Computer Labs

Computer labs require separate registration which will open in July. Look out for an email from us announcing computer lab registration. 

Adobe for Digital Photo, Video and Audio in Law Enforcement (Part 1 & 2)
John Penn
This class will cover the use of digital media tools for law enforcement scenarios. Intermediate Photoshop, Premiere and Audition will be taught for working with photos, video and audio. Attendees should leave the course comfortable with image manipulation and enhancement tools, video tools for stabilizing shaky video, sanitizing videos, and the basics of working with enhancing audio files. Lessons should be applicable to a wide variety of digital media related law enforcement tasks from forensics, to victim identification to review of body worn camera footage.
Lab Open to Law Enforcement and Prosecutors Only

The Adult Undercover Persona and Introduction to Internet Relay Chat (Part 1 & 2)
Kevin Laws
This lab will provide a basic overview of IRC to include navigation and the logging function of the IRC client (mIRC). The presenter will demonstrate how to build your IRC undercover persona and introduce you to the various chat rooms dedicated to the sexual exploitation of children. Tips about chatting and building your investigation based on the presenter’s experience will be discussed. Lastly, suggestions for court presentation including presenting your evidence and jury considerations will be provided.
Lab Open to Law Enforcement and Prosecutors Only

Become A Google Jedi: Save Yourself from Information Overload   
Dean Chatfield, Lauren Wagner
This computer lab will teach students how to effectively use Google to filter search results to relevant and usable information. Students will complete hands-on exercises using Google Boolean and advanced operators.
Target Audience: LE, Pros, Probation, Parole, VA, Medical, FI, Therapist, CPS, CAC

Call Detail Records Analysis and Mapping (Part 1 & 2)
James Isaacs
This lab is designed for law enforcement officers handling call detail records. Due to the high expense of call detail records programs, individual departments cannot always afford the cost. This lab will teach students how to gather investigative intelligence using tools already available to law enforcement. Using tools like Microsoft Excel and Google Maps, students can quickly learn how to map cell towers, locate the geographic areas of suspects, and identify co-conspirators and significant others. Most importantly, students will build a solid foundation for working with cellular networks to strengthen delivery and level of expertise of technical data when testifying. Students will be provided sample call data records during the lab to learn specific investigative processes.
Lab Open to Law Enforcement and Prosecutors Only

Case Management and Reporting Using MS OneNote (Part 1 & 2)
Robert Benson, Jeff Bickford
In today’s era of criminal investigations, digital data is becoming ever increasingly critical in investigations. The organization of the data can be a daunting task. This presentation is designed for the professional looking to manage cases more effectively and more efficiently in a digital format. The presentation begins with an introduction to Microsoft OneNote, its capabilities and how it can be incorporated into investigations. The presenters will show how to handle large quantities of digital information and how multiple persons can collaborate on a single case. This presentation will also demonstrate how to efficiently organize information so it can be easily retrieved and presented to supervisors, prosecutors and juries. Real case examples will be shown to demonstrate how OneNote can be used by both an investigator and a forensic examiner.  
Target Audience: 
All attendees

Child Protection System (CPS) Update
William Wiltse
This hands-on lab is designed for currently licensed and experienced peer-to-peer investigators and will showcase the newest functionality built-in to the Child Protection System (CPS). Topics include the addition of BitTorrent and Chatstep data, Media Library and IRC-LE replacement via CPS Desktop integration and more. A current CPS license is not required to participate in this lab, nor will a CPS license be issued upon completion of this training.
Target Audience: Law Enforcement and Prosecutors only.

Copy Over Procedure (COP) Using Redline on Deadbox or External Files
Michael Stern
Many incident response tools are intended to be run on live machines, but the artifacts they collect are beneficial to a dead box examination as well. This hands-on block of instruction demonstrates a method for using Mandiant's Redline in a Windows Virtual Machine environment to process artifacts from a dead box image or any externally collected files.
Target Audience: Law Enforcement

Craigslist Investigations
Mike Duffey, Wayne Nichols
During this block of instruction students will be taught how to utilize Craigslist in an investigation. This includes discussing replying to and posting Craigslist Ads. Craigslist legal responses will be discussed along with using and creating story lines in your UC Persona.  
Target Audience: Law Enforcement

Create Your Own Forensics PortableApps Thumbdrive
Cynthia Gonnella
Many applications available from a PortableApps thumb drive are beneficial to the forensic examiner. From live analysis and data collection to imaging, hash analysis, and SQLite database browsing. In this lab, attendees will download and build their own working PortableApps thumb drive of forensic tools they can take with them upon departure.
Target Audience: LE, Pros, Probation, Parole

Cryptography
Gary Kessler
Cryptography is a common factor in investigations involving computers and mobile devices. Encryption is employed to protect everything from our private data or nefarious activity. More operating systems make encryption a standard part of the file system and users increasingly employ secure practices, making cryptography a bigger threat to the computer forensic examiner's ability to search a system. This lab will review basic terms and concepts, and employ examples of crypto tools, such as hash functions, AES, RC4, Pretty Good Privacy (PGP), the Encrypting File System (EFS), TrueCrypt, and mobile device encryption.
Target Audience: 
LE, Pros, Probation, Parole

Detecting and Documenting PortableApps “Ghost Surfing”
Cynthia Gonnella
This hands-on block of instruction demonstrates how criminals can use "Ghost Surfing" as a method to hide their Internet activity using Windows. Attendees are presented with a Scenario: Witnesses complain of a user downloading contraband on a library computer, but no downloaded files or Internet history are located within the dead box image collected. Instructors will walk attendees through various methods to detect and document "Ghost Surfing" using PortableApps, as well as some follow-up techniques to locate where the contraband is stored.
Target Audience: LE, Pros, Probation, Parole

Facebook: Advanced Searching and Saving Techniques (Part 1 & 2)  
Justin Fitzsimmons, Lauren Wagner
Facebook is the largest worldwide social media website and contains a substantial amount of potential investigative information. Facebook information can be searched in three separate and distinct ways. One method is to use Facebook graph search, which uses specific targeted terms that, when used correctly, can show investigative material. The instructors will demonstrate how graph search works, and explain how syntax—the structure of the search keywords and phrases—is vital to a successful search. The second method is to use URL manipulations. Once a Facebook profile has been identified, these URL manipulations can show content from this target, such as photo comments, video likes, and comparisons with friends. These URL manipulations are specific and offer information beyond what can be found simply by looking at someone's profile. The third method uses Google advanced and Boolean operators to search on Facebook in a broader sense. Constructing a good keyword string is key to ensuring that investigative material is found. The instructors will demonstrate examples of specific syntax that should be used.
Target Audience: LE, Pros, Probation, Parole

Finding the Hands-On Offender in Your Jurisdiction (Part 1 & 2)
Michael Sullivan
This lab will examine how students can identify subjects seeking to sexually exploit children using two different chat clients; Chatstep and Internet Relay Chat. The lab will demonstrate how to locate offenders from the student’s home jurisdiction. Students will learn how to create undercover personas that comply with the ICAC Standards and Guidelines. They will learn how to locate and trace the IP address and screen names in use by the subjects engaging in illegal activities. This lab will also examine the alternative methods that can be used to identify subjects who have obfuscated their IP Address.
Target Audience: LE, Pros, Probation, Parole

Hide and Seek: The “Open Source” Highway to Finding Someone (Part 1 & 2)
Tom Lane, Wesley Layton, Jeremy Wingo
The lab is aimed at today’s digital age where no one’s privacy is safe or private. In this lab you will learn the principles of open source intelligence gathering, conduct fundamental network investigation and interpretation of internet traces, including digital images, email and social networks. The presenters will show how to use open sources to your advantage in conducting intelligence gathering on a suspect or a person of interest. The internet is full of “open source” investigative tools to gather this intelligence. These tools are publicly available sources such as media, social media, public data, observation data, professional and academic, and the deep web.
Target Audience: LE, Prosecution, Probation, Parole, CPS

How Criminals Hack Wireless Networks, and Defensive Measures
Michael Stern
Open wireless networks may become the victim of wireless router hacking. Free tools are available to crack the Administration password of Wireless routers, giving attackers the ability to control a network from configuration changes to locking out the authorized users and owner. This hands-on lab demonstrates how criminals use various Windows and Linux tools to crack open wireless router admin passwords. The block concludes with a discussion of methods to secure wireless routers and IoT devices.
Target Audience: LE, Pros

Innocence Lost Database/Web Archival Tool (Part 1 & 2)
Sandra Berchtold
The new Innocence Lost Database and Web Archival Tool (ILD/WAT) is an innovative answer to a complex struggle against the constantly changing landscape of human sex trafficking investigations. At no cost to the utilizing agency, users are connected to a powerful tool offering deeply powerful analytics and the ability to connect with, contribute to, and benefit from HT investigations nationwide, effectively creating a national response to a national problem. The ILD/WAT offers an array of services similar to those often pieced together through various public and paid services, but offers enhancements and additions found nowhere else. Usable on any platform, from desktop to smart phone, the new ILD/WAT offers a long-awaited edge to analysts or investigators from any organization.
Target Audience: LE

Introduction to Chatstep for Chat and Child Pornography Investigations
Joseph Versace
Chatstep is message board allowing users to create public and private boards to communicate and share files. For some it is a place to communicate about the abuse of children and to share images and videos of the same. This lab looks at investigating Chatstep proactively, by using the data in Icaccops to isolate targets by jurisdiction. The lab will also instruct students on how to capture the evidence from Chatstep and what data is available from Chatstep.
Lab Open to Law Enforcement and Prosecutors Only

Introduction to Digital Triage with WinFE (Part 1 & 2)   
Dean Chatfield, Timothy Lott 
The Windows Forensic Environment (WinFE) is a new bootable forensic environment. WinFE does not mount the suspect’s hard drive which will allow investigators to operate in a traditional Windows environment and run their preview tools against a suspect computer. This lab and lecture will provide the attendee with the skills and software necessary to create a WinFE image which can be booted by either CD or USB device. Students will also have the opportunity to practice booting a “suspect computer” with their WinFE and run preview tools. **Note: Due to Windows licensing rules students will create their CD and USB thumb drives using a 30-day evaluation copy of Windows.  
Lab Open to Law Enforcement Only

Introduction to Macs
Mike Duffey
During this lab students will learn given an overview of the Apple computer along with leaning how to use a Apple computer. This course is intended for those who are brand new to using a Apple computer or for those who are considering purchasing one. Comparison between the Windows and Apple Operating Systems will be discussed.
Open to All Attendees

Introduction to Online Undercover Chat (Part 1 & 2)
Jesse Crowe, Jim Valley
This lab will provide an overview of basic undercover chat investigations. The presenters will discuss the tools needed to properly set up a lab and some of the related issues to be considered. Attendees will learn how to configure computers and utilize specific chat sites on the Internet. Common ways to chat to potential predators will be discussed. Time will be allowed for hands-on exercises where attendees will explore selected chat sites and use the techniques discussed.
Lab Open to Law Enforcement Only

Introduction to Open Source Digital Forensics (Part 1 & 2)  LAB
Dean Chatfield, Timothy Lott
Autopsy® is an automated environment that has the core analysis features needed by law enforcement to conduct an investigation of digital media, such as hard drives, memory cards, or mobile devices. Autopsy® has been developed by Basis Technology and an open source community. Autopsy® is available FREE of charge. Students will receive an introduction to the software and how they can utilize it during their investigations to assist with the recovery of digital evidence. Attendees should have a basic understanding of computer forensics.
Lab Open to Law Enforcement Only

Investigating P2P Networks using ePhex (Parts 1 - 4)
John Madsen, Joseph Versace
The Gnutella and G2 networks are two of the oldest Peer to Peer file sharing networks still in use today. This lab will license investigators for Roundup ePhex, an investigative tool that enables to collection of evidence of the possession and dissemination of Child Exploitation Material on these networks. The lab will also license investigators for the Icaccops portal.
Understanding IP addresses is a prerequisite of this lab.
Lab Open to Law Enforcement and Prosecutors Only
           

IP Hunting: Geo Locating a Suspect
Mat Henley, Greg Kesner  
This Lab will take you through the tools used to identify and locate users on the internet. Some of the basics of internet IP addressing and what challenges face Law enforcement will be discussed.  A number of exercises and real world examples will be demonstrated and then students will be taken through the use of each tool. The lab will culminate in an exercise that will challenge the participants to use the tools demonstrated throughout the lab to locate an IP address.
Lab Open to All Attendees

Neula: The Future of Forensics
William Wiltse
Designed for both forensic computer examiners and field investigators this hands-on lab will utilize cutting-edge technology for recovering child abuse imagery from digital devices. Revolutionary in nature, this application will locate 100% of known child exploitation imagery, even from unallocated space, and requires only minimal effort by the examiner. This translates into significant time savings for your ever-increasing forensics backlog.
Lab Open to Law Enforcement and Prosecutors Only

Online Investigative Tools
Mike Duffey, Wayne Nichols
This lab will introduce attendees to important tools needed to successfully document web based evidence. As well as what is needed to conduct proactive investigations online. A variety of tools and resources will be discussed to include:  preferred web browser, browser add-ons, saving web based evidence, preferred online search sites, the necessity of Google (including Gmail, Gmail labs and Google Images). Attendees will also learn about EXIF data viewers and EXIF data scrubbers. It is recommended that all attendees establish an undercover Gmail account prior to attending the lab (*during the setup, please make your identity OVER the age of 21).
Lab Open to Law Enforcement Only

OSForensics Triage Certification (Part 1 & 2)
Randy Gohn, Jeff Shackelford
This is a test preparation workshop and lab for the “OSForensics Triage Certification” (OSFTC). The certification was created for computer crime investigators, probation/parole officers and any other law enforcement agents who are directly charged with digital evidence triage and digital evidence collection efforts out in the field. This presentation will consist of two parts: 1) Lecture/Lab, 2) Review/Test. The course will prepare attendees to successfully pass the OSFTC certification exam which will be administered at the end of the presentation. Successful students will receive the OSFTC designation and accompanying certificate.
Lab Open to Law Enforcement Only

osTriage: Improving Workflow from the Field to the Lab and Beyond (Part 1 & 2)
Jeff Rich
This lab covers osTriage version 2, its capabilities, and how to leverage it in a multitude of ways to find relevant data faster. By getting answers to investigative questions in minutes, not months, osTriage helps move a case forward on both the investigative and prosecutorial fronts. Attendees will learn the advantages of using osTriage in a live response capacity including real time detection of encryption, user searches, device history, registry information and much more.
Lab Open to Law Enforcement Only

Project VIC Advanced Workflow and Initiatives (Part 1 & 2)
Rich Brown, Jim Cole, Johann Hofmann
In this lab, the presenters will cover advanced workflows, apps and features. They will discuss several advanced projects underway and being planned for the future. The presenters will share the latest and greatest advancements in Project VIC and how you can be involved. Lastly, they will discuss facial detection and recognition, photo matching in the absence of exif data, the Project VIC Alert System, The Project VIC-NCMEC direct connection project and more.
Forensic experience is preferred for attendees that take this lab.
Lab Open to Law Enforcement, Prosecutors, Probation and Forensic Examiners Only

Project VIC and Victim Identification Practices Using Griffeye Analyze (Part 1 & 2)
Rich Brown, Jim Cole, Johann Hofmann
We are seizing more data than ever before. In this lab you will learn how to analyze your visual data (images/videos) more efficiently using Griffeye Analyze DI (free for LE for child exploitation) in your investigative and forensic workflow. This lab will provide hands on instruction on how to sign up for Project VIC hashes, how to obtain Griffeye Analyze DI for free, how to utilize the tools to obtain workload reduction, move through your data much more efficiently and find new victims of abuse.
Forensic experience is preferred for attendees that take this lab.
Lab Open to Law Enforcement, Prosecutors, Probation and Forensic Examiners Only

Prosecutors and Social Media: Advanced Searching
Justin Fitzsimmons, Lauren Wagner
This computer lab, designed specifically for prosecutors, will explore various social networking sites and potential evidence recoverable from those sites for the use in child maltreatment cases. Participants will learn various techniques that can be used to not only identify profiles of people involved in the case, but also how to utilize the connections between people to explore more potential corroborative evidence.
Lab Open to Prosecutors Only

Protecting Network Resources: Can You Keep the Network Alive?
Cynthia Gonnella
Law enforcement networks are constantly under attack. Common cyber-attacks on law enforcement include data exfiltration, doxxing of police personally identifiable information, and extortion via ransomware. It is more important than ever to manage the cybersecurity of all State and Local computing networks and data stores. This hands-on lab uses a gaming theme to introduce attendees to network security. Come see if you can Keep the Network Alive!
Lab Open to Law Enforcement Only

Save 60% of Your Human Trafficking Investigation Time with Spotlight
Kristin Boorse, Domenick Kaufman
There are more than 200,000 escort ads posted every day in this country. Somewhere in that pile of data are children who are bought and sold online for sex. In this lab, attendees will see first-hand how Spotlight helps prioritize leads by leveraging machine learning algorithms and utilizes link analysis tools show connections of disparate data sources to help law enforcement understand the historical and geographical reach of a victim’s trafficking situation. Attendees will see how Spotlight is used during the investigation process, case study from the field and hands on exercises using the application. Spotlight is offered free of charge to law enforcement and can help reduce human trafficking investigations by 60%. There are more than 4,000 users across more than 1,000 federal, state and local agencies that rely on Spotlight as their primary human trafficking application.
Lab Open to Law Enforcement Only 


SEARCH.org Investigative Resources LAB
Dean Chatfield, Timothy Lott
SEARCH has offered technology-driven solutions to the law enforcement community for over 40 years. This lab session will explore the cutting-edge services and products SEARCH uses to aid investigators in crimes with digital evidence. These resources also provide guidance on utilizing technology to corroborate evidence in traditional crimes. Topics include the new SEARCH add-on (a replacement for the SEARCH Investigative Toolbar), available for Firefox, Chrome, and Safari; The SEARCH Internet Service Provider (ISP) List to find legal contacts for investigative purposes; technology guides that cover current investigative trends; and our online video presentation series, webinar offerings and podcast series.
Lab Open to Law Enforcement, Prosecutors, Probation and Parole Only

Shodan: How Criminals Locate Victim IoT Devices on the Internet
Cynthia Gonnella
The Internet has exploded with Internet of Things (IoT) devices, but are they secure? Security is often overlooked by users, but not by the criminal minds of cyber attackers. SHODAN is one commonly used tool to detect vulnerable IoT devices such as baby monitors, web cams, red light cameras, surveillance videos, TVs, network routers, printers, power plants, and water treatment plants, plus more. In this hands-on lab attendees will use the SHODAN web site to discover insecure web cams, network servers, routers, and a host of IoT devices, followed by a discussion of defensives measures to secure IoT devices.
Target Audience: LE, Prosecution, Probation, Parole

Smartphones & the Apps that Rule Them
Shannon Gomez, Amber Schroader
Smartphones are more than just messages and phone calls, they are the Apps that rule their data. It is important to understand that many users have moved to third party Apps to be able to attempt to hide data from potential investigations. In a sea of millions of Apps it is important to learn how to find the App and then view the data in a parsed and unparsed form, that is what you will learn by attending this lab.
Target Audience: 
LE, Pros, Probation, Parole

Social Media: Advanced Searches & Investigative Techniques
Ben Lewis, Michael Stern
Participants will learn to use some of the most popular investigative tools for searching social media. A wide variety of tools are presented with hands on exercises using online resources readily available after leaving the class. A demo of iThreat Cyber Group’s Cybertoolbelt will be included.
Target Audience: LE, Pros, Probation, Parole

Social Media: Internet Documentation Tools
Ben Lewis, Michael Stern
Participants will use NW3C’s investigative tool, PerpHound™ for use in extracting and documenting EXIF metadata embedded in digital camera files and plotting the geotag information to show where the picture was taken. Participants will also learn about screen capturing, video capturing, web site crawling, and other Internet documentation techniques. Attendees receive a trial version of PerpHound™ on a 4GB thumb drive.
Target Audience: LE, Pros, Probation, Parole

TCP/IP Protocols and Analysis (Part 1 & 2)
Gary Kessler
The Transmission Control Protocol/Internet Protocol (TCP/IP) suite is the basis for all communication on the Internet and, of course, the primary vector for cybercrimes. An increasing number of investigations require that the digital forensics analyst understand the operation of the protocols comprising the TCP/IP protocol suite as well as the tools that can be used to capture network traffic and analyze the contents of the packets. This lab will delve into the operation of the TCP/IP communication protocols (e.g., IP, TCP, UDP, and ICMP) and application protocols (e.g., FTP, SMTP, POP, DNS, and HTTP). The use of WireShark will also be discussed and presented. Hands-on exercises will be used to reinforce the lecture topics, including analysis of abnormal traffic.
Target Audience:
LE

Tech Tools for Prosecutors  
Justin Fitzsimmons, Lauren Wagner
This computer lab, designed specifically for prosecutors, will introduce software and methodologies that can be used by prosecutors. Topics will include Firefox add-ons, such as Video Downloadhelper (to save videos from YouTube and other websites), and Screengrab (to save or copy websites). Also included will be Google searching techniques (Boolean operators) to make searching for information much for efficient and reliable. Google advanced operators, such as site: (to search only particular websites) and file type: (to search only particular file types), as well as Google services such as Images (to search only images as well as reverse image searching techniques) and Scholar (to search only legal journals) will also be covered. Also in Google we will talk about all the data saved that can be viewed in 'Dashboard' and 'My Activity'. Other software that will be introduced includes: Jing (screenshot and screencast software), VLC (for playing movies), Irfanview (for viewing images), and Audacity (for audio editing).
Lab Open to Prosecutors Only

Tracing IP Addresses
Gary Kessler
This lab will cover tracing IP addresses and other source data on the Internet. Investigations in cyberspace -- whether taking a detailed look at electronic mail or social networks, or just examining server log entries -- often require that an investigator understand the basics of Internet Protocol (IP) addresses and Internet domains, including finding who owns an IP address, who owns a domain name, and, most importantly, who pays for a domain name. There are a plethora of tools available for the investigation of cybercrimes and this session will discuss many of these tools and how they work.
Target Audience: 
LE, Pros, Probation, Parole

Twitter Investigations
Dean Chatfield, Lauren Wagner
Twitter has quickly become the go-to medium for today's instant communication, proven by the fact that there are 5,000 tweets per second. In this hands-on computer lab, Twitter searching will be introduced to allow searching for Twitter profiles, tweet keywords and hashtags, tweets within a particular date range, and even searching for tweets from a particular latitude and longitude. These Twitter searching techniques will include both standard and hidden Boolean operators, ensuring that investigators have access to the best possible evidence.

Lab Open to Law Enforcement Only 

Undercover Communications Tools (Part 1 & 2)
Mike Duffey, Wayne Nichols
During this lab, students will be taught how to use multiple platforms for communicating and sms messaging with suspects. This includes Text now, Sidline, Google voice, Callyo. Also discussed will be the exporting of this information along with the pro’s and con’s of each. Students will need be required to either create a new UC email account or use an existing UC email account.
Lab Open to Law Enforcement Only

Using the Internet to Gather Open Source Information (Part 1 & 2)
John Madsen, Joseph Versace
This lab will present tools and techniques for the collection, preservation and presentation of open source material gathered through Internet investigations. Students will get hands on experience working with different browsers and browser extensions and leave with a collection of tools that will support their open source intelligence gathering.
Lab Open to Law Enforcement and Prosecutors Only

Using NOX Emulator
Michael Sullivan
Students will learn how to install and use NOX emulator so they can use a computer in place of a smartphone. Students will create accounts for use on NOX, Gmail, and then visit the Play Store to install the applications KIK, Grindr and Fake GPS. Using these APPS the students will see how the computer now mirrors the use of a smartphone and allows the investigator to geo-locate to their home jurisdiction.

Lab Open to Law Enforcement Only 

Using Google in Your Investigations (Part 1 & 2)
Nirupa Calvin, Denise Smith, Cathy McGoff
This two part hands-on lab will give investigators insight and valuable tips to conduct online investigations. The instructors will review case studies, investigative techniques and tools using many of Google’s services (Search, Image Search, Google Account, Gmail, YouTube, Wallet etc.) that can be used to supplement your current investigative process. Get ready to learn by doing!
Presenters suggest that it would be helpful to have a Google account if attending this lab. 
Lab Open to Law Enforcement Only