5 day course contents
All-inclusive prices - As of Jan 2020
5-day course. Full course, full content, full practicals
Europe: €7500 / £6300 GBP*.
Rest of world: US$10300 / CA$13500 / £7700*
3-day course – Same content. More theory but less practicals than the 5-day due to time restrictions
Europe: €5350 / £4500 GBP*.
Rest of world: US$7200 / CA$9500 / £5500*
You provide the classroom, computers, broadband and upto 30 delegates, I provide the training. Simple.
Please note this is a one off cost - not per delegate.
* Price quoted includes training delivery, expenses, Travel, hotel, certificates, USBs and documents. No hidden costs
Open source investigation is not a simple task anymore. Threat actors and criminals have become more sophisticated and cunning in their online presence. The result of this is the practice of OSINT gathering has become a fine art and skill. This course will enable the delegate to stay ahead of the curve.
The course is intended for the internet cybercrime investigator and researcher, in order to take them from the basic researcher who understands the basics of internet investigation, to advanced open source researcher, able and proficient in providing high quality reports and evidence relating to online investigations and intelligence.
An investigator with 36 years experience talking and training investigators on their level
Numerous practicals throughout to track suspects and build up analysis of digital footprint
Hands on live tracking and deep web searching
Best professional practice re digital hygiene and evidence gathering
Online Legend and persona building and use
FREE Exclusive access to online data base of 200+ OSINT tools
FREE Exclusive access to online practical advice, and tutorials
FREE included OSINT software for you to take away and keep
FREE USB with 1000+ OSINT tools links, glossaries, and OSINT manuals
FREE Email support and advice post course.
About the Course
The workshop and masterclass, held over 5 days, covers the very best up to date methods and tradecraft to equip the modern day cyber investigator with all the latest cutting edge tools and proactive investigation methodology. The content of this unique course not offered anywhere else. The course material is supported by real world examples and incidents. This is not a general lecture course. This course will provide the student with the understanding of how to accomplish effective investigation of OSINT and Darknet investigations. The course will allow Law enforcement to step up their investigative skills to meet the new challenges offered by Internet investigations the anonymity of the Darknet..This is an advanced level course presented from an investigators point of view. Those with a non-technical background will also benefit from the material presented. The course is strictly restricted to Government and police as it contains new and innovative methodology and techniques.
There is no pre requisite knowledge or skills required to attend and successfully complete this course, other than the ability to use search engines on a PC. Delegates will be expected to bring a laptop with them to use. Attendees will download free and have included software during the course which they can take away with them and use post- course, in the fight to combat online criminality.
The course has an emphasis on practicals throughout online, and off line, where the student can practice and be proficient in the practice of open source researcher. Every session during the three days will have practical exercises throughout.
Delegates will Also be provided with a USB at the end of the course with 1000 tools, documents and course notes which they will be able to keep as an aide memoire. Exclusive access to tutorials online and a library of 200+ tools, to practice and continue the methods taught on the course, when back in the workplace.
Certificates will be awarded at the conclusion of the course for all delegates, which will enhance their career development and career goals for the future.
Key areas covered
Online profile interrogation and building.
Social network data harvesting.
Searching for data in the deep web
OSINT tool use and practicals
Live tracking and monitoring
Best practice in intelligence and evidence gathering
Search techniques and awareness.
Pro active and innovative techniques
Understanding social engineering and using it against targets.
The course is designed to take the student through the full spectrum of topics necessary to be an effective Cyber Internet investigator. Whether it’s chasing cryptocurrencies, tracking paedophiles through keywords or images, or simply finding deep buried and historic data on your target, on the Darknet or the open web, this is the course for you. From network exploration and how we all leave digital footprints, to device tracking and bitcoin analysis, The course focusses on all online offenders and organised criminal gangs from financial criminal behaviour to offenders against children.
The course also covers in detail, tracking and tracing images, Exif and meta-data, and live internet searches. The foray into the Darknet includes everything you need to know about anonymous networks their use, finding targets and tracing data on hidden networks. What cryptocurrency is and how it facilitates crime on the Darknet and how law enforcement can trace and analyse transactions.
The modules of the course can be adapted to the needs of the unit and their operational area. This will be agreed and scheduled during the booking process.
This masterclass is a full hands-on interactive course where the methodology and best practice is explained, and then the students practice the tradecraft live and online. Please be advised that this course is almost 50% practical workshops and exercises, so your own laptop is essential.The course will be a presentation and demonstration of the techniques. Students are encouraged to follow along during the course on the own laptop.
Cases and examples, both current and historic will be given throughout, to add depth and relevance to the methodology.
Students will receive
Students will each receive an electronic copy of the course material, Step-by-step instructions for all exercise, handouts and cheat-sheets for quick reference to detailed information sources and a courseUSBdrive with associated software and resource material. Included on the USB drive are thesoftware tools used during the course, tutorials and over 1000 OSINT tool links to ensure they continue to have the tools they need, post course.
Elements and modules
The content of this unique course are not offered anywhere else. The course material is supported by real world examples and incidents. This is not a general lecture course. This course will provide the student with the understanding of how to accomplish effective investigation of Internet and Darknet crimes, sites and users. The course will allow Law enforcement to step up their investigative skills to meet the new challenges offered by the anonymity of the Darknet and the complication of Internet data collection and analysis.
The session descriptions below are specifically short so as not to specifically publish specific techniques and methods. This course will fully explore each area during the individual sessions. Use of any of these new and innovative methods and techniques explained during the sessions will be up to the individual and the agencies to implement based on their ability and any legal constraints applied by their jurisdiction.
The Darknet/Dark Web, what it is and what it is not
Understanding what the Darknet really is can be a challenge. The technology behind the Darknet is not a single program or location. This session will explore what the Darknet is and how it differs from the Deepweb.
Darkweb familiarisation and covert monitoring
Setting up and using Tor may in itself be easy, but finding what you want on the Tor network can be a challenge. This session will look at the Tor network how it works and methods for using it during an investigation.
CryptoCurrency and its use in the Darknet
New to investigations involving bitcoin? Need to understand how to track the funds through various cryptocurrencies? How do wallets work and is there any evidence I can use when I find one? This session will provide you with the ability to understand and deal with Bitcoin and other cryptocurrencies during you investigations.
Going Undercover on the Darknet
Darknet investigations require the use of a persona like any other investigation. It also requires that you understand the equipment you are using and practice online officer safety techniques specialized for online/Darknet investigations. This session will look at the requirements and investigator has equipment and persona background specializing in Darknet investigations.
Using web bugs and other technology to locate a suspect
How can we locate targets online through the use of various code. How can it be done and what skills does the investigator need. What are the potential legal issues?
Advanced Darknet/Dark Web Investigations, identifying the anonymous user
Are there legally available methods which we can implement to identify anonymous users on the Internet? The answer is definitely yes. This session will discuss the techniques available to the investigator to identify users of anoymization on the Internet.
Tracking duplicates, sources uploading, meta data and exif data interrogation and identifiers to establish device, location, source and tracking. Hashing and searching for sharing and uploading significant images. Providing sufficient data and intel to support dissemination to active teams and support warrants and DSA.
Provision and access to over 1200 OSINT tools on my dedicated investigator training site which is a library of tools collected over the last 20 years in LEA. These cover everything. Delegates will be given access forever. Historic and specific searching.
Deep searching of links and connections into a website; common or accessed sites sharing the same server space. Identifying IP and owners of sites and upload location. Possible server vulnerabilities and exploits .
A headache for most prosecutors and investigators. We can put a device at a location but how do we show who was there with the device. What other clues are there to prove ownership and use? Let us look at them all.
Human anthropology Versus digital foot printing
How we live, move and react with the real world is reflected in the digit footprint we leave in the virtual world. This session will look at where to look for clues in the data and footprint, to profile and help identify the person leaving it
Social engineering tricks and exploits
This session gives the delegate an understanding of the origins, impact and harm that the modern criminal social engineer plays in crime and intelligence security in the modern day internet. It covers both attack and defence. Can we identify, exploit and copy their tactics?
Tracking and identifying devices on the internet and their speed direction and use by the target. Includes vehicle telematics, association, speed, data sources and non visual surveillance . Identifying buildings/ locations ( public and private ) that the device uses and frequents.
Identifying targets by their device movement and location. Identifying public wifi spots used and interrogation.
Covers all aspects of relevant legislation in respect of paint research - pitfalls and considerations regarding Intercept and AP. Also cover the transition to evidence from intel online , Business data without applying for it, and identifying company interests and ownership which were not available or known. Impact of GDPR and DPA.
Identifying which sites are used by the target quickly , then interrogation of the sites by searching the data not by using the site. Links between targets on the same and different SN sites. Direct and historic chats between multiple profiles to prove association and analysis. Analysis online of a subjects location when uploading / tweeting/ blogging AND the identity and location of the people in their online group.
Covert (non attrib) and non identifying search methods. Deep searching and analysis. Alternative tool and site searching. footprint reduction and incognito browsing. Non identifying profile creation using virtual mobiles and emails to allow registration.
OSINT legend building
Non attributable SN profile and legend building, tradecraft and good digital hygiene around this area.
Other identifiers of value
Mac IMSI and IMEI, SSID and BSSID identifiers that will be of significant value to the investigation. Their anomalies, values, and potential. Port scanning and network analysis
Cryptocurrency track and trace.
How to register your interest in the course:
1. Please order the course by clicking the link 'Enquire"
2. This will generate a non binding request for a quote.
3. I will then contact you with a view to establishing the course content and dates available for the course.
4. If happy with the proposal, I will generate and send an invoice.
5. 50% payment will be required upon booking, with the balance payable after completion of the course.
Alternatively you may email me for more information.