Continuing Legal Education Society of BC: “Computer Forensics”
Paul Pearson: Faculty, Course Chair; Michael Mulligan: Faculty, Course Chair
Full day course instructed lawyers on an introduction to computer forensic concepts, examination techniques, as well as practical and legal issues.
Date: June 2011
Continuing Legal Education Society of BC: “Criminal Law: Special Issues”
Michael Mulligan: Faculty, Paul Pearson: Faculty
Mr. Mulligan and Mr. Pearson conducted the “Police use of computer forensics: an introduction for lawyers” session at a multi-topic CLE
Date: February 2011
CBA Criminal Section: Vancouver: “Introduction to Computer Forensics”
Michael Mulligan and Paul Pearson, presenters
Two hour session introduced criminal practicioners to computer forensic concepts and special criminal law considerations.
Date: Sept, 2010
CBA Criminal Section: Victoria: “Introduction to Computer Forensics”
Michael Mulligan and Paul Pearson, presenters
Two hour session introduced criminal practicioners in Victoria to computer forensic concepts and special criminal law considerations.
Date: June 2010
Training taken:
Neutrino – Mobile Phone Forensics – Los Angeles California
overview of mobile phone networks
how to identify mobile phones
how to work with various service providers
proper seizure techniques
a detailed understanding of all components that make up EnCase Neutrino
acquire data from mobile phones
acquire and examine SIM cards
examine the data that they have acquired
learn how to create logical evidence files with EnCase Neutrino
an overview of mobile phone data storage
how to use conditiona in EnCase Neutrino
how to report their findings
Advanced Internet Examinations – Washington DC
the history, operation and artifacts associated with peer-to-peer file-sharing applications such as BitTorrent™, LimeWire™ and BearShare.
the impact of Trojan viruses through examination of:
Defense issues
The Windows® Registry
Hash analysis
Anti-virus scanning and virus analysis using the EnCase® Virtual File System (VFS) Module and the EnCase® Physical Disk Emulator (PDE) Module
how to examine system monitors and key loggers
how to identify artifacts from instant message clients such as AOL® IM (AIM®) and Yahoo! ® Messenger
the operation of the Microsoft® Internet Explorer web browser with regards to typed URLs, password and form-data storage, cookies, Internet history and cache content
how web pages are constructed and will use this information, together with their new-found knowledge of cached Internet Explorer web content, to correctly rebuild web pages
artifacts introduced with Microsoft® Internet Explorer 7
the operation of web search engines
web-based email
Microsoft® Outlook PST structure and about viewing Lotus® Notes email data
the history, operation and artifacts associated with Mozilla-based web browsers (including Firefox)
Network Intrusion Investigations training – London England
The hacker mind and methodology
Common tool knowledge and hash sets
Incident response techniques and considerations
Understanding and processing volatile data
Networking 101
Network-based attacks
Network hardware devices
Firewall
TCP/IP overview
Core protocols and layering
Host enumeration and port and vulnerability scanning
Windows® file sharing and vulnerabilities
Hiding and manipulating data
Web server attacks
Remote access Trojans
Internet Relay Chat (IRC) bots
Windows rootkits
Buffer overflows
DCOM vulnerabilities
The Metasploit framework
SQL database attacks
Binary analysis
Advanced Computer Forensics training – Los Angeles California
Analysis of NT File System (NTFS) artifacts in Windows operating systems
Advanced NTFS data recovery
Examination of the Microsoft Windows Registry
Analysis and recovery of Microsoft Windows event log files
Hardware and software RAID technology, acquisition and examination
Principles of encrypted data recovery
Understanding and examining Windows BitLocker™ volumes
Linux and UNIX operating and file system artifacts
Linux partition recovery
Data acquisition using Linux
Understanding and examination of Macintosh disk and file system structure
Forensic examination of Macintosh computers
Macintosh OS X® operating system artifacts
Reinforcement of the EnCase® computer forensic methodology
Introduction to EnScript programming
Computer Forensics II training – Chicago Illinois
How to create and use of logical evidence files
How to locate and recover deleted partitions and folders
How to conduct keyword searches and advanced searches using GREP
Students will gain an understanding of the EnCase Virtual File System (VFS) and Physical Disk Emulator (PDE)
Students will learn about the Windows® Registry
Students will learn how to deal with compound file types
How to export files, directories and entire volumes
How to identify files using hash values and building hash libraries
How to identify Windows XP operating system artifacts such as link files, recycle bin, and user folders
How to prepare reports and evidence for presentation in court
How to recover artifacts such as swap files, file slack, and spooler files
How to recover printed and faxed pages
Computer Forensics I training – Houston Texas
What constitutes digital evidence and how computers work
An overview of the EnCase Computer Forensic Methodology
Basic structures of the FAT and NTFS file systems
How to create a case and how to preview/acquire media
How to conduct basic keyword searches
How to analyze file signatures and view files
How to restore evidence
How to archive files and data created through the analysis process