Network Investigation and Digital Triage

Computer networks are now commonplace as businesses and home users discover the advantages and conveniences they offer. Wireless networking technologies have further increased the popularity of networks, given the relative ease of setting up wireless networks and the lower equipment and maintenance costs. This trend has resulted in a flood of new software and hardware products aimed at further expanding network usage beyond simple file- and Internet-sharing. These products include remote storage solutions, dedicated print servers, multimedia stations, VoIP (Voice Over Internet Protocol) communications, monitoring / surveillance cameras, and more. Unfortunately, implementing wireless technologies also poses significant security threats that can be, and have been, exploited for criminal acts.

Furthermore, any type of networking technology, wired or wireless, and the increasing complexity of computer technology in general, presents additional challenges to law enforcement investigators who attempt to search and seize evidence of a crime.

For example, volatile data stored in a computer’s Random Access Memory (RAM) is valuable—but the data are permanently lost when a computer is powered down. It is imperative that law enforcement understand this risk, but also learn that techniques are available to collect this RAM while the computer is still running. In addition, investigators must take steps to ensure that the computer is not running encryption. If the machine is powered off and the drive or files of evidentiary value are encrypted, it will be nearly impossible to access those files later.

This course immerses law enforcement into wired and wireless networks, several types of networking devices, and the complexities they can create for an investigation and resulting search and seizure of evidence.

What you will learn
Attendees will become familiar with common SOHO (Small Office / Home Office) technologies and typical configurations. Attendees will learn methods for detecting wireless networks and equipment, identifying components of a network, and preserving volatile data. Attendees will also learn techniques on how to collect the RAM from a running computer and how to conduct an on-site preview to gather evidence.

They will also learn about:

Wired and Wireless SOHO Networking
Network Storage Devices
Wireless Video Equipment
Investigative Tools for Detecting Wireless Devices
The Wireless Raid
Collecting Volatile Data
Searching the Wireless Crime Scene
Conducting on-site previews
And more! See course overview

Who should attend
This 3-day class is targeted at the experienced high-tech crime investigator. The investigator attending this course should have a background in online investigations and understand and have experience with the basic computer crime scene. This course is not a computer forensic course but an advanced high-tech crime scene investigation course.

Prerequisites
You must work for a law enforcement agency and must already understand the process of IP address tracing, be familiar with the concept of private IP addresses, and possess proficient Windows skills in installing software, browsing the Internet, manipulating application windows on the desktop, and have good keyboard and mouse skills. Beneficial (but not required) skills include a basic understanding of NAT (Network Address Translation), DHCP (Dynamic Host Configuration Protocol), and network configuration, as well as some experience with Knoppix and/or Linux.

One of the primary missions of SEARCH is to provide cutting-edge High Technology Crime Investigation training to law enforcement officers nationwide. Check the SEARCH Web site for more details.

Questions?
Contact Diane Chin at SEARCH at (916) 392-2550, ext. 244 (Monday-Friday, 8 a.m.-5 p.m. PT) or email diane@search.org.

Date(s):
Check the Course Calendar

Length/Time:
3 days, 8 a.m.-5 p.m. daily

Fee:
None