University Lectures and seminars
Lecture structure
A bespoke lecture at your premises on the any or some of the modules below. (AM or PM). The lecture can be adapted and built to the requirements and needs of the audience or the university. Real world examples and case history throughout. Can be reduced in time to accommodate timetables an schedules.
​
Students will receive
Students will each receive an electronic copy of the lecture material, Step-by-step instructions for all exercise, handouts and cheat-sheets for quick reference to detailed information sources and a course. USBdrive with associated software and resource material. Included on the USB drive are the software tools used during the course, tutorials and over 1000 OSINT tool links to ensure they continue to have the tools they need, post lecture.
​
Elements and modules
The lectures may be on the following subjects. Please bear in mind that each element takes unto an hour to be covered effectively. Therefore any more than 4-5 modules in 3 hours will result in the session being more of an awareness or light touch on the subject rather than an in depth look at it:
​
The Darknet/Dark Web, what it is and what it is not
Understanding what the Darknet really is can be a challenge. The technology behind the Darknet is not a single program or location. This session will explore what the Darknet is and how it differs from the Deepweb.
CryptoCurrency and its use in the Darknet
New to investigations involving bitcoin and etherium? Need to understand how to track the funds through various cryptocurrencies? How do wallets work and is there any evidence I can use when I find one? This session will provide you with the ability to understand and deal with Bitcoin and other cryptocurrencies during you investigations.
Going Undercover on the Darknet
Darknet investigations require the use of a persona like any other investigation. It also requires that you understand the equipment you are using and practice online officer safety techniques specialized for online/Darknet investigations. This session will look at the requirements and investigator has equipment and persona background specializing in Darknet investigations.
Using web bugs and other technology to locate a suspect
How can we locate targets online through the use of various code. How can it be done and what skills does the investigator need. What are the potential legal issues?
Advanced Darknet/Dark Web Investigations, identifying the anonymous user
Are there legally available methods which we can implement to identify anonymous users on the Internet? The answer is definitely yes. This session will discuss the techniques available to the investigator to identify users of anoymization on the Internet.
Images
Tracking duplicates, sources uploading, meta data and exif data interrogation and identifiers to establish device, location, source and tracking. Hashing and searching for sharing and uploading significant images. Providing sufficient data and intel to support dissemination to active teams and support warrants and DSA.
​
OSINT
Provision and access to over 1200 OSINT tools on my dedicated investigator training site which is a library of tools collected over the last 35 years in LEA. These cover everything. Delegates will be given access forever. Historic and specific searching.
​
Website analysis
Deep searching of links and connections into a website; common or accessed sites sharing the same server space. Identifying IP and owners of sites and upload location. Possible server vulnerabilities and exploits
Fake news
The online world today around fake traces on the internet. How they can be used , weaponised, identified and prevented.
​
Attribution
A headache for most prosecutors and investigators. We can put a device at a location but how do we show who was there with the device. What other clues are there to prove ownership and use? Let us look at them all.
​
Human anthropology Versus digital foot printing
How we live, move and react with the real world is reflected in the digit footprint we leave in the virtual world. This session will look at where to look for clues in the data and footprint, to profile and help identify the person leaving it . HUMINT and SOCMINT
​
Social engineering tricks and exploits
This session gives the delegate an understanding of the origins, impact and harm that the modern criminal social engineer plays in crime and intelligence security in the modern day internet. It covers both attack and defence. Can we identify, exploit and copy their tactics? Who is watching us and why.
​
Geo location
Tracking and identifying devices on the internet and their speed direction and use by the target. Includes vehicle telematics, association, speed, data sources and non visual surveillance . Identifying buildings/ locations ( public and private ) that the device uses and frequents.
​
lifestyle analysis
Identifying targets by their device movement and location. Identifying public wifi spots used and interrogation.
​
Legislation
Covers all aspects of relevant legislation in respect of paint research - pitfalls and considerations regarding Intercept and AP. Also cover the transition to evidence from intel online , Business data without applying for it, and identifying company interests and ownership which were not available or known. GDPR, RIPA, ECHR etc.
​
Social Networking
Identifying which sites are used by the target quickly , then interrogation of the sites by searching the data not by using the site. Links between targets on the same and different SN sites. Direct and historic chats between multiple profiles to prove association and analysis. Analysis online of a subjects location when uploading / tweeting/ blogging AND the identity and location of the people in their online group.
​
Tradecraft
Covert (non attrib) and non identifying search methods. Deep searching and analysis. Alternative tool and site searching. footprint reduction and incognito browsing. Non identifying profile creation using virtual mobiles and emails to allow registration.
​
OSINT legend building
Non attributable SN profile and legend building, tradecraft and good digital hygiene around this area.
​
Other identifiers of value
Mac IMSI and IMEI, SSID and BSSID identifiers that will be of significant value to the investigation. Their anomalies, values, and potential. Port scanning and network analysis
​
Bring your own laptop
Students are encouraged to bring their own laptops
About the speaker
Mark Bentley, of BENTAC training, is a globally recognised communications data expert, and OSINT specialist, who works as an adviser, trainer and consultant to security services, government and police forces around the world. His experience is based on 38 years as a detective, which includes experience gained working for the UK National Crime Agency (NCA), Metropolitan police, Child Exploitation and Online Exploitation (CEOP), and UK government agencies, in the capacity of overt, reactive and covert operations management. With 20+ years in financial investigation, as a qualified financial investigation development officer (FIDO) , he has been at the cutting edge of investigating financial transactions online, laundering, carouselling financial transactions and online laundry operations. Mark has been involved in the tracking of high profile cases, persons and vessels and is the open source expert and lead advisor for forces and government agencies both domestic and abroad. His specialist area is device tracking and interrogation, pedophile digital profiling, alternative profile digital shadowing, Vehicle telematics, crypto currency tracing, Advanced OSINT skills, injection and weaponising. Mark presents this and other subjects to government and law enforcement globally and lecturers for international policing organisations around the globe, Child protection services, UK Gov cyber capability building programme, EU cybercrime twinning project, Government agencies, Military, The Council of Europe and The UK College of Policing. He runs his own training company and law enforcement open sourcing tools site to empower and train officers around the world on best practice and lateral thinking in investigations online.
Course Fees
UK £500 + Vat per half day ( AM or PM).
​
Additional charges
​
-
London and home counties - travelling +£20
-
South east - Travelling +£50
-
Rest of country +£150 costs for travelling and 1 night hotel.
-
Outside UK- + travelling costs and hotels as costed. TBA
Location
Your lecture theatre or classroom. You provide room and wifi.
​