. The certification is based upon the practical computer forensic skills and knowledge presented in Guidance Software’s EnCase Computer Forensic I and Computer Forensic II courses. The EnCE Prep OnDemand course is NOT intended to be a replacement for these two classes. Instead it is a thorough but accelerated review of the subjects covered in those courses. Students cannot waive or substitute the prerequisite attendance of Guidance Software’s EnCase Computer Forensics II course when applying to attend the EnCE Prep course.

Training Days: 3

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed Guidance EnCase® v7 Computer Forensics II Course

1.1.3 Content

Day 1

  • EnCase methodology
  • Creating an EnCase case file
  • Navigating within the EnCase v7 environment

· The basic techniques of acquiring a forensically sound copy of data from a thumb drive or other removable disk

  • EnCase concepts
  • Safeguarding and preserving evidential data

· How evidence is processed in EnCase v7 using the EnCase Evidence processor

· Understanding the concept of digital evidence and its impact on an investigation

· Understanding how computers work • FAT and ExFAT File Systems

· How these file systems track data on their respective volumes as well as what occurs when a file is created and/ or deleted

  • Introduction to NTFS
  • Searching through a case and viewing the results
  • Basic bookmarking techniques
  • File types

· Discussion of the categories of files/folders and the icons employed by EnCase v7

Day 2

  • Signature analysis

· An automated comparison of the displayed file extension with the actual content of the file

  • Hash analysis

· Using digital signatures to identify/exclude files without visually examining each one

  • Installing external viewers
  • Detailed copy options
  • Restoring evidence

· Often required by court order; necessary to recover data and/or examine the operation of the host system in real time

  • Reacquiring an evidence file
  • Archiving a case

· Location and recovery of evidence in unallocated space both manually and with EnScript® programs

· Principles of attempting to recover data lost through the partitioning or formatting process

  • Advanced search techniques

· Using the GREP operators within EnCase v7 to construct advanced search terms

  • Single and logical evidence files

· Structure and practical use • Compound file examinations

  • Mounting and searching of compound files

· Documenting data contained within these compound files

· Pitfalls of not examining compound files properly

  • Windows Registry
  • Elements of the registry
  • Locating and mounting the Registry hive files

Day 3

· Examination of time-zone settings within the Registry and applying time zones within EnCase v7

  • Windows artifacts
  • User-account information and associated data
  • System folders and files of interest
  • Link files

· Deconstructing link files to reveal internal structures relating to their target files

  • Email/Internet history

· Examining both client- and web-based email and methods available within EnCase v7 to locate and parse email data stores

  • Recovering and analyzing email attachments

· Exploring the results of activity on the Internet, including cookies, history, web cache, and bookmark data

  • Recycle Bin Recovery

· Examination of the Recycle Bin, its properties, and function

· Understanding and parsing the Recycle Bin INFO2 index file; searching for Recycle Bin INFO2 entries

  • Linking Recycle Bin data to the associated user

· Registry entries controlling operation of the Recycle Bin

1.1.4 Examination / Certification

This is the third and last training course toward Guidance Encase ENCE Certificate.

1.1.5 Comment

NA.

Nuix 101

1.1 Nuix 101

1.1.1 Objective

Nuix 101 is a one-day training course designed to introduce students to the basics of the Nuix Workstation.This beginner course will walk participants through successfully creating a case and review basic pre-processing options for ingesting different data types. Students will also learn core functionality available within the Nuix tool to view, search, filter, tag, and export data. The class includes multiple hands-on labs that allow students to apply what they have learned during the lecture phases.

Training Days: 1

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed AGT's Digital Forensics Intermediate Course.

1.1.3 Content

Day 1

  • MODULE 1: INTRODUCTION
  • MODULE 2: CASE CREATION & PROCESSIN
  • MODULE 3: POST-PROCESSING ANALYSIS
  • MODULE 4: SEARCHING & TAGGING
  • MODULE 5: EXPORTING

1.1.4 Examination / Certification

This is the first training course toward Nuix Windows Investigations Certification

1.1.5 Comment

NA.

Nuix Foundations - Investigations

1.1 Nuix Foundations - Investigations

1.1.1 Objective

Nuix Foundations – Investigations is a three-day classroom-based training course intended to take an examiner new to the Nuix Investigator tool through techniques in creating cases, processing file data and analyzing evidence more efficiently. Students will learn all procedures to successfully create an investigations case and review the many preprocessing options for ingesting different formats of unstructured data and forensic images. Students will learn the functionality available within the tool to view, search, filter, tag, visualize and export data for reporting. Advanced topics will also expose students to the Ruby scripting capabilities to cull through volumes of data seamlessly. The course will conclude with Nuix Visual Analytics to perform timeline and geo-tagging analysis for tagging, exporting and reporting purposes.

Training Days: 3

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed Nuix 101 Course.

1.1.3 Content

Day 1

  • MODULE 1: INTRODUCTION
  • MODULE 2: PROCESSING DATA—CASE CREATIO
  • MODULE 3: ANALYZING DATA PART 1
  • MODULE 4: ANALYZING DATA PART 2

Day 2

  • MODULE 5: PROCESSING WINDOWS ARTIFACTS
  • MODULE 6: NAMED ENTITIES
  • MODULE 7: NUIX SEARCHING

Day 3

  • MODULE 8: NUIX SCRIPTING 101
  • MODULE 9: NUIX VISUAL ANALYTICS
  • MODULE 10: EXPORTING AND REPORTING

1.1.4 Examination / Certification

This is the second training course toward Nuix Windows Investigations Certification

1.1.5 Comment

NA.

Specialized Vendor: Windows
Encase Advanced Computer Forensics

1.1 Encase Advanced Computer Forensics

1.1.1 Objective

This hands-on course is designed for examiners with advanced computer skills and two or more years of experience working in the field of computer forensics. Participants learn to use some of the more advanced features of EnCase® Forensic Version 7 (EnCase v7) while examining operating and file system artifacts from the Microsoft Windows operating systems. The course demonstrates advanced methods of data recovery and identification and recovery of encrypted data.

Training Days: 4

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed Guidance EnCase® v7 Computer Forensics II course.

1.1.3 Content

Day 1

  • Conditions
  • Smartphone examinations
  • File recovery using block-based hash analysis

Day 2

· Understanding RAID configurations and stripe sets

· Identifying Windows log files and examining their contents using both the EnCase® v7 software and an NT-based examination machine – Fixing corrupted EVT event log files

· Understanding the purpose and structure of the Windows Registry – Identifying, mounting, and extracting data from Registry hive files both in EnCase® v7 and within Windows on a forensic examination machine

· Understanding exactly what encrypted data is and the terminology associated with it

· The principles behind identification of encryption software and encrypted data and the methodology behind decrypting encrypted data

· Understanding the purpose of prefetch files, their structure, and content

Day 3

· Learning how to enhance the ability to conduct examinations of RAM

· An introduction to the VSS operation and learning how to conduct examinations of VSS data created by the system as part of system restore operations

Day 4

· The ZIP file format and how it impacts the ability to locate and recover ZIP data

· Using knowledge of the ZIP file format to recover data from the latest version of Microsoft Word documents

· The nature and use of Windows Search, which is now installed and active by default with Windows Visa and allows indexed searching within the Windows operating system

· A detailed discussion on the myriad of removable USB devices, how they are used today, and how to determine if a removable USB device has been used

1.1.4 Examination / Certification

NA.

1.1.5 Comment

NA.

Encase Advanced Internet Examinations

1.1 Encase Advanced Internet Examinations

1.1.1 Objective

This hands-on course involves practical exercises and real-life simulations. The class focuses on the forensic evidence located on the computer belonging to the suspect and /or victim – not online or cyber investigations. Email files and the Internet are cornerstones of consumer and business computer use. Virtually all computer forensic examinations will involve analysis of email and Internet artifacts, underscoring the need to understand the relevance of Internet and email-based evidence recovered during examinations.

Training Days: 4

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed Guidance EnCase® v7 Computer Forensics II course.

1.1.3 Content

Day 1

  • BitTorrent P2P network
  • The history of P2P and BitTorrent
  • A practical demonstration of BitTorrent
  • The BitTorrent protocol
  • Bencoded data
  • The content of metadata (torrent) files
  • µTorrent

Day 2

  • The Ares Galaxy P2P network

· Features and configuration shared by Ares and LimePro

  • Artifacts
  • GigaTribe introduction and use
  • Windows Internet Explorer
  • Registry artifacts

· Understanding the purpose and content of Internet cookies

  • Structure and content of index.dat files

· Identification of cached files and their originating website

Day 3

· Understanding how Internet Explorer history is maintained and indexed

· Understanding the operation of the Internet Explorer Web cache, including the storage and indexing of cache content

  • Understanding the structure of HTML Web pages
  • Rebuilding Web pages
  • Understanding Mozilla Firefox

Day 4

  • Google Chrome

· Identifying and processing artifacts associated with Web search engines

  • Email fundamentals
  • Outlook PST files

1.1.4 Examination / Certification

NA.

1.1.5 Comment

NA.

Nuix Windows Investigation

1.1 Nuix Windows Investigation

1.1.1

Objective

This training course will examine how Windows stores information in the Windows Registry, the recycle bin, recent items, user directories and system folders in all versions of Windows from XP to 8. It will include a detailed look at email including how to identify, sort, search and deduplicate it. Students will also learn how Internet Explorer stores browser history, cookies, temp files and user settings, and gain an in-depth understanding of link files, prefetch files and metadata for files, Word documents and images.

Training Days: 3

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed Nuix Foundations - Investigations Course.

1.1.3 Content

Day 1

  • MODULE 1: INTRODUCTION
  • MODULE 2: NUIX OVERVIEW
  • MODULE 3: WINDOWS FOLDER STRUCTURE
  • MODULE 4: RECYCLE BIN

Day 2

  • MODULE 5: EVENT LOGS
  • MODULE 6: LINK FILES/JUMP FILES
  • MODULE 7: EMAIL
  • MODULE 8: REGISTRY BASICS

Day 3

  • MODULE 9: INTERNET EXPLORER
  • MODULE 10: METADATA
  • MODULE 11: PREFETCH & SUPERFETCH

1.1.4 Examination / Certification

This is the third training course toward Nuix Windows Investigations Certification

1.1.5 Comment

NA.

X-Ways Forensics II

1.1 X-Ways Forensics II

1.1.1 Objective

The two days’ course is an advanced training course for experienced users who previously attended X-Ways Forensics I Course.

Training Days: 2

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed X-Ways Forensics I Course.

1.1.3 Content

Day 1

  • .e01 evidence file format
  • Creating skeleton images
  • Creating cleansed images
  • Sector superimposition
  • Working with evidence file containers
  • Finding and analyzing deleted partitions
  • Reconstructing RAID systems

Day 2

  • Dynamic disks
  • LVM2

· Understanding the levels at which file data is read and interpreted during analysis

  • How X-Tensions work

· Recovering deleted NTFS-compressed files manually

  • Block-wise hashing and matching
  • Data profiles (Analyze Block functionality)
  • Indexing
  • Customizing the registry report
  • Templates

1.1.4 Examination / Certification

NA.

1.1.5 Comment

NA.

Specialized Vendor: Apple
Black Bag Mac: Essential Forensic Techniques I

1.1 Black Bag Mac: Essential Forensic Techniques I

1.1.1 Objective

Essential Forensic Techniques I (EFT I) is the perfect way to quickly and effectively learn how to navigate the most important Mac, iPhone, iPad and PC device areas. For years, BlackBag has remained a highly reliable, go-to resource when detectives and investigators need advice regarding what to do with seized digital devices, in terms of both acquiring and analyzing evidence. The BlackBag team consistently remains abreast of the latest developments and techniques in digital forensics, and their research and experience with real-world cases act as the framework for the training courses. As a result, the example scenarios discussed in the classroom are driven by relevant data and realistic challenges. In short, BlackBag’s instructors will use their wealth of knowledge and firsthand experience with forensic examinations to help students learn all the tips and tricks needed to successfully complete their work.

Training Days: 5

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed AGT's Digital Forensics Intermediate Course.

1.1.3 Content

Day 1

  • Imaging and Data Collection Fundamentals
  • EFI/Open Firmware
  • Imaging and Live Data Collection

· Disk Image Types (DMG, Sparse Image, Sparse Bundle, E01)

Day 2

  • OS X Structure
  • Folder and File Layout
  • Current and Past OS X Versions
  • Global Areas of Interest
  • Password Storage, Application Remnants
  • Log Files, System Settings
  • User Data Areas of Interest
  • Settings, History, Metadata

Day 3

  • iOS Backup Structure
  • Location, Device Identification, Analysis
  • Windows Operating System Structure
  • Boot Camp and Installation
  • User Account Info, Registry Parsing

Day 4

  • Specific File Types and Structures
  • Property List Files, SQLite Databases
  • Extended Attributes, Link Files
  • Email
  • iCloud Fundamentals
  • iCloud As a Service
  • Functions on OS X, iOS and Windows
  • Local and Remote Locations of Data

Day 5

  • Virtualization and OS X
  • Recreate an OS X User Account
  • Virtualize an OS X-Based System
  • Triage
  • Analyze a Dual Boot Macintosh with iOS Data
  • Reporting

· Create Reports That Are Understood by Case Agents and Jurors

1.1.4 Examination / Certification

NA.

1.1.5 Comment

NA.

Black Bag Mac: Essential Forensic Techniques II

1.1 Black Bag Mac: Essential Forensic Techniques II

1.1.1 Objective

Essentials Forensic Techniques II will delve into more complex concepts, including the specific data points found within any iOS, Windows and/or Mac OS X analysis. Operating systems and file systems leave complex artifacts in both active and unallocated space, all of which will this course covers in detail. It is because BlackBag’s instructors remain in contact with investigators from both the law enforcement and corporate environments that the data used in classes is current and relevant. With continued hands-on learning and realistic scenarios, BlackBag’s instructors will guide students through methods of discovery for new application data, analysis of known data, and best reporting practices. As with the EFT I course, BlackBag’s team of instructors will use their extensive knowledge and experience to address practical, significant casework challenges facing investigators today.

Training Days: 5

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed Essential Forensic Techniques I Course.

1.1.3 Content

Day 1

  • File System Artifacts
  • HFS+, NTFS and FAT Date and Timestamps
  • How Operating Systems Save Date Info
  • How OS X Handles File Systems
  • OS X and Windows Date Stamp Differences

· Alias, Hard Link, Symbolic Link, Windows Shortcut and Link Files

Day 2

  • File Sharing
  • Methods of File Sharing with OS X
  • AFP, SMB3, FTP, AirDrop
  • Password Recovery
  • Advanced Techniques for Dictionary Building
  • Encryption Techniques within OS X
  • Third-Party Encryption Detection

· Decryption of FileVault and Encrypted Virtual Disks

Day 3

  • File Carving
  • Identifying File Types, Creating Custom Carvers
  • Apple Core Storage and RAID Structures
  • Imaging, Recreating, and Analyzing

Day 4

  • Spotlight and OS X Indexing
  • Recognizing Index Structures
  • Locating Artifacts of Active and Deleted Files
  • Identifying Source Material
  • Time Machine and Local Snapshots

· Identifying Service Settings and Destination Locations for Backup

  • Mobile Backups on Local Computers

Day 5

  • HFS+ In-Depth Study
  • Volume Structure
  • B-Tree Structures

· Resource Forks, Extensions, Universal Type Identifiers

  • Command Line and Single User Mode

· Locating, Identifying and Analyzing Evidence Not Seen Through GUI Interfaces

· Sound Gathering of Hardware-Specific Identifiers Using Single User Mode

1.1.4 Examination / Certification

NA.

1.1.5 Comment

NA.

EnCase Examinations of the Macintosh Operating Systems

1.1 EnCase Examinations of the Macintosh Operating Systems

1.1.1 Objective

This Expert Series course makes a departure from the world of Microsoft Windows and provides in depth instruction on analysing the various Macintosh operating system artifacts.

Training Days: 4

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed EnCase v7 Computer Forensics II Course.

1.1.3 Content

Day 1

  • Apple and Mac history
  • Course purpose, content, and methodology

· Necessity to possess a Mac in order to examine Mac data

· Issues associated with the forensic preservation of Macintosh on-disk data

· The structure of Mac on-disk data and low-level information regarding the Apple Map and GUID Partition Table (GPT) partitioning schemes

  • The structure of HFS+ volumes
  • The structure of the Catalog file

Day 2

  • The structure of the Extents Overflow file

· An examination of some fundamental aspects of Mac OS X that are likely to play a part in any Macintosh examination

· Examination of Macintosh disks and disk images using the examiner’s own forensic Macintosh computer

Day 3

· An examination of the Mac OS X operating system artifacts associated with the system as a whole rather than a specific user

· A review of user-specific Mac OS X operating system artifacts

Day 4

  • An examination of Mac OS X application artifacts

· An examination of Internet-related Mac OS X application

1.1.4 Examination / Certification

NA.

1.1.5 Comment

NA.

Specialized: Linux
Certified Linux Forensic Practitioner (CLFP)

1.1 Certified Linux Forensic Practitioner (CLFP)

1.1.1 Objective

This specialist-level course is for experienced forensic investigators who want to acquire the knowledge and skills to navigate, identify, capture and examine data from Linux-based systems.

Training Days: 2

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed AGT's Digital Forensics Intermediate Course.

1.1.3 Content

Day 1

· What is Linux? Overview of flavours (distributions)

· Key differences between Linux and Windows forensics

  • Linux concepts, privileges and permissions
  • Linux disk layouts and key directories

· Navigating a Linux system and commonly used command line utilities

  • Understanding devices and disk mounting
  • Data collection from and using Linux systems
  • Capturing volatile data including RAM

· Built-in forensic applications i.e dd for imaging and disk wiping

· Overview of file system compatibility, ext2, 3 and 4

Day 2

· Ext file systems How disks are mapped and data stored

· Problems associated with recovering data from ext file systems

  • System information from a forensic image

· Log files, where to find them and nature of content

  • Devices connected and disks mounted

· User accounts – identification, passwords and permissions

  • Introduction to memory analysis
  • User system navigation, execution and printing

· Linux in Business - FTP servers, databases, mail, web-servers

· Capturing and process for log file examination using Linux

1.1.4 Examination / Certification

Certified Linux Forensic Practitioner (CLFP)

1.1.5 Comment

NA.

Specialized Vendor: Mobile
AGT's Mobile Forensics Course

1.1 AGT's Mobile Forensics Course

1.1.1 Objective

This four-day course provides the knowledge and skills necessary for entry level mobile device examiners to gain a basic understanding of how mobile devices store data, how cellular networks function, mobile forensic process, collecting evidence and preserving it, Isolation and extraction, analysis, verifying results, and the rest of mobile forensic process.

Training Days: 4

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed AGT's Digital Forensics Fundamentals Course.

1.1.3 Content

· The contents of this course is to be agreed on with the client. The aim is to design a mobile forensics course that best meet clients’ requirements.

1.1.4 Examination / Certification

Upon pass the exam and the practical, participant will be issued with AGT Certified Mobile Forensics.

1.1.5 Comment

NA.

XRY Foundation Certification

1.1.1 Objective

This course is two days long and covers all the essentials you will need to get up and running so you can feel confident in your operation of XRY in the early days. The information provided is extensive and covers all aspects of examinations of SIM cards, memory cards, feature phones and we dedicate a full day to specialist smartphone training due to the complexities of these devices.

Training Days: 2

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed AGT's Digital Forensics Fundamentals Course.

1.1.3 Content

Day 1

  • Introduction to Networks
  • Intro to SIM Cards and Mobile Devices
  • SIM Cloning & Handset Extractions
  • Intro to Location Data
  • Common Challenges with Devices
  • Searching & Exporting

Day 2

  • Day 1 Review
  • Intro to Smartphones
  • Android Basics
  • iDevice Basics
  • Windows Phone Basics
  • BlackBerry Basics
  • Assessment Exercise

1.1.4 Examination / Certification

XRY Certification

1.1.5 Comment

NA.

XRY Intermediate

1.1.1 Objective

This is the next level course after successful completion of the XRY Certification course with MSAB forensic tools. We assume you are now familiar with the basics of XRY and we take you through the next level of cell phone examinations and understanding. With an introduction to HEX, physical decoding, PLists, SQL and manual carving. The course is three days long and covers the next level knowledge you will need to maximize productivity with XRY. The information provided is extensive and covers practical exercises with feature phones, smartphones, memory cards, GPS navigation devices and tablets.

Training Days: 3

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed XRY Foundation Certification Course.

1.1.3 Content

Day 1

  • Different Extraction Types
  • Android Logical Extractions
  • Next Level Logical Extractions
  • GPS Devices & Locations
  • Connection Types & Passcodes
  • Dumping and Decoding Feature Phones
  • Non-Standard Mobile Devices

Day 2

  • Day 1 Review
  • Introduction to HEX
  • Introduction to XACT
  • File Systems & Memory Cards
  • HEX Searching & File Signatures
  • Data Hashing

Day 3

  • Day 1 Review
  • RAM Disk & Bootloaders
  • Dumping & Decoding Smartphones
  • Import & Export
  • PLists & SQL Databases
  • Investigating Apps
  • Support Tools
  • Assessment

1.1.4 Examination / Certification

XRY Intermediate Certificate

1.1.5 Comment

NA.

XRY XAMN Horizon Certification

1.1.1 Objective

This one-day training course is designed to help you make the most of XAMN and quickly get to grips with the product. If you want to learn how to visualize connections between different devices through link analysis, timeline or geographical views, then this training is for you. This certification training course is designed to introduce you to XAMN Horizon, assuming no previous experience and teach you all the fundamental aspects of the product. Users will leave confident about all the features and how best to use them in the world of mobile forensic analysis. XAMN Horizon certification training teaches users first-hand through practical exercises and scenarios how to make quicker, faster, more efficient decisions with the aid of visualizing mobile forensic data.

Training Days: 1

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed XRY Intermediate Course.

1.1.3 Content

Day 1

  • List Multiple XRY Files
  • Show Connection View to Link Contacts
  • Generate Three Different Timelines
  • Create Geographical Mapping Data
  • Run Searches Across 50 XRY Files
  • Create Conversation View of Chat Data
  • Import Other Forensic Files
  • Analyze Call Data Records
  • Tag Data for Review
  • User Added Data Import
  • Offline Translation Tool
  • Offline Mapping Tool
  • Case Data & Details
  • Case Saving & Exporting

1.1.4 Examination / Certification

XRY XAMN certification

1.1.5 Comment

NA.

XRY Advanced Apps Analysis

1.1.1 Objective

The course covers all elements of knowledge required to recover, decode, decrypt and explore the hidden SQL & PList data on modern smartphones. We show you how to utilize Python to analyze the contents and find the wealth of hidden information in smartphone apps and their databases. The high level of the Advanced Apps Analysis Course curriculum requires all attendees to have passed both the XRY Certification and Intermediate courses before attending.

Training Days: 5

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed XRY Intermediate Course.

1.1.3 Content

Day 1

  • Intro to Apps
  • SQL Data Structures
  • App Data Storage
  • App Practical
  • Hands-on App Practical

Day 2

  • Creating SQLite Databases
  • Rebuilding Databases
  • Rebuild Database Exercises

Day 3

  • Intro to Python
  • Python Math Operators
  • Python Variables
  • Python Lists & Tuples
  • Python Loops
  • File Output
  • Modules Datetime SQLite3
  • Python Practical

Day 4

  • XACT Python API & Help File
  • Adding Data to XRY Report
  • Python Dictionaries
  • Multi-Table Databases
  • Python App Practical

Day 5

  • Android SDK
  • Android App Reverse Engineering
  • Reverse Engineer Encrypted App
  • Group Exercise
  • Assessment & Closure

1.1.4 Examination / Certification

XRY Advanced Apps Analysis Certificate

1.1.5 Comment

NA.

XRY Advanced Acquisition

1.1.1 Objective

The Advanced Acquisition course is focused on helping you learn new ways to secure the data. We teach you how to extract data from mobile devices when traditional forensic tools are no longer an option. This training will take you to the next level of knowledge and understanding for mobile forensics. This course focuses on the extraction and recovery of data via JTAG and Chip Off methods, and gives you an introduction to Python to automate the process of decoding the recovered data. This practical knowledge is invaluable when automatic dumping and decoding is no longer an option.

Training Days: 4

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed XRY Intermediate Course.

1.1.3 Content

Day 1

  • Advanced Extraction Methods
  • JTAG RIFF Android
  • JTAG Other Boxes Android
  • JTAG RIFF Windows
  • EMMC Extraction
  • Chip-off

Day 2

  • Hex Refresh
  • Endianess
  • Time Epochs
  • Signed Integrers
  • Delta Sync
  • RegEx
  • Binary Images Examination & Analysis
  • Importing JTAG Images
  • Importing Chip-Off Images

Day 3

  • Intro to Python
  • Python Math Operators
  • Python Variables
  • Python Lists & Tuples
  • Python Loops
  • XACT Data structures
  • File Output
  • Modules re, struct, datetime
  • Adding Data to the XRY Report
  • Automating Tasks with Python

Day 4

  • Advanced Android
  • ADB
  • Rooting
  • Swipe PIN Decoding
  • USB Disabled Devices
  • DD & Nanddump
  • Group Exercise
  • Assessment & Closure

1.1.4 Examination / Certification

XRY Advanced Acquisition Certificate

1.1.5 Comment

NA.

Cellebrite Certified Logical Operator (CCLO)

1.1.1 Objective

The Cellebrite Certified Logical Operator (CCLO) Course is designed for the first responder and the basic to intermediate investigator / examiner. This two days’ course builds on the concepts imparted in the CMFF course and exposes students to the fundamentals of mobile device investigations, logical extraction of user data, and analysis of mobile devices. Operation of the Cellebrite UFED product to perform a number of hands-on logical extractions on various mobile devices with a variety of operating systems is a key component of this class. Skill sets also include creating Safety SIMs and extracting evidentiary data from SIM cards. Participants also create reports on findings and are exposed to the free UFED Reader and how to use that to multiply investigative efforts.

Training Days: 2

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed AGT's Digital Forensics Fundamentals Course.

1.1.3 Content

Day 1

  • Mobile Device Technology Overview
  • Mobile Device Trends
  • Forensic Handling of Mobile Devices
  • UFED Technology Overview and Extractions
  • Logical Extraction
  • Password Extraction

Day 2

  • SIM Extraction
  • SIM Cloning (Safety SIMs)
  • Logical Analyzer Overview
  • Instant Search
  • Filtering
  • Advanced Filtering
  • Bookmarking
  • Watch Lists (Keyword Searching)
  • Project Analytics
  • Malware Scanning
  • Timeline Analysis
  • Reporting on Technical Findings
  • UFED Reader
  • Written Exam
  • Practical Exam

1.1.4 Examination / Certification

Cellebrite Certified Logical Operator certification

1.1.5 Comment

NA.

Cellebrite Certified Physical Analyst (CCPA)

1.1.1 Objective

The Cellebrite Certified Physical Analyst (CCPA) Course is designed for the intermediate and advanced investigator / digital forensic examiner. This three days’ course focuses on the use of Cellebrite’s UFED to perform file system extractions, physical extractions, password bypasses and the advanced analysis of evidentiary items using the UFED Physical Analyzer software.

Training Days: 3

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed Cellebrite Certified Logical Operator Course.

1.1.3 Content

Day 1

  • Media System Files and Encoding
  • Describe file systems used by mobile devices

· Describe data encoding (Binary, Hexadecimal, ASCII, Unicode, Big Endian/Little Endian, Nibble, and 7bit)

  • Describe flash media characteristics

· Describe how data is encoded when written to the flash media

  • UFED Technology Overview and Extractions
  • File System Extraction
  • Physical Extraction

· Identify differences in various UFED technologies (PC vs. Touch Ultimate)

  • Explain different extraction types

Day 2

  • UFED Physical Analyzer Overview

· Decode the contents extracted from mobile devices

· Analyze the contents extracted from mobile devices

· Understand UFED Physical Analyzer functionality and capabilities

  • Advanced Search Techniques
  • Find (Strings, Bytes, Dates, SIM)
  • Regex (GREP)
  • 7 Bit SMS PDU
  • Pattern
  • Code

Day 3

  • Verification and Validation of Findings
  • Hand scroll techniques
  • Third-party tools
  • Database verification and analysis
  • Plug-in Chain Manager

· Discuss the Plug-in Chain Manager and its capabilities

· Demonstrate your ability to use the Plug-in Chain Manager

  • Reporting on Technical Findings

· Discuss reporting options within UFED Physical Analyzer

· Create a report based on evidentiary items from a scenario

  • Certification Examination and Practical

1.1.4 Examination / Certification

Cellebrite Certified Physical Analyst Certification

1.1.5 Comment

NA.

Cellebrite Advanced Smartphone Analysis

1.1.1 Objective

The Cellebrite Advanced Smartphone class is an advanced-level three day, twenty-one-hour course lead by Cellebrite Certified Instructors (CCIs). During this Advanced Series course the students will take an in-depth look into the challenges presented by iOS, Android and Windows Mobile devices. This hands-on class focuses on forensic recovery of application (App) data in SQlite databases, defeating passcodes and unlocking iOS devices, Android and Windows Mobile artifact recovery using Cellebrite Physical Analyzer and a variety of forensic investigative methods to get the information you need.

Training Days: 3

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed Cellebrite Certified Physical Analyst Course.

1.1.3 Content

Day 1

  • SQLite Database file structures
  • SQlite Database Freepage lists
  • SQLite write ahead logfiles
  • SQLite shared memory files
  • SQLite vacuum functions
  • iOS Overview and Analysis Techniques

Day 2

  • Defeating iOS device simple passcodes
  • Defeating iOS device complex passcodes

· Unlocking iOS devices using the iTunes pairing file

  • Recovery and analysis of iTunes backup files
  • Android Overview

Day 3

  • Android system artifacts
  • Android user artifacts
  • Windows mobile operating system overview
  • Windows mobile system artifacts
  • Windows mobile user artifacts

1.1.4 Examination / Certification

NA.

Cellebrite JTAG Extraction and Decoding

1.1 Cellebrite JTAG Extraction and Decoding (CJED) Course

1.1.1 Objective

Cellebrite’s JTAG Extraction and Decoding (CJED) training is an advanced-level three-day course lead by Cellebrite Certified Instructors (CCIs). During this course, participants will learn about the JTAG process, methodologies, purpose and origins as well as understand the equipment and accessories necessary for successful JTAG extractions. Instructors will help attendees to not only develop, but also to hone fundamental soldering skills, gain practical knowledge with hands-on practice as well as share best practices and legal considerations for processing JTAG extractions. Additionally, participants will learn how to fully leverage the Physical Analyzer in order to properly decode JTAG extractions. As part of their attendance, participants will receive a RIFF brand JTAG box, a Molex adapter kit, a class specific tool kit, and a Cellebrite soldering practice board.

Training Days: 3

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed Cellebrite Certified Physical Analyst Course.

1.1.3 Content

Day 1

  • Overview of CJED Training Course
  • Introduction to JTAG Theory
  • Soldering Techniques
  • RIFF JTAG Box
  • Forensic Process

Day 2

  • Tools and Equipment
  • Molex Connectors for JTAG
  • Reference and Research
  • HTC Eris Walk Through

· Hands on Practical Assessment-Putting it All together

Day 3

· Instructor Lead Walk through of the entire JTAG Process

  • Introduction to UFED Physical Analyzer
  • Working with JTAG Extractions
  • Validation and Reporting on Technical Findings

1.1.4 Examination / Certification

NA.

1.1.5 Comment

NA.

Magnet AXIOM Essentials – Smartphone

1.1 Magnet AXIOM Essentials – Smartphone

1.1.1 Objective

The three-day Magnet IEF Essentials – Smartphone course provides students with a detailed understanding of how to image, analyze, and report on smartphone and tablet devices. This course also teaches attendees how to complete the imaging processes using Magnet ACQUIRE. Students will gain an in-depth knowledge of how to analyze smartphone images using the Magnet IEF Interface and Magnet IEF Report Viewer to obtain valuable core and third-party application artifacts from iOS, Android, Windows Mobile, and Kindle devices. Students will learn how to import images obtained from other forensic software tools and advanced processes such as JTAG or Chip-Off examinations.

Training Days: 3

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed AGT's Digital Forensics Intermediate Course.

1.1.3 Content

Day 1

  • Module 1: Introduction and Product Installation
  • Module 2: Magnet ACQUIRE Interface
  • Module 3: Magnet IEF Interface
  • Module 4: Managing Searching Profiles

Day 2

  • Module 5: Magnet IEF Report Viewer Interface
  • Module 6: Artifact Categories

Day 3

  • Module 7: Timeline & World Map Interfaces
  • Module 8: Generating Reports
  • Module 9: Practical Skills Assessment

1.1.4 Examination / Certification

NA.

1.1.5 Comment

NA.

Oxygen Forensic® Complete

1.1 Oxygen Forensic Complete

1.1.1 Objective

Students will obtain a start to finish education on the use of Oxygen Forensic® Detective. The course adds to the Basic and Expert course by introducing advanced methods of Smart Device collections and data analysis. Students will examine collect and analyze data from iOS, Android, and Windows Phone smart devices. Students will work to obtain physical images, understand file system formats, storage methods and evidence locations. Students receive training and instruction on Cloud Storage and extraction techniques using Oxygen Forensic® Detective. SQLite database data is extremely important to today’s smart device examinations. Not only will students receive training on the SQLite database format and creating SQL queries, but Property Lists, recovering deleted data, write-ahead-logs, shared-memory-files and interpreting database artifacts using the SQLite Viewer and secondary tools are covered.

Training Days: 3

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed AGT's Digital Forensics Intermediate Course.

1.1.3 Content

Day 1

  • History and Quick Introduction
  • Different ways to connect to a mobile device
  • Troubleshooting
  • Passwords
  • Logical/Physical collections of Smart Devices
  • Collecting Mobile Device Data
  • Backup and Import of Mobile Device Images
  • Basic Reporting

Day 2

  • Multi-device collections
  • Cases
  • App Data
  • Key Evidence
  • Aggregated Data and Groups
  • Analytics
  • Searching
  • Advanced Reporting

Day 3

  • Obtaining File System Data
  • Types of File Systems
  • Recovering Artifacts from the smart device
  • Cloud Extractions
  • Property List
  • SQLite Databases

1.1.4 Examination / Certification

Oxygen Forensic User Certification

1.1.5 Comment

NA.

Black Bag Mac: BlackLight Tool Training

1.1 BlackLight Tool Training

1.1.1 Objective

Over a period of two days, the BlackLight Tool Training course offers a hands-on investigative approach addressing best practice techniques for authenticating, analyzing and reporting digital evidence found on Microsoft Windows and Mac OS X computers, Android devices, and iOS (iPhone, iPad, and iPod touch) devices. Coursework covers the use of BlackLight, a comprehensive triage and analysis tool designed to help investigators conduct digital forensic examinations. After a brief introduction to MacQuisition, BlackBag’s imaging tool, students triage a full case and learn the advanced functions of BlackLight though instructor-led exercises and hands-on practical case studies.

Training Days: 2

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed AGT's Digital Forensics Intermediate Course.

1.1.3 Content

Day 1

  • Acquiring Evidence using MacQuisition
  • Analyzing Evidence
  • Features and Functionality – Windows
  • Features and Functionality - All Platforms

Day 2

  • Android and iOS Features and Functionality
  • Logical iOS Device Acquisitions
  • iOS Backup Folder Acquisitions
  • Third Party Application Parsing
  • Call History, Voicemail, and Voice Memos
  • SMS and Notes
  • Calendar and Contacts
  • Location Data, Wi-Fi, and Maps
  • Media
  • Reporting
  • Tagging, Metadata, and File Export
  • Organizing and Generating a Report

· Hands-on Practical and Q & A Examination / Certification

1.1.4 Examination / Certification

CERTIFIED BLACKLIGHT EXAMINER (CBE)

1.1.5 Comment

NA.

Advanced JTAG Mobile Device Forensics Training By Teel Technologies

1.1 Advanced JTAG Mobile Device Forensics Training By Teel Technologies

1.1.1 Objective

In this five-day course on JTAG forensics, students learn the skills required to successfully retrieve a physical acquisition from devices that are locked or not supported by commercial and other tools. Participants are provided with a comprehensive education in the non-destructive techniques to acquire data from JTAG connections – from device disassembly and reassembly, to soldering, to password retrieval and data recovery.

Training Days: 5

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed AGT's Mobile Forensics Course and AGT's Intermediate Forensics Course

1.1.3 Content

· Disassemble and reassembly of equipment.

· Soldering skills are mastered in this training.

· Correct application of JTAG technology to access the physical memory.

· Production of a physical dump of a locked / disabled USB debugging Android phone, identification of the password and then restore user data by using your forensics tools.

· Recovery of physical memory from locked Windows or Proprietary OS phones.

· Advanced RIFF Box techniques are also addressed

1.1.4 Examination / Certification

NA.

1.1.5 Comment

NA.

Advanced BGA Chip-Off Forensics Training By Teel Technologies

1.1 Advanced BGA Chip-Off Forensics Training By Teel Technologies

1.1.1 Objective

The five-day class provides students with the skills required to properly remove BGA memory chips from a variety of mobile devices, prepare the memory for read, and use chip-reading equipment to acquire the data. Students will spend the first 2 days understanding the structure of devices and applying the best practices of chip removal, so as to prevent damage during chip extraction. Understanding the difference between memory structures -from mobile device, to tablet, to SSD hard drive – and how chip-off can be utilized to acquire data from a growing number of devices – the class enables examiners to get a handle on the growing trend of BGA memory use.

Training Days: 5

Max. Number Trainees: 12

1.1.2 Prequalification

Students taking this course should have completed Advanced JTAG Mobile Device Forensics Training

1.1.3 Content

· Properly Removing a BGA Chip from a Device

· Handling and Preparing the Chip to be Read

· Reading the Chip to Acquire the Data

· Applying Tools and Techniques to Decode the Data

· Practical on the Chip-off process using feature and smartphones, as well as a locked unencrypted Blackberry.

· Utilizing forensic software to recover the logical and physical data dump

1.1.4 Examination / Certification

NA.

1.1.5 Comment

NA.

Specialized: Audio / Video
FVA 101: Introduction to Forensic Video Analysis

1.1 FVA 101: Introduction to Forensic Video Analysis

1.1.1

Objective

This course provides a comprehensive approach to FVA casework with a primary focus on stream-lined workflows and digital media processing. It is intended for anyone who is new to the field of FVA or persons who have not been formally trained using these tools.

Training Days: 4

Max. Number Trainees: 10

1.1.2 Prequalification

Students taking this course should have completed AGT's Digital Forensics Fundamentals Course.

1.1.3 Content

Day 1

  • Introduction to the forensic video analysis and workflow concepts
  • Understanding video formats
  • Digital video recovery and working with DVR players
  • Processing digital video with Omnivore (start class project)
  • Video processing iNPUT-ACE

· Introduction to ClearID image clarification workflow

Day 2

  • ClearID image clarification workflow (cont.)

· Introduction to digital video processing and analysis using Avid Media Composer

  • Starting a case in Media Composer
  • Basic video editing and non-destructive workflows

· Importing media and Avid AMA direct media file linking

Day 3

· Converting time-lapse video to real time & time code stamping video

· Investigating the video and documenting your observations - video markers

· Using dTective suite plug-ins SPOTlight, MAGNIFi, dVeloper, arithMATIC

  • Using titles and other video labels
  • Final output for court (finish class project)

· Working with and preserving cold case video evidence

Day 4

  • Exporting evidence as video or still image files
  • Processing cell phone videos
  • Media management & project archiving using archive-R
  • Video Field Acquisition using Omnivore Field Kit Overview

· Investigate audio files using Phrase Find text-to-audio word search overview

  • Forensic audio clarification overview using QE
  • FVA Ethics

· Certificate of Completion issued

1.1.4 Examination / Certification

A certificate will be given to participants who complete this training and demonstrate a working knowledge of these techniques. Certificates are handed out on the end of the last day.

1.1.5 Comment

NA.

Avid Forensic Video Analysis Training

1.1 Avid Forensic Video Analysis Training

1.1.1 Objective

Video evidence recovered from a crime scene may be simply examined to produce excellent results for investigative purposes. These basic techniques are the foundation on which this course builds upon. By understanding the technology behind both the recording equipment that produces the evidence and the tools that are utilized by Forensic Video Analysts, examination procedures can be improved upon and streamlined.

Training Days: 3

Max. Number Trainees: 10

1.1.2 Prequalification

Students taking this course should have completed FVA 101: Introduction to Forensic Video Analysis

Course.

1.1.3 Content

Day 1

  • Understanding project options (Progressive vs. Interlaced)
  • Techniques of capturing video evidence for analog
  • Techniques of capturing video evidence for digital
  • Understanding the differences in demultiplexing techniques

· Understanding the differences in magnification techniques

Day 2

  • Customizing the Avid environment
  • Utilizing dynamic presentation techniques
  • Understanding frame averaging techniques
  • Image adjustment techniques for video

· Methods of exporting and importing images and video

Day 3

  • Working with the Timeline
  • Audio processing for video
  • Methods for organizing casework
  • Archiving techniques

1.1.4 Examination / Certification

A certificate will be given to participants who complete this training and demonstrate a working knowledge of these techniques. Certificates are handed out on the end of the last day.

1.1.5 Comment

NA.

LEVA Level 1: Forensic Video Analysis and the Law

1.1 LEVA Level 1: Forensic Video Analysis and the Law

1.1.1 Objective

First responders (Crime Scene Personnel, Fire Investigators, Detectives, and Police Officers) are often tasked with recovering and disseminating digital multimedia evidence without having a proper background or training. Those collecting evidence need a fundamental understanding of how to recover evidence properly and need to be aware of the issues faced when using digital video in investigations.

Training Days: 5

Max. Number Trainees: 10

1.1.2 Prequalification

Students taking this course should have completed FVA 101: Introduction to Forensic Video Analysis Course.

1.1.3 Content

  • Best Practices for recovery of Digital Multimedia Methods
  • Legal issues related to DME
  • Video Compression theory
  • Aspect ratios issues
  • Proper procedure in creating images for wide spread use
  • Report writing procedures and protocols
  • The roles of technicians and analysts
  • Introduction to analysis
  • The scientific method

1.1.4 Examination / Certification

The first course towards LEVA Certification.

1.1.5 Comment

NA.


LEVA Level 2: Digital Multimedia Evidence Processing

1.1 LEVA Level 2: Digital Multimedia Evidence Processing

1.1.1 Objective

There is a significant, specific skill set that investigators need to PROPERLY handle and process the digital multimedia evidence that gets collected. If the DME is not handled and processed carefully, according to best practices, the video/audio might not be interpreted accurately. This course exposes students to more advanced theory and hands-on techniques that conform to the Best Practices for the Acquisition and Processing of Digital Multimedia Evidence (DME).

Training Days: 5

Max. Number Trainees: 10

1.1.2 Prequalification

Students taking this course should have completed LEVA Level 1: Forensic Video Analysis and the Law Course.

1.1.3 Content

Day 1

  • The roles of technicians and analysts
  • Recognition versus identification of objects depicted in video

· Video data authentication and data integrity verification techniques

  • Interrogation of digital multimedia evidence.

Day 2

  • Proper workflow processes
  • Introduction to digital non-linear editing techniques
  • Video clarification techniques
  • Audio theory
  • The scientific method

Day 3

  • Comparative analysis techniques
  • Introduction to image editing techniques
  • Image clarification techniques
  • Video compression

Day 4

  • Image data authentication and tampering detection
  • Freeware tools and metadata examination
  • Basic audio processing and redaction

Day 5

  • Tool selection and options
  • Digital media authentication legal concepts
  • Reports and Curriculum Vitae essentials

1.1.4 Examination / Certification

The second course towards LEVA Certification.

1.1.5 Comment

NA.

LEVA Level 3: Advanced Forensic Video Analysis and the Law

1.1 LEVA Level 3: Advanced Forensic Video Analysis and the Law

1.1.1 Objective

This course is primarily hands-on in which students process video evidence, write a report and present it in a moot court. Perfecting the CV is also featured. This 40-hour advanced level of instruction focuses on case law and relevant issues as well as advanced forensic video analysis techniques.

Training Days: 5

Max. Number Trainees: 10

1.1.2 Prequalification

Students taking this course should have completed LEVA Level 2: Digital Multimedia Evidence Processing Course.

1.1.3 Content

  • On own, process video evidence from provided case content
  • Write a report
  • Present case exemplar in a moot court.

1.1.4 Examination / Certification

The third course towards LEVA Certification.

1.1.5 Comment

NA.

Cognitech Forensic Video Analysis Certification: Level 1

1.1 Cognitech Forensic Video Analysis Certification: Level 1

1.1.1 Objective

Cognitech TriSuite was developed for professional forensic expert use and meets the repeatability required for expert witness testimony. The workflow in Cognitech TriSuite is completely lossless. Unlike traditional video capture solutions, the VideoActive software provides real time lossless capture ensuring that you get the best evidence possible. Cognitech TriSuite enables unprecedented flexibility in video processing by allowing the end-user to apply different filter parameters to any portion of any frame in a video.

Training Days: 5

Max. Number Trainees: 10

1.1.2 Prequalification

Students taking this course should have completed LEVA Level 2: Digital Multimedia Evidence Processing Course.

1.1.3 Content

  • Introduction to Forensic Video Analysis.

· Video & CCTV Fundamentals & techniques.

· Forensic Video Evidence recovery techniques.

  • Video capture HDD cloning.
  • Digital Video Processing techniques.

? Basic MIDAS R3 Operation.

? Basic/Advanced DARS operations.

? Cognitech Video Active.

? Cognitech Video Investigator.

? Cognitech Auto Measure.

  • Report writing and court presentations.

1.1.4 Examination / Certification

Cognitech Forensic Video Analysis Certification

1.1.5 Comment

NA.

AUDIO FORENSICS: Batvox Standard Training Level 1

1.1 AUDIO FORENSICS: Batvox Standard Training BAT School Certification Level 1

1.1.1 Objective

All the users granted with this Initial Level of certification are prepared to perform experiments with BATVOX, use properly all the features of the system, prepare voice corpora (reference populations) and use the system for standard and non-complex conditions such as same channel/ language recordings with good acoustical quality

Training Days: 5

Max. Number Trainees: 10

1.1.2 Prequalification

Students taking this course should have completed AGT's Digital Forensics Fundamentals Course.

1.1.3 Content

Day 1

  • Introduction to voice analysis
  • source /filter, theory of speech production
  • spectrum, formants, FFT analysis

Day 2

  • Introduction to Biometry
  • Verification Systems
  • Basic Concepts (models, parameters, reference popula1ons)

Day 3

  • Introduction to Forensics Tasks
  • Brief history of forensic voice analysis
  • Iden1fica1on / verifica1on concept
  • Introduc1on to Likelihood Ra1os
  • Fundamentals of BATVOX opera1ons
  • User Interface management
  • Crea1ng cases
  • Types of tasks (normalized/non normalized iden1fica1ons, LRs)
  • Reference popula1ons
  • Results
  • Recommended workflow

Day 4

  • Practical Exercises

· There will be practical exercises at the end of each sec1on throughout the course

· The practical exercises will form part of the final assessment and certification

Day 5

· Final Exam & Assessment: There is formal test at the end of this course based on the basic voice biometric concepts.

· This certification level will be granted upon successful execu1on of practical exercises at the end of each section during the training course and successful completion of the final test at the end of the course.

1.1.4 Examination / Certification

The second course towards LEVA Certification.

1.1.5 Comment

NA.

AUDIO FORENSICS: Introduction to IKAR LAB (STC)

1.1 AUDIO FORENSICS: Introduction to IKAR LAB (STC)

1.1.1 Objective

Audio forensic training is an important part of IKAR Lab efficient work. Training courses are designed to provide the students with detailed theoretical and hands on classes on audio forensic products and methods used for different types of examinations. IKAR Lab is a professional hardware and software solution for advanced speech signal analysis. It provides the capabilities to perform a multitude of valuable audio processing, analysis, audio restoration and voice comparison functions.

Training Days: 5

Max. Number Trainees: 10

1.1.2 Prequalification

Students taking this course should have completed AGT's Digital Forensics Fundamentals Course.

1.1.3 Content

  • Report writing and court presentations.
  • Introduction to Sound.
  • Noises & Distortion.
  • Speech Production.
  • Automatic Speaker Identification/VoiceNet.
  • Digital Signal.
  • IKAR LAB Structure.
  • Speech Enhancement.
  • Text transcription of low quality recordings.
  • Audio equipment testing and identification.
  • Analysis of acoustic environment and recording conditions.
  • Sound Cleaner.
  • Speech Interactive System SIS II.
  • Vocal Apparatus.
  • Sound waves.

1.1.4 Examination / Certification

NA.

1.1.5 Comment

NA.

Advanced Audio Forensics Training (STC)

1.1 Advanced Audio Forensics Training (STC)

1.1.1 Objective

Audio forensic training is an important part of IKAR Lab efficient work. Training courses are designed to provide the students with detailed theoretical and hands on classes on audio forensic products and methods used for different types of examinations. IKAR Lab is a professional hardware and software solution for advanced speech signal analysis. It provides the capabilities to perform a multitude of valuable audio processing, analysis, audio restoration and voice comparison functions.

Training Days: 5

Max. Number Trainees: 10

1.1.2 Prequalification

Students taking this course should have completed AUDIO FORENSICS: Introduction to IKAR LAB (STC) Course.

1.1.3 Content

  • Sound recording for forensic audio experts: recording voice samples
  • The theory and practice of noise cancellation and low-quality speech decoding
  • Noise reduction software in real-life practice.
  • The practice of speech decoding
  • Articulation and speech production
  • Forensic voice identification: different approaches and methods
  • Forensic voice identification: spectrographic method
  • Forensic voice identification: real-life examples
  • Authentication: theory and practice
  • Authentication: real-life examples
  • Report writing.

1.1.4 Examination / Certification

NA.

1.1.5 Comment

NA.



Course Schedule with dates 2017
;
No Training Title Days Start Date End Date
1. Vendor Neutral Training Courses: Foundation training
1.1. AGT's Digital Forensics Fundamentals Course 5 Sunday, March 5, 2017 Thursday, March 9, 2017
1.2. AGT's Digital Forensics Fundamentals Course 5 Sunday, April 2, 2017 Thursday, April 6, 2017
1.3. AGT's Digital Forensics Fundamentals Course 5 Sunday, April 30, 2017 Thursday, May 4, 2017
1.4. AGT's Digital Forensics Intermediate Course 5 Sunday, March 19, 2017 Thursday, March 23, 2017
1.5. AGT's Digital Forensics Intermediate Course 5 Sunday, April 16, 2017 Thursday, April 20, 2017
1.6. AGT's Digital Forensics Intermediate Course 5 Sunday, May 14, 2017 Thursday, May 18, 2017
1.7. AGT's First Responder Training 3 Sunday, March 19, 2017 Tuesday, March 21, 2017
1.8. AGT's First Responder Training 3 Sunday, April 16, 2017 Tuesday, April 18, 2017
1.9. AGT's First Responder Training 3 Sunday, May 14, 2017 Tuesday, May 16, 2017
2. Specialized Vendor Training: Forensics Foundation
2.1. Digital Media - Acquisition and Triage 3 Sunday, April 2, 2017 Tuesday, April 4, 2017
2.2. Digital Media - Acquisition and Triage 3 Sunday, April 30, 2017 Tuesday, May 2, 2017
2.3. ADF Triage for Investigators 2 Wednesday, March 22, 2017 Thursday, March 23, 2017
2.4. ADF Triage for Investigators 2 Wednesday, April 19, 2017 Thursday, April 20, 2017
2.5. ADF Triage for Investigators 2 Wednesday, May 17, 2017 Thursday, May 18, 2017
2.6. X-Ways Forensics I 4 Sunday, May 7, 2017 Wednesday, May 10, 2017
2.7. Belkasoft Evidence Center 2016 3 Sunday, March 19, 2017 Tuesday, March 21, 2017
2.8. Belkasoft Evidence Center 2016 3 Sunday, April 23, 2017 Tuesday, April 25, 2017
2.9. Magnet AXIOM Essentials – Computers 3 Sunday, April 16, 2017 Tuesday, April 18, 2017
2.10. Magnet AXIOM Essentials – Computers 3 Sunday, May 14, 2017 Tuesday, May 16, 2017
2.11. Guidance EnCase® Foundation in Digital Forensics - EnCase I 4 Monday, April 3, 2017 Thursday, April 6, 2017
2.12. Guidance Navigating EnCase® Forensic Version 8 - EnCase II 4 Sunday, April 9, 2017 Wednesday, April 12, 2017
2.13. Nuix 101 1 Monday, April 3, 2017 Monday, April 3, 2017
2.14. Nuix 101 1 Monday, May 1, 2017 Monday, May 1, 2017
2.15. Nuix Foundations - Investigations 3 Tuesday, April 4, 2017 Thursday, April 6, 2017
2.16. Nuix Foundations - Investigations 3 Tuesday, May 2, 2017 Thursday, May 4, 2017
3. Specialized Vendor: Windows
3.1. Encase Advanced Computer Forensics 4 Monday, April 24, 2017 Thursday, April 27, 2017
3.2. Encase Advanced Internet Examinations 4 Sunday, April 30, 2017 Wednesday, May 3, 2017
3.3. Nuix Windows Investigation 3 Sunday, April 9, 2017 Tuesday, April 11, 2017
3.4. Nuix Windows Investigation 3 Sunday, May 7, 2017 Tuesday, May 9, 2017
4. Specialized Vendor: Apple
4.1. Black Bag Mac: Essential Forensic Techniques I 5 Sunday, April 9, 2017 Thursday, April 13, 2017
4.2. Black Bag Mac: Essential Forensic Techniques II 5 Sunday, April 30, 2017 Thursday, May 4, 2017
4.3. EnCase Examinations of the Macintosh Operating Systems 4 Sunday, May 21, 2017 Wednesday, May 24, 2017
5. Specialized: Linux
5.1. Certified Linux Forensic Practitioner (CLFP) 2 Wednesday, April 12, 2017 Thursday, April 13, 2017
5.2. Certified Linux Forensic Practitioner (CLFP) 2 Wednesday, May 17, 2017 Thursday, May 18, 2017
6. Specialized Vendor: Mobile
6.1. AGT's Mobile Forensics Course 4 Sunday, March 26, 2017 Wednesday, March 29, 2017
6.2. AGT's Mobile Forensics Course 4 Sunday, April 23, 2017 Wednesday, April 26, 2017
6.3. AGT's Mobile Forensics Course 4 Sunday, May 21, 2017 Wednesday, May 24, 2017
6.4. XRY Foundation Certification 2 Sunday, April 9, 2017 Monday, April 10, 2017
6.5. XRY Intermediate 3 Tuesday, April 11, 2017 Thursday, April 13, 2017
6.6. XRY Advanced Apps Analysis 5 Sunday, April 16, 2017 Thursday, April 20, 2017
6.7. Cellebrite Certified Logical Operator (CCLO) 2 Sunday, May 7, 2017 Monday, May 8, 2017
6.8. Cellebrite Certified Physical Analyst (CCPA) 3 Tuesday, May 9, 2017 Thursday, May 11, 2017
6.9. Cellebrite Advanced Smartphone Analysis 3 Sunday, May 14, 2017 Tuesday, May 16, 2017
6.10. Magnet AXIOM Essentials – Smartphone 3 Tuesday, April 18, 2017 Thursday, April 20, 2017
6.11. Magnet AXIOM Essentials – Smartphone 3 Tuesday, May 16, 2017 Thursday, May 18, 2017
6.12. Oxygen Forensic® Complete 3 Sunday, April 23, 2017 Tuesday, April 25, 2017
6.13. Advanced JTAG Training by Teel Technologies 5 Sunday, April 23, 2017 Thursday, April 27, 2017
6.14. Advanced BGA Chip-Off Training by Teel Technologies 5 Sunday, April 30, 2017 Thursday, May 4, 2017


Register Now!

Contact Form

Registration Form

* required fileds

Registration Approve

Your Email has been sent