Computer Labs

Computer labs require separate registration which will open in July. Look out for an email from us announcing computer lab registration. 

Become A Google Jedi: Save Yourself from Information Overload   
Dean Chatfield, Lauren Wagner
This computer lab will teach students how to effectively use Google to filter search results to relevant and usable information. Students will complete hands-on exercises using Google Boolean and advanced operators.
Target Audience: LE, Pros, Probation, Parole, VA, Medical, FI, Therapist, CPS, CAC

Budget Friendly Forensics (Part 1 & 2)
Jeff Shackelford 
Unfortunately in today’s age many agencies are still unable to adequately fund computer forensic programs due to the high costs commonly associated with commercial software and high-end forensic computers. In this lab, attendees will be exposed to various low and no-cost, budget saving software and hardware alternatives that can save them substantial amounts of money and time, and do so without sacrificing ANY forensic functionality or efficiency to their work flow. Attendees will leave with a new set of valuable tools and the skills to put them to use on a daily basis. Come see how affordable forensics can really be when you have the right tools, and the right information, and learn firsthand why a product’s price is not necessarily a reflection of its quality or capabilities.
Lab Open to Law Enforcement and Prosecutors Only

Call Detail Records Analysis and Mapping (Part 1 & 2)
James Isaacs
This lab is designed for law enforcement officers handling call detail records. Due to the high expense of call detail records programs, individual departments cannot always afford the cost. This lab will teach students how to gather investigative intelligence using tools already available to law enforcement. Using tools like Microsoft Excel and Google Maps, students can quickly learn how to map cell towers, locate the geographic areas of suspects, and identify co-conspirators and significant others. Most importantly, students will build a solid foundation for working with cellular networks to strengthen delivery and level of expertise of technical data when testifying. Students will be provided sample call data records during the lab to learn specific investigative processes.
Lab Open to Law Enforcement and Prosecutors Only

Case Management and Reporting Using MS OneNote (Part 1 & 2)
Robert Benson, Jeff Bickford
In today’s era of criminal investigations, digital data is becoming ever increasingly critical in investigations. The organization of the data can be a daunting task. This presentation is designed for the professional looking to manage cases more effectively and more efficiently in a digital format. The presentation begins with an introduction to Microsoft OneNote, its capabilities and how it can be incorporated into investigations. The presenters will show how to handle large quantities of digital information and how multiple persons can collaborate on a single case. This presentation will also demonstrate how to efficiently organize information so it can be easily retrieved and presented to supervisors, prosecutors and juries. Real case examples will be shown to demonstrate how OneNote can be used by both an investigator and a forensic examiner.  
Target Audience: 
All attendees

Child Protection System (CPS) Update
William Wiltse
This hands-on lab is designed for currently licensed and experienced peer-to-peer investigators and will showcase the newest functionality built-in to the Child Protection System (CPS). Topics include the addition of BitTorrent and Chatstep data, Media Library and IRC-LE replacement via CPS Desktop integration and more. A current CPS license is not required to participate in this lab, nor will a CPS license be issued upon completion of this training.
Target Audience: Law Enforcement and Prosecutors only.

Cryptography
Gary Kessler
Cryptography is a common factor in investigations involving computers and mobile devices. Encryption is employed to protect everything from our private data or nefarious activity. More operating systems make encryption a standard part of the file system and users increasingly employ secure practices, making cryptography a bigger threat to the computer forensic examiner's ability to search a system. This lab will review basic terms and concepts, and employ examples of crypto tools, such as hash functions, AES, RC4, Pretty Good Privacy (PGP), the Encrypting File System (EFS), TrueCrypt, and mobile device encryption.
Target Audience: 
LE, Pros, Probation, Parole

Facebook: Advanced Searching and Saving Techniques (Part 1 & 2)  
Justin Fitzsimmons, Lauren Wagner
Facebook is the largest worldwide social media website and contains a substantial amount of potential investigative information. Facebook information can be searched in three separate and distinct ways. One method is to use Facebook graph search, which uses specific targeted terms that, when used correctly, can show investigative material. The instructors will demonstrate how graph search works, and explain how syntax—the structure of the search keywords and phrases—is vital to a successful search. The second method is to use URL manipulations. Once a Facebook profile has been identified, these URL manipulations can show content from this target, such as photo comments, video likes, and comparisons with friends. These URL manipulations are specific and offer information beyond what can be found simply by looking at someone's profile. The third method uses Google advanced and Boolean operators to search on Facebook in a broader sense. Constructing a good keyword string is key to ensuring that investigative material is found. The instructors will demonstrate examples of specific syntax that should be used.
Target Audience: LE, Pros, Probation, Parole

Finding the Hands-On Offender in Your Jurisdiction (Part 1 & 2)
Michael Sullivan
This lab will examine how students can identify subjects seeking to sexually exploit children using two different chat clients; Chatstep and Internet Relay Chat. The lab will demonstrate how to locate offenders from the student’s home jurisdiction. Students will learn how to create undercover personas that comply with the ICAC Standards and Guidelines. They will learn how to locate and trace the IP address and screen names in use by the subjects engaging in illegal activities. This lab will also examine the alternative methods that can be used to identify subjects who have obfuscated their IP Address.
Target Audience: LE, Pros, Probation, Parole

Hide and Seek: The “Open Source” Highway to Finding Someone (Part 1 & 2)
Tom Lane, Wesley Layton, Jeremy Wingo
The lab is aimed at today’s digital age where no one’s privacy is safe or private. In this lab you will learn the principles of open source intelligence gathering, conduct fundamental network investigation and interpretation of internet traces, including digital images, email and social networks. The presenters will show how to use open sources to your advantage in conducting intelligence gathering on a suspect or a person of interest. The internet is full of “open source” investigative tools to gather this intelligence. These tools are publicly available sources such as media, social media, public data, observation data, professional and academic, and the deep web.
Target Audience: LE, Prosecution, Probation, Parole, CPS

Innocence Lost Database/Web Archival Tool (Part 1 & 2)
Sandra Berchtold
The new Innocence Lost Database and Web Archival Tool (ILD/WAT) is an innovative answer to a complex struggle against the constantly changing landscape of human sex trafficking investigations. At no cost to the utilizing agency, users are connected to a powerful tool offering deeply powerful analytics and the ability to connect with, contribute to, and benefit from HT investigations nationwide, effectively creating a national response to a national problem. The ILD/WAT offers an array of services similar to those often pieced together through various public and paid services, but offers enhancements and additions found nowhere else. Usable on any platform, from desktop to smart phone, the new ILD/WAT offers a long-awaited edge to analysts or investigators from any organization.
Target Audience: LE

Introduction to Digital Triage with WinFE (Part 1 & 2)   
Dean Chatfield, Timothy Lott 
The Windows Forensic Environment (WinFE) is a new bootable forensic environment. WinFE does not mount the suspect’s hard drive which will allow investigators to operate in a traditional Windows environment and run their preview tools against a suspect computer. This lab and lecture will provide the attendee with the skills and software necessary to create a WinFE image which can be booted by either CD or USB device. Students will also have the opportunity to practice booting a “suspect computer” with their WinFE and run preview tools. **Note: Due to Windows licensing rules students will create their CD and USB thumb drives using a 30-day evaluation copy of Windows.  
Lab Open to Law Enforcement Only

Introduction to Online Undercover Chat (Part 1 & 2)
Jesse Crowe, Jim Valley
This lab will provide an overview of basic undercover chat investigations. The presenters will discuss the tools needed to properly set up a lab and some of the related issues to be considered. Attendees will learn how to configure computers and utilize specific chat sites on the Internet. Common ways to chat to potential predators will be discussed. Time will be allowed for hands-on exercises where attendees will explore selected chat sites and use the techniques discussed.
Lab Open to Law Enforcement Only

Introduction to Open Source Digital Forensics (Part 1 & 2)  LAB
Dean Chatfield, Timothy Lott
Autopsy® is an automated environment that has the core analysis features needed by law enforcement to conduct an investigation of digital media, such as hard drives, memory cards, or mobile devices. Autopsy® has been developed by Basis Technology and an open source community. Autopsy® is available FREE of charge. Students will receive an introduction to the software and how they can utilize it during their investigations to assist with the recovery of digital evidence. Attendees should have a basic understanding of computer forensics.
Lab Open to Law Enforcement Only

IP Hunting: Geo Locating a Suspect
Mat Henley, Greg Kesner  
This Lab will take you through the tools used to identify and locate users on the internet. Some of the basics of internet IP addressing and what challenges face Law enforcement will be discussed.  A number of exercises and real world examples will be demonstrated and then students will be taken through the use of each tool. The lab will culminate in an exercise that will challenge the participants to use the tools demonstrated throughout the lab to locate an IP address.
Lab Open to Law Enforcement Only

Neula: The Future of Forensics
William Wiltse
Designed for both forensic computer examiners and field investigators this hands-on lab will utilize cutting-edge technology for recovering child abuse imagery from digital devices. Revolutionary in nature, this application will locate 100% of known child exploitation imagery, even from unallocated space, and requires only minimal effort by the examiner. This translates into significant time savings for your ever-increasing forensics backlog.
Lab Open to Law Enforcement and Prosecutors Only

Project VIC Advanced Workflow and Initiatives (Part 1 & 2)
Rich Brown, Jim Cole, Johann Hofmann
In this lab, the presenters will cover advanced workflows, apps and features. They will discuss several advanced projects underway and being planned for the future. The presenters will share the latest and greatest advancements in Project VIC and how you can be involved. Lastly, they will discuss facial detection and recognition, photo matching in the absence of exif data, the Project VIC Alert System, The Project VIC-NCMEC direct connection project and more.
Lab Open to Law Enforcement Only

Project VIC and Victim Identification Practices Using Griffeye Analyze (Part 1 & 2)
Rich Brown, Jim Cole, Johann Hofmann
We are seizing more data than ever before. In this lab you will learn how to analyze your visual data (images/videos) more efficiently using Griffeye Analyze DI (free for LE for child exploitation) in your investigative and forensic workflow. This lab will provide hands on instruction on how to sign up for Project VIC hashes, how to obtain Griffeye Analyze DI for free, how to utilize the tools to obtain workload reduction, move through your data much more efficiently and find new victims of abuse.
Lab Open to Law Enforcement Only

Prosecutors and Social Media: Advanced Searching  
Justin Fitzsimmons, Lauren Wagner
This computer lab, designed specifically for prosecutors, will explore various social networking sites and potential evidence recoverable from those sites for the use in child maltreatment cases. Participants will learn various techniques that can be used to not only identify profiles of people involved in the case, but also how to utilize the connections between people to explore more potential corroborative evidence.
Lab Open to Prosecutors Only 

RAM: A “Real-World” Approach to Memory Acquisition & Analysis
Jeff Shackelford 
For years, we’ve all been instructed on the importance of collecting volatile memory, (aka "RAM") from running machines at a crime scene. The problem however, was that no one wanted to talk about the common problems often associated with acquiring, (and especially analyzing) this unique type of data. In this presentation, we will discuss the common pitfalls often encountered with collecting memory, as well as discuss a new acquisition method which allows investigators and examiners to acquire and analyze "process-specific" binary memory images. This new methodology and approach to active memory could potentially save you hours of time and trouble both in the field and also in the lab. In addition to acquisition techniques, we will teach you several simple, automated ways that anyone, (including novice examiners), can use to conduct a basic analysis of RAM. Attendees will also gain introductory information on how they can harness the power of both commercial and open-source tools together for advanced memory analysis.
Target Audience: 
LE, Forensic Examiners

Save 60% of Your Human Trafficking Investigation Time with Spotlight
Kristin Boorse, Domenick Kaufman
There are more than 200,000 escort ads posted every day in this country. Somewhere in that pile of data are children who are bought and sold online for sex. In this lab, attendees will see first-hand how Spotlight helps prioritize leads by leveraging machine learning algorithms and utilizes link analysis tools show connections of disparate data sources to help law enforcement understand the historical and geographical reach of a victim’s trafficking situation. Attendees will see how Spotlight is used during the investigation process, case study from the field and hands on exercises using the application. Spotlight is offered free of charge to law enforcement and can help reduce human trafficking investigations by 60%. There are more than 4,000 users across more than 1,000 federal, state and local agencies that rely on Spotlight as their primary human trafficking application.
Lab Open to Law Enforcement Only 


SEARCH.org Investigative Resources LAB
Dean Chatfield, Timothy Lott
SEARCH has offered technology-driven solutions to the law enforcement community for over 40 years. This lab session will explore the cutting-edge services and products SEARCH uses to aid investigators in crimes with digital evidence. These resources also provide guidance on utilizing technology to corroborate evidence in traditional crimes. Topics include the new SEARCH add-on (a replacement for the SEARCH Investigative Toolbar), available for Firefox, Chrome, and Safari; The SEARCH Internet Service Provider (ISP) List to find legal contacts for investigative purposes; technology guides that cover current investigative trends; and our online video presentation series, webinar offerings and podcast series.
Lab Open to Law Enforcement, Prosecutors, Probation and Parole Only

Smartphones & the Apps that Rule Them
Shannon Gomez, Amber Schroader
Smartphones are more than just messages and phone calls, they are the Apps that rule their data. It is important to understand that many users have moved to third party Apps to be able to attempt to hide data from potential investigations. In a sea of millions of Apps it is important to learn how to find the App and then view the data in a parsed and unparsed form, that is what you will learn by attending this lab.
Target Audience: 
LE, Pros, Probation, Parole

TCP/IP Protocols and Analysis (Part 1 & 2)
Gary Kessler
The Transmission Control Protocol/Internet Protocol (TCP/IP) suite is the basis for all communication on the Internet and, of course, the primary vector for cybercrimes. An increasing number of investigations require that the digital forensics analyst understand the operation of the protocols comprising the TCP/IP protocol suite as well as the tools that can be used to capture network traffic and analyze the contents of the packets. This lab will delve into the operation of the TCP/IP communication protocols (e.g., IP, TCP, UDP, and ICMP) and application protocols (e.g., FTP, SMTP, POP, DNS, and HTTP). The use of WireShark will also be discussed and presented. Hands-on exercises will be used to reinforce the lecture topics, including analysis of abnormal traffic.
Target Audience:
LE

Tech Tools for Prosecutors  
Justin Fitzsimmons, Lauren Wagner
This computer lab, designed specifically for prosecutors, will introduce software and methodologies that can be used by prosecutors. Topics will include Firefox add-ons, such as Video Downloadhelper (to save videos from YouTube and other websites), and Screengrab (to save or copy websites). Also included will be Google searching techniques (Boolean operators) to make searching for information much for efficient and reliable. Google advanced operators, such as site: (to search only particular websites) and file type: (to search only particular file types), as well as Google services such as Images (to search only images as well as reverse image searching techniques) and Scholar (to search only legal journals) will also be covered. Also in Google we will talk about all the data saved that can be viewed in 'Dashboard' and 'My Activity'. Other software that will be introduced includes: Jing (screenshot and screencast software), VLC (for playing movies), Irfanview (for viewing images), and Audacity (for audio editing).
Lab Open to Prosecutors Only

Tracing IP Addresses
Gary Kessler
This lab will cover tracing IP addresses and other source data on the Internet. Investigations in cyberspace -- whether taking a detailed look at electronic mail or social networks, or just examining server log entries -- often require that an investigator understand the basics of Internet Protocol (IP) addresses and Internet domains, including finding who owns an IP address, who owns a domain name, and, most importantly, who pays for a domain name. There are a plethora of tools available for the investigation of cybercrimes and this session will discuss many of these tools and how they work.
Target Audience: 
LE, Pros, Probation, Parole

Twitter Investigations Lab
Dean Chatfield, Lauren Wagner
The Windows Forensic Environment (WinFE) is a new bootable forensic environment. WinFE does not mount the suspect’s hard drive which will allow investigators to operate in a traditional Windows environment and run their preview tools against a suspect computer. This lab and lecture will provide the attendee with the skills and software necessary to create a WinFE image which can be booted by either CD or USB device. Students will also have the opportunity to practice booting a “suspect computer” with their WinFE and run preview tools. **Note: Due to Windows licensing rules students will create their CD and USB thumb drives using a 30-day evaluation copy of Windows.  

Lab Open to Law Enforcement Only 

Using Andy's Emulator
Michael Sullivan
Students will learn how to install and use Andy's emulator so they can use a computer in place of a smartphone. Students will create accounts for use on Andy's, Gmail, and then visit the Play Store to install the applications KIK, Grindr and Fake GPS. Using these APPS the students will see how the computer now mirrors the use of a smartphone and allows the investigator to geo-locate to their home jurisdiction.

Target Audience: 
LE, Pros, Probation, Parole