D - Digital Evidence

This 80-hour course is designed for investigators who have basic computer skills and are new to computer forensics. This class will provide training on: forensic computer components; set-up and trouble shooting of forensic hardware and software; case management; understanding the fundamentals of a search warrant; search and seizure of computer/digital evidence; tools, skills and protocols necessary to assist in the forensic investigation and prosecution of a computer crime. The course includes: Understanding of computer forensics; Fundamentals of computer hardware; Working a case from the beginning to the final report; Conducting basic searches and analysis of evidence; Overview of forensics software; Legal update; Writing effective search warrants; Preparing evidence for presentation in court; Understanding file systems; Evidence identification; Removal, recovery, and accessing digital media, Understanding fundamentals of write blocking

This 36-hour course is designed to provide law enforcement personnel with foundation skills for the investigation of computer related crimes. Special circumstances arise and special consideration has to be given when a computer is used as an instrument of crime, when a computer is the target of criminal activity or when a computer contains records of criminal activity. The course includes: Using a computer to commit a crime; Records of criminal activity on computers; How computers work and store data; Seizures of computer crime evidence; Working with a computer forensic specialist; Writing search warrants for high tech crimes; Specialized legal problems with electronic data and equipment, Resources to assist investigations

This 40-hour course is designed to provide investigators with the necessary training, skills, knowledge and practical experience to conduct on-line crime investigations. Instruction will also be provided on using the internet as an investigative tool including: internet protocols; LAN/WAN/GAN operations; e-mail tracing; and social networking sites as investigative resources. The course includes: Components of the internet; How the internet works; Laws relative to on-line investigations; Review of crimes committed on the Internet; E-mail and IP tracing; IRC, FTP, and Newsgroups; Overview of social networking sites, Detection and prevention of internet crimes

This 28-hour course is designed for criminal investigators, prosecutors, or support staff whose duties include investigation and prosecution of high-technology crimes and the seizure of electronic evidence. Students will learn the fundamentals of computer operations and hardware function, and how to protect, preserve, and image digital evidence. This class will introduce students to the unique skills, best practices and methodologies necessary to assist in the investigation and prosecution of computer crimes, on such topics as partitioning, formatting, data storage, hardware and software write blockers, the boot up process, and duplicate imaging.

This 40-hour course is designed to provide investigators with the training, skills, knowledge and practical experience in using some of the more advanced tools developed for computer forensics. Instruction will be provided on different tools each fiscal year. The course includes: The principles of how/why the tool was developed; Imaging digital evidence; How the tool verifies and ensures no changes to original evidence; Setting up a forensic case; Use of Hash and Signature analysis to limit area searched; Word/text searching; Boolean terms, GREP expressions and Scripts to increase search effectiveness, Creating a report of results of investigation

This 80-hour course provides investigators of high technology and/or computer crimes with training on tools and procedures for conducting difficult and detailed forensic examinations of personal computers and seized digital media. Students will also learn how to build their own forensic analysis computer, troubleshoot and repair problems with their computers, and become familiar with advanced capabilities of tools available to the forensic analyst. The course includes: Laws relative to search warrants and recovery of digital evidence; How to build and trouble-shoot an efficient forensic analysis computer; Available analysis tools for recovery of digital evidence; Preservation, recovery and examination of digital evidence; Limiting forensic analysis to case needs; Reporting evidence discovered in digital format; Discovery issues (contraband, instruments, etc.), Lab work and case exercises

This 40-hour course is designed to teach law enforcement investigators the principals of responding to and investigating network intrusion crimes. Students will create a Local Area Network (LAN), Wide Area Network (WAN), Global Area Network (GAN) and use them to study, explore, and understand how exploits and hacks of networked systems are committed. Included in the course: Network construction and operation; In-depth examination of networking protocols; Advanced investigative techniques; Review of current network exploits; Case analysis of network intrusions; Legal update; Resources; Evidence handling, Hands-on lab

This 40-hour course is designed to provide law enforcement personnel with foundational skills for forensic examination of cellular phones used as instruments of crime or when cellular phones contain records of criminal activity. These records can include phone book entries, call history, text messages, calendar entries, images, and videos. Classes will include: Basic understanding of cellular phones and cellular networks; Description of a variety of tools (both hardware and software) available for extracting data from cellular phones; Demonstrations of how different cellular phone forensic tools work; Laws related to seizure and examination of cellular phones; Hands on exercises for extracting data from cellular phones, SIM cards and flash media cards using a variety of different tools; Basic understanding of SIM cards, Techniques for isolating cellular phones from cellular networks

This 40-hour course is designed to give high tech-computer forensic investigators working knowledge of Apple devices, the Operating System, and conducting forensic examinations of Mac media. Students will learn how to navigate in and work with the Apple’s OS X and Linux environments. Apple Computers supports the Mac OS and provides an environment to run Windows, Linux, and the UNIX-based Operating Systems. Because of this versatility, investigators are performing more forensic investigations on Apple computers.