Computer Technology Investigators Northwest

Quarterly Training

 

CTIN 2018 2nd Quarter Training
March 13, 2018 – 11:45 am – 2:45 pm

Get a jump on spring time by attending CTIN’s quarterly training on Powershell and Incident Response by Jim Clark. If you are not familiar with Jim, here is his LinkedIn profile: https://www.linkedin.com/in/clarkjim

“Powershell and Incident Response”

Learn how Powershell can be used to automate the collection and analysis of data useful for Incident Response. This three hour presentation will be equally divided between these main topics:

    1. What is Powershell and where can it be used? What are the basic commands and some forensic one-liners that Incident Responders can immediately put to use.
    2. What is Windows Management Instrumentation (WMI) and how is it used by Powershell to collect data on local and remote systems? See WMI in use with Powershell to quickly and easily collect a wide variety of system info on any target computer to include environmental info, processes, services, event logs, network connections and shares, installed software and drivers, users/groups, and more. 
    3. How can data collection and analysis be automated across multiple computers? Learn to use Kansa, a modular incident response framework written in Powershell, and see how it can be integrated with Rekall to automate memory forensics across the domain.

By the end of the presentation you will understand how Powershell can be used to collect and analyze data on one computer or thousands and be able to implement the tools and techniques most suited for your environment.

Please RSVP to admin@ctin.org if you can attend.  

 

Stillaguamish Public Meeting Room #2

Drewel Building
3000 Rockefeller Ave
Everett, WA 98201 

 

As previously advised, we are holding the quarterly training sessions in different geographical locations to accommodate everybody.  If you want to attend and are interested in carpooling from the Seattle area, please include that in your RSVP.

 

For more information visit https://ctin.org/training/

 

 —————— Previous Training ————————–

CTIN TRAINING  – January 9, 2018

Start the year off right by attending CTIN’s quarterly training on network security and other DF/IR issues provided by Sunia Lauliele.  If you are not familiar with Sunia here is his LinkedIn profile.
 
We have not finalized the entire agenda yet, but it will be an in-depth discussion about current security concerns and incident response.  
 
Please RSVP to admin@ctin.org if you can attend.  
 
CTIN 2018 1st Quarter Training
January 9, 2018 – 10 am – 2 pm
Washington State Auditor’s Office

As previously advised, we are holding the quarterly training sessions in different geographical locations to accommodate everybody.  If you want to attend and are interested in carpooling from the Seattle area, please include that in your RSVP.

 

 

November 14th, 2017   WA CJTC Academy

19010 1st Ave S, Normandy Park, WA 98148

Griffeye Analyze Demonstration.

Griffeye Analyze is a popular tool used by investigators of the sexual exploitation of children to dramatically speed their examination workflow and reduce the amount of time personally exposed to disturbing media.

In this CTIN training session, Randy Kyburz, a Detective with the Seattle Police Department and the WA State ICAC Task Force, will walk through some of the capabilities of the software and how he uses it in the course of his examinations. This presentation is open to all CTIN members and will not contain any criminal investigation content.

The WCJTC Academy has free parking lots in front of the building. Enter through the main doors. Our room is east of the auditorium, adjacent to the lunch tables between the cafeteria and the auditorium’s east doors. The cafeteria opens for lunch at 1130 if you are interested in grabbing a bite before the session or you may bring it or your own lunch in with you.

July 11, 2017  Redmond Police Department

8701 160th Avenue NE | Redmond, WA 98052

Schedule

09:00 -11:30                Triage for Mobile Devices (basic)

11:30 – 12:30             Lunch — informal question/answer period

12:30 – 2:00                SQLite wizard, getting data from unsupported apps (advanced)

 

All training is hands on.  Cellebrite is providing equipment for use, and we have a variety of mobile devices to work with.

Presenter:  Ronen Engler

 

Bring your lunch or pick up something at one of the many nearby restaurants!