General Course Description

 

 Advanced Internet Forensics Using Internet Examiner®


 Advanced Internet Forensics Using Internet Examiner®

 

This 3-Day instructor-led training course explores the probative sources of Internet artifacts using our leading Internet Examiner software.  Topics cover discovery, analysis and reporting techniques for Internet browser history, cache mapping systems, rebuilding web pages, picture and movie analysis, peer-to-peer, mobile device data, Internet chat and email.

Attendees can also choose to write the Internet Examiner Certification (IECE) exam on Day 3 for no additional cost.


TOPICS TO BE COVERED

The following is a list of the features that will be covered in detail during this 3-day course:
  1. DECODING. Decode and interpret the complex mapping systems for all five browsers with a special focus on the cryptic formats used by Firefox and Google Chrome.

  2. HTML/JAVSCRIPT. Explore Hypertext Markup Language with the interest of understanding how web pages and embedded javascript code operate in the context of web page analysis.

  3. REBUILDING. Rebuild web pages so they appear exactly as they were originally viewed. This includes understanding "how" this is done and how CacheBack's built-in auditing is reported.

  4. PICTURE ANALYSIS. Students will import pictures from a local disk and use Internet Examiner to quickly categorize and report on the evidence. The Photograph Aspect Ratio Differential (PARD) system will reveal how students can "dramatically" decrease the amount of time to investigate photograph related evidence.

  5. MOVIE ANALYSIS. Use Internet Examiner's built-in movie file viewer to examine the following file formats: .3GP, .3G2, .AVI, .WMV, .FLV, .MOV, .MPG and .VOB. Students will also learn how to split movies into frames (thumbnails) for storyboard reporting and seek-to-time indexing.

  6. QUERIES. How to build custom queries using the new step-by-step Query Builder engine and save them for future use.

  7. FILTERS. How to use Bookmark Queries, Exclude Queries and Quarantine Queries to expedite analysis of thousands of database records. Students will also be shown how Bookmark Queries can be used to dramatically reduce the amount of time required to categorize picture evidence (as is the case in many CP type cases).

  8. GALLERY. How to use the built-in Gallery to view thumbnails of both HTML content and pictures, all within the same viewing space.

  9. INTERNET EXTRACTOR (NetX Triage). Students will enjoy creating custom command line search queries with NetX, SiQuest's new internet evidence discovery tool. This is an informative module that will help attendees master the ability of carving data from Unallocated Space. This session teaches students how to design proper and effective GREP Expressions for keyword searches.

  10. TIME ZONES. Univeral Coordinated Time (UTC) will be covered with an emphasis on how Internet Examiner reports Daylight Savings accurately and independently of the examiner's workstation. This is an important section that will also highlight a major issue with (an) other history analysis tool(s) which report(s) timestamps inaccurately in common situations. This section is invaluable for court testimony and multi-jurisdictional investigations.

  11. MORE QUERIES. The use of filters and creating compound queries is an advanced topic that will be explored in detail on Day 3.

  12. ADVANCED QUERIES. Students will learn how to interpret and write their own queries using Microsoft Structed Query Language. This particular section will provide new skills that can be ported to other programs (eg: Microsoft Access).

  13. REPORTING. Students learn how to create a variety of rich, HTML based reports such as Time Charts, Snapshot (thumbnail) Reports, History Reports and rebuilt Instant Messaging Chat Reports.

  14. PUBLISHING. The reporting section will also cover Internet Examiner's Publishing option to provide effective and quick disclosure of any report.

 

Internet Examiner® 1-Day Bootcamp


 

Internet Examiner® - 1-Day Bootcamp

This is a one-day course designed to provide attendees with a strong understanding of the most commonly used features of our Internet Examiner software.  This course tends to follow Day 2 of our 3-day Advanced Internet Forensics course.