Computer Technology Investigators Network

Quarterly Training

 

Video from: CTIN 2021 1st Quarter Training
March 18, 2021 – 11:30 am – 12:30 pm

 

 

CTIN 2021 1st Quarter Training
March 18, 2021 – 11:30 am – 12:30 pm

Can’t travel for training? Let virtual training travel to you by attending CTIN’s quarterly training on Automating Collections with KAPE by Jim Clark and earn 1 CPE hour.

If you are not familiar with Jim (also CTIN’s Secretary), here is his LinkedIn profile: https://www.linkedin.com/in/clarkjim

“Automating Collections with KAPE”

Learn how KAPE can speed up targeted triage collections and/or automate the processing of collection data using modules. This one hour presentation will be equally divided between these main topics:

1. What is KAPE (Kroll Artifact Parser and Extractor)? How is KAPE used in different collection scenarios? Learn to use GKAPE (the GUI) and how it is used with the command line executable kape.exe for scripting and task scheduling.
2. What are targets and how are they used to select files and directories? Learn the steps to create targets customized for your environment.
3. What are modules and how do they process the collected target data? Learn how modules are executed and the steps to create your own custom modules.

By the end of the presentation you will understand how KAPE can be used to create your own custom triage collections and then automate the processing of the data to quickly build timelines and leads for analysts to begin investigating.

Please RSVP to secretary@ctin.org if you can attend to receive a Zoom invitation.

 

———— Previous Training —————–

Ist Quarter Training – 2020

 Mac Forensics – Brandon Kolp will share his knowledge and experience on imaging and analyzing Macs including overcoming imaging problems with APFS, the differences between Recon Lab and Macquisition/Blacklight and other options for obtaining data not parsed by either of these programs.
 
Location – Washington State Criminal Justice Center, Room C113
Date/time – March 3, 2020 11 am – 1 pm
 

2nd Quarter Training – 2020

Spy Camera Forensics – Randall Karstetter will share his knowledge and experience regarding spy cameras.
Date and location – TBD
 
 
 
 
 
 
 

2019 December 3, 2019

Imaging in AWS – Sara Perrott from BECU will share her knowledge and experience in dealing with the various flavors of AWS and the imaging options.
Location – BECU, 12770 Gateway Dr S, Room 210, Tukwila, WA 98168

 

 

 

 

 

 

 

June 2018 Training and General Membership Meeting

CTIN Members – Reminder of our General Membership meeting scheduled at 8:00pm on Wednesday, June 6, 2018, at the Washington Criminal Justice Training Center in Burien.  

We will start with a brief introduction of all members and board members followed by a demonstration of Washington’s ICAC electronic storage detection dog and the work he is doing to protect children.  This demonstration will be provided by Det. Ian Polhemus and more information is available https://www.techrepublic.com/article/electronics-sniffing-dogs-how-k9s-became-a-secret-weapon-for-solving-high-tech-crimes/.

There will also be additional lightning topics that will be shared, but unfortunately we have had to reschedule the hands on Cellebrite training that we had hoped to provide.  Stay tuned for the rescheduled date for that training.    

Please join us on June 6 at 8:30 am for some great training and to help elect your CTIN Board members for the upcoming year.  

 

CTIN 2018 3nd Quarter Training
March 13, 2018 – 11:45 am – 2:45 pm

Get a jump on spring time by attending CTIN’s quarterly training on Powershell and Incident Response by Jim Clark. If you are not familiar with Jim, here is his LinkedIn profile: https://www.linkedin.com/in/clarkjim

“Powershell and Incident Response”

Learn how Powershell can be used to automate the collection and analysis of data useful for Incident Response. This three hour presentation will be equally divided between these main topics:

1. What is Powershell and where can it be used? What are the basic commands and some forensic one-liners that Incident Responders can immediately put to use.
2. What is Windows Management Instrumentation (WMI) and how is it used by Powershell to collect data on local and remote systems? See WMI in use with Powershell to quickly and easily collect a wide variety of system info on any target computer to include environmental info, processes, services, event logs, network connections and shares, installed software and drivers, users/groups, and more.
3. How can data collection and analysis be automated across multiple computers? Learn to use Kansa, a modular incident response framework written in Powershell, and see how it can be integrated with Rekall to automate memory forensics across the domain.

By the end of the presentation you will understand how Powershell can be used to collect and analyze data on one computer or thousands and be able to implement the tools and techniques most suited for your environment.

Please RSVP to admin@ctin.org if you can attend.  

 

Stillaguamish Public Meeting Room #2

Drewel Building
3000 Rockefeller Ave
Everett, WA 98201

 

As previously advised, we are holding the quarterly training sessions in different geographical locations to accommodate everybody.  If you want to attend and are interested in carpooling from the Seattle area, please include that in your RSVP.

 

For more information visit https://ctin.org/training/

CTIN TRAINING  – January 9, 2018

Start the year off right by attending CTIN’s quarterly training on network security and other DF/IR issues provided by Sunia Lauliele.  If you are not familiar with Sunia here is his LinkedIn profile.
 
We have not finalized the entire agenda yet, but it will be an in-depth discussion about current security concerns and incident response.  
 
Please RSVP to admin@ctin.org if you can attend.  
 
CTIN 2018 1st Quarter Training
January 9, 2018 – 10 am – 2 pm
Washington State Auditor’s Office

As previously advised, we are holding the quarterly training sessions in different geographical locations to accommodate everybody.  If you want to attend and are interested in carpooling from the Seattle area, please include that in your RSVP.

 

 

November 14th, 2017   WA CJTC Academy

19010 1st Ave S, Normandy Park, WA 98148

Griffeye Analyze Demonstration.

Griffeye Analyze is a popular tool used by investigators of the sexual exploitation of children to dramatically speed their examination workflow and reduce the amount of time personally exposed to disturbing media.

In this CTIN training session, Randy Kyburz, a Detective with the Seattle Police Department and the WA State ICAC Task Force, will walk through some of the capabilities of the software and how he uses it in the course of his examinations. This presentation is open to all CTIN members and will not contain any criminal investigation content.

The WCJTC Academy has free parking lots in front of the building. Enter through the main doors. Our room is east of the auditorium, adjacent to the lunch tables between the cafeteria and the auditorium’s east doors. The cafeteria opens for lunch at 1130 if you are interested in grabbing a bite before the session or you may bring it or your own lunch in with you.

 

July 11, 2017  Redmond Police Department

8701 160th Avenue NE | Redmond, WA 98052

Schedule

09:00 -11:30                Triage for Mobile Devices (basic)

11:30 – 12:30             Lunch — informal question/answer period

12:30 – 2:00                SQLite wizard, getting data from unsupported apps (advanced)

 

All training is hands on.  Cellebrite is providing equipment for use, and we have a variety of mobile devices to work with.

Presenter:  Ronen Engler

 

Bring your lunch or pick up something at one of the many nearby restaurants!