top of page
2-5 day courses at your office


Cyber investigator workshop and courses

  • Completely bespoke to your needs. You build it.

  • You decide on the subject, modules, budget, and duration

  • Prices are per course, not per person. 

  • Transparent charging. No hidden surprises or fees.

  • You provide the students, venue, and AV. I do the rest.

  • Can be as little as $45pp per day

  • Now taking bookings for 2023

Due to protected methodology and sensitive techniques, this course is only available to police, government, and military staff.

A public course is available for organisations not within the above groups. Please enquire.

The modern-day digital investigator.

Open source investigation is not a simple task anymore. Threat actors and criminals have become more sophisticated and cunning in their online presence. The result of this is the practice of OSINT gathering has become a fine art and skill where the cyber investigator must laterally think out problems and solutions, using the best tradecraft and tools available.  This course will enable the delegate to stay ahead of the curve, and is intended for the internet cybercrime investigator and researcher, in order to take them from the basic researcher who understands the basics of internet investigation, to advanced open source researcher, able and proficient in providing high quality reports and evidence relating to online investigations and intelligence. 

The course is adaptable and to the client’s requirements operationally. It can be delivered as a standard or advanced level, with and emphasis on a chosen flavour- Human trafficking, Child protection, Counter terrorism, Digital investigator, or surveillance.

Key elements

◦ An investigator with 38 years’ experience talking and training investigators on their level

◦ Numerous practical workshops throughout to build up analysis of digital footprint

◦ Hands on live tracking and deep web searching 

◦ Best professional practice re digital hygiene and evidence gathering

◦ Online Legend and persona building and use

◦ FREE Exclusive access to online data base of 200+ OSINT tools

◦ FREE Exclusive access to online practical advice, and tutorials

◦ FREE included OSINT software for you to take away and keep

◦ FREE USB with 1000+ OSINT tools links, glossaries, and OSINT manuals

◦ FREE Email support and advice post course. 

◦ Certificates for all delegates to enhance career development

About the Course

The workshop and masterclass, held over 1-5 days, covers the absolute best up to date methods and tradecraft to equip the modern-day cyber investigator with all the latest cutting-edge tools and proactive investigation methodology. The content of this unique course not offered anywhere else. The course material is supported by real world examples and incidents. This is not a general lecture course. This course will provide the student with the understanding of how to accomplish effective investigation of OSINT and Darknet investigations. The course will allow Law enforcement to step up their investigative skills to meet the new challenges offered by Internet investigations including the anonymity of the Darknet. This can be delivered as a basic to advanced level course presented from an investigators point of view. Those with a non-technical background will also benefit from the material presented.

 The course is strictly restricted to Government Military and police as it contains new and innovative protected methodology and techniques. There is no prerequisite knowledge or skills required to attend and successfully complete this course, other than the ability to use search engines on a PC. Delegates will be expected to have access to a computer. Attendees will download free and have included software during the course which they can take away with them and use post- course, in the fight to combat online criminality. The course has an emphasis on practical exercises throughout online, and offline, where the student can practice and be proficient in the practice of open source researcher.  Every session during the course will have practical exercises throughout. 

Delegates will Also be provided with a USB at the end of the course with 1000 tools, documents, and course notes which they will be able to keep as an aide memoire. Exclusive access to tutorials online and a library of 200+ tools, to practice and continue the methods taught on the course, when back in the workplace. 

Certificates will be awarded at the conclusion of the course for all delegates, which will enhance their career development and career goals for the future.   

 Key areas covered  

◦ Online profile interrogation and building.

◦ Social network data harvesting.

◦ Device tracking

◦ Legislation (DPA, GDPR, EUDRD, ECHR, RIPA, IPA 2016, CHIS bill)

◦ Searching for data in the deep web

◦ OSINT tool use and practical’s

◦ Live tracking and monitoring

◦ Best practice in intelligence and evidence gathering

◦ Search techniques and awareness.

◦ Proactive and innovative techniques

◦ Understanding social engineering and using it against targets.

Due to the lecturer’s experience in these fields, the course can be adapted to highlight investigations into specifically or any of the following learning objectives.:

  • Fraud and money laundering

  • Child protection and investigating those who harm children.

  • Dark web investigations and crypto currency centric operations.

  • Counter terrorism

  • Sport corruption, betting and fixing.

  • New and experienced investigators OSINT training

  • Human trafficking and exploitation

  • Digital online and real-world surveillance technology

  • Vetting and digital profiling

  • Prosecutor and judicial cybercrime awareness

  • Manhunts and tracking.

Course structure

The course is designed to take the student through the full spectrum of topics necessary to be an effective Cyber Internet investigator. Whether it is chasing Terrorist threat actors and lone wolves, cryptocurrencies, tracking paedophiles through keywords or images, or simply finding deep buried and historic data on your target, on the Darknet or the open web, this is the course for you. OSINT HUMINT and SOCMINT extensively covered. From network exploration and how we all leave digital footprints, to device tracking and bitcoin analysis, the course focusses on all online offenders and organised criminal gangs from financial criminal behaviour to offenders against children.

The course also covers in detail, tracking and tracing images, Exif and meta-data, and live internet searches. The foray into the Darknet includes everything you need to know about anonymous networks their use, finding targets and tracing data on hidden networks. What cryptocurrency is and how it facilitates crime on the Darknet and how law enforcement can trace and analyse transactions. The modules of the course can be adapted to the needs of the unit and their operational area. This will be agreed and scheduled during the booking process.  Workshops This masterclass is a full hands-on interactive course where the methodology and best practice is explained, and then the students practice the tradecraft live and online. Please be advised that this course is almost 50% practical workshops and exercises, so your own laptop is essential.

The course will be a presentation and demonstration of the techniques. Students are encouraged to follow along during the course on the own computer. Cases and examples, both current and historic will be given throughout, to add depth and relevance to the methodology. Students will receive Students will each receive an electronic copy of the course material, Step-by-step instructions for all exercise, handouts, and cheat-sheets for quick reference to detailed information sources and, in the case of live courses, a course USB drive with associated software and resource material. Included on the USB drive are the software tools used during the course, tutorials and over 1000 OSINT tool links to ensure they continue to have the tools they need, post course. The contents of this will be available to online course delegates via a dropbox download link.

Elements and modules

The content of this unique course is not offered anywhere else. The course material is supported by real world examples and incidents. This is not a general lecture course. This course will provide the student with the understanding of how to accomplish effective investigation of Internet and Darknet crimes, sites, and users. The course will allow Law enforcement to step up their investigative skills to meet the new challenges offered by the anonymity of the Darknet and the complication of Internet data collection and analysis.


The session descriptions below are specifically short so as not to specifically publish specific techniques and methods. This course will fully explore each area during the individual sessions. Use of any of these new and innovative methods and techniques explained during the sessions will be up to the individual and the agencies to implement based on their ability and any legal constraints applied by their jurisdiction.  

Tradecraft - Covert (non-attribution) and non-identifying search methods.

Deep searching and analysis. Alternative tool and site searching. footprint reduction and incognito browsing. Non identifying profile creation using virtual mobiles and emails to allow registration.  OSINT legend building 

Non attributable passive SN profile and legend building,

Non attributable and covert tradecraft and good digital hygiene around this area.  Terrorist chat rooms and interaction monitoring, Human trafficking awareness, tracking and OCG disruption Trafficking awareness, chat rooms, organised criminal group identification and methodology.

Images, Exif and meta tabs

Tracking duplicates, sources uploading, meta data and exif data interrogation and identifiers to establish device, location, source, and tracking. Hashing and searching for sharing and uploading significant images. Providing sufficient data and intel to support dissemination to active teams and support warrants and DSA. 

Lateral thinking and problem solving

With the increased use of encryption and masking technologies, the investigator must upskill in problem solving and looking for alternative sources of data and intelligence. The course is based on this premise.

Tools Provision

Access to over 1200 OSINT tools on my dedicated investigator training site which is a library of tools collected over the last 20 years in LEA. These cover everything. Delegates will be given access forever. Historic and specific searching. 

Website analysis and meta data scraping

Covert Deep searching of links and connections into a website; common or accessed sites sharing the same server space. Identifying IP and owners of sites and upload location. Possible server vulnerabilities and exploits.


A headache for most prosecutors and investigators. We can put a device at a location but how do we show who was there with the device. What other clues are there to prove ownership and use? Let us look at them all. 

Data analysis and understanding

Analysing and understanding data sets and integrating them in other software such as I2

Human anthropology Versus digital foot printing

How we live, move, and react with the real world is reflected in the digit footprint we leave in the virtual world. This session will look at where to look for clues in the data and footprint, to profile and help identify the person leaving it 


 Social engineering tricks and exploits

This session gives the delegate an understanding of the origins, impact, and harm that the modern criminal social engineer plays in crime and intelligence security in the modern-day internet. It covers both attack and defence. Can we identify, exploit, and copy their tactics? Can we use fake news as a weapon to combat crime?

Geo location 

Tracking and identifying devices on the internet and their speed direction and use by the target.

Includes vehicle telematics, association, speed, data sources and non-visual surveillance. Identifying buildings/ locations (public and private) that the device uses and frequents.  Geolocation and advanced digital surveillance if required.

lifestyle analysis 

Identifying targets by their device movement and location. Identifying public Wi-Fi spots used and interrogation.  Remote device interrogation and harvesting.

Legislation and legal action awareness

Covers all aspects of relevant legislation in respect of OSINT research - pitfalls and considerations regarding Intercept and AP. Also cover the transition to evidence from intel online, Business data without applying for it, and identifying company interests and ownership which were not available or known. Impact of GDPR and DPA. Use of MLAT and ILOR. (DPA, GDPR, EUDRD, ECHR, RIPA, IPA 2016, CHIS bill)

Social Networking 

Identifying which sites are used by the target quickly, then interrogation of the sites by searching the data not by using the site. Links between targets on the same and different SN sites. Direct and historic chats between multiple profiles to prove association and analysis.

Analysis online of a subject’s location

when uploading / tweeting/ blogging AND the identity and location of the people in their online group. 

Data communications awareness, applications, and best practice

Awareness around what can be asked for, how to ask and where to get it.

Other identifiers of value 

Mac IMSI and IMEI, SSID and BSSID identifiers that will be of significant value to the investigation. Their anomalies, values, and potential. Port scanning and network analysis 

Darkweb elements

(either as a light touch inclusion in the 5-day course, or a standalone 3-day intensive course following the OSINT course. The 8 days total is recommended as the learning objectives and practical workshops are greater, due to the additional time to do them.)

The Darknet/Dark Web

What it is and what it is not Understanding what the Darknet really is can be a challenge. The technology behind the Darknet is not a single program or location. This session will explore what the Darknet is and how it differs from the Deep web.

Dark web familiarisation and covert monitoring

Setting up and using Tor may be easy, but finding what you want on the Tor network can be a challenge. This session will look at the Tor network how it works and methods for using it during an investigation.  

Cryptocurrency and its use in the Darknet

New to investigations involving bitcoin? Need to understand how to track the funds through various cryptocurrencies? How do wallets work and is there any evidence I can use when I find one? This session will provide you with the ability to understand and deal with Bitcoin and other cryptocurrencies during your investigations.  

Going Undercover on the Darknet

Darknet investigations require the use of a persona like any other investigation. It also requires that you understand the equipment you are using and practice online officer safety techniques specialized for online/ Darknet investigations. This session will look at the requirements and investigator have equipment and persona background specializing in Darknet investigations.   Using web bugs and other technology to locate a suspect How can we locate targets online using various code. How can it be done and what skills does the investigator need? What are the potential legal issues?   

Advanced Darknet/Dark Web Investigations,

Identifying the anonymous user Are there legally available methods which we can implement to identify anonymous users on the Internet? The answer is definitely yes. This session will discuss the techniques available to the investigator to identify users of anonymization on the Internet. Email extraction from Public and private encryption keys.

What is included?

  1. Real world courses

Price quoted includes training delivery, expenses, tools, course materials, travel, hotel, certificates, Visa, USBs, printing, and documents. No further additional costs, other than interpreter, when and where required.

  1. Online courses

Delivery software (Zoom - or yours if security does not allow zoom), training, Course materials and tools, certificates.

What’s NOT included

Live courses. You provide the classroom, computers, broadband (and interpreters if needed) I can quote for this if required. Course is delivered in English. Interpreters are the responsibility of, and cost to, the client.

I provide everything else. Simple.  No hidden costs. No surprises.

Terms for booking

Once dates have been agreed, they will be provisionally held until 50% deposit is paid, upon which the dates will be secured. Due to demand, dates provisionally held for a client will be offered to other clients until they are secured.



100% refund if course is cancelled by Bentac at any time. If client cancels more than 28 days before the course, 100% refund minus costs incurred that cannot be recovered (flights, hotel, visa, tests etc). If client cancels within 28 days of course, 50% deposit is forfeited by client, unless a new date is agreed.



Prices as of Jan 2021 to Dec 2021. Prices per course, not delegate. Max online classroom restricted to 35.

A typical week schedule (Sunday to Thursday where required, on cultural or religious grounds.). This is completely adaptable to your requests and needs.



Other courses available.


Digital surveillance techniques


3-day course, covering subjects such as


  • • Applying surveillance techniques to online targets

  • • Digital foot printing and profile building

  • • Geolocation of devices and tracking

  • • Scanning and wardriving

  • • Injection and poisoning

  • • Public Wi-Fi exploits and opportunities


Prosecutor and judge’s awareness


2-day course, covering subjects such as


  • • Expectation management

  • • What can be obtained and what cannot

  • • Converting online intelligence into tangible court evidence

  • • Legislation and precedents

  • • Tradecraft and good digital practice when presenting evidence.


Paedophile, OCG and human traffickers online


2-day course, covering subjects such as


  • • Remote and covert monitoring of online chat rooms, websites and forums

  • • Interaction online with targets

  • • Creation of legends to fit the criteria.


Surveillance techniques (2 day)


  • • Data harvesting whilst deployed

  • • Identifying target devices and places frequented

  • • Control car good practice and tradecraft in relation

How to register your interest in the course:

1. Please order the course by clicking the link 'Enquire"

2. This will generate a non binding request for a quote. 

3. I will then contact you with a view to establishing the course content and dates available for the course. 

4. If happy with the proposal, I will generate and send an invoice.

5. 50% payment will be required upon booking, with the balance payable after completion of the course. 

Alternatively you may email me for more information.


bottom of page