Computer Technology Investigators Northwest

Quarterly Training

 

June 2018 Training and General Membership Meeting

CTIN Members – Reminder of our General Membership meeting scheduled at 8:00pm on Wednesday, June 6, 2018, at the Washington Criminal Justice Training Center in Burien.  

We will start with a brief introduction of all members and board members followed by a demonstration of Washington’s ICAC electronic storage detection dog and the work he is doing to protect children.  This demonstration will be provided by Det. Ian Polhemus and more information is available https://www.techrepublic.com/article/electronics-sniffing-dogs-how-k9s-became-a-secret-weapon-for-solving-high-tech-crimes/.

There will also be additional lightning topics that will be shared, but unfortunately we have had to reschedule the hands on Cellebrite training that we had hoped to provide.  Stay tuned for the rescheduled date for that training.    

Please join us on June 6 at 8:30 am for some great training and to help elect your CTIN Board members for the upcoming year.  

 

—————— Previous Training ————————–

CTIN 2018 3nd Quarter Training
March 13, 2018 – 11:45 am – 2:45 pm

Get a jump on spring time by attending CTIN’s quarterly training on Powershell and Incident Response by Jim Clark. If you are not familiar with Jim, here is his LinkedIn profile: https://www.linkedin.com/in/clarkjim

“Powershell and Incident Response”

Learn how Powershell can be used to automate the collection and analysis of data useful for Incident Response. This three hour presentation will be equally divided between these main topics:

1. What is Powershell and where can it be used? What are the basic commands and some forensic one-liners that Incident Responders can immediately put to use.
2. What is Windows Management Instrumentation (WMI) and how is it used by Powershell to collect data on local and remote systems? See WMI in use with Powershell to quickly and easily collect a wide variety of system info on any target computer to include environmental info, processes, services, event logs, network connections and shares, installed software and drivers, users/groups, and more.
3. How can data collection and analysis be automated across multiple computers? Learn to use Kansa, a modular incident response framework written in Powershell, and see how it can be integrated with Rekall to automate memory forensics across the domain.

By the end of the presentation you will understand how Powershell can be used to collect and analyze data on one computer or thousands and be able to implement the tools and techniques most suited for your environment.

Please RSVP to admin@ctin.org if you can attend.  

 

Stillaguamish Public Meeting Room #2

Drewel Building
3000 Rockefeller Ave
Everett, WA 98201

 

As previously advised, we are holding the quarterly training sessions in different geographical locations to accommodate everybody.  If you want to attend and are interested in carpooling from the Seattle area, please include that in your RSVP.

 

For more information visit https://ctin.org/training/

CTIN TRAINING  – January 9, 2018

Start the year off right by attending CTIN’s quarterly training on network security and other DF/IR issues provided by Sunia Lauliele.  If you are not familiar with Sunia here is his LinkedIn profile.
 
We have not finalized the entire agenda yet, but it will be an in-depth discussion about current security concerns and incident response.  
 
Please RSVP to admin@ctin.org if you can attend.  
 
CTIN 2018 1st Quarter Training
January 9, 2018 – 10 am – 2 pm
Washington State Auditor’s Office

As previously advised, we are holding the quarterly training sessions in different geographical locations to accommodate everybody.  If you want to attend and are interested in carpooling from the Seattle area, please include that in your RSVP.

 

 

November 14th, 2017   WA CJTC Academy

19010 1st Ave S, Normandy Park, WA 98148

Griffeye Analyze Demonstration.

Griffeye Analyze is a popular tool used by investigators of the sexual exploitation of children to dramatically speed their examination workflow and reduce the amount of time personally exposed to disturbing media.

In this CTIN training session, Randy Kyburz, a Detective with the Seattle Police Department and the WA State ICAC Task Force, will walk through some of the capabilities of the software and how he uses it in the course of his examinations. This presentation is open to all CTIN members and will not contain any criminal investigation content.

The WCJTC Academy has free parking lots in front of the building. Enter through the main doors. Our room is east of the auditorium, adjacent to the lunch tables between the cafeteria and the auditorium’s east doors. The cafeteria opens for lunch at 1130 if you are interested in grabbing a bite before the session or you may bring it or your own lunch in with you.

July 11, 2017  Redmond Police Department

8701 160th Avenue NE | Redmond, WA 98052

Schedule

09:00 -11:30                Triage for Mobile Devices (basic)

11:30 – 12:30             Lunch — informal question/answer period

12:30 – 2:00                SQLite wizard, getting data from unsupported apps (advanced)

 

All training is hands on.  Cellebrite is providing equipment for use, and we have a variety of mobile devices to work with.

Presenter:  Ronen Engler

 

Bring your lunch or pick up something at one of the many nearby restaurants!