top of page

Open Source and Darknet  Master Class and Workshop, Prague March 2020

-Everything the Cyber Internet investigator needs to effectively do their job -






About the Course

Vere Software and Bentac, are excited to announce our new joint training masterclass, bringing together the expertise from Todd G. Shipley, a globally recognised expert in Darknet investigations, and cryptocurrencies, and Mark Bentley, a leading authority and specialist in Deep web OSINT, tradecraft and covert interaction and searching. A combined Seventy-plus years of law enforcement and investigation experience between them, ensures that those attending get the very best training in this arena today. We believe we are unique in our approach and no other course offers the experience and depth that we offer.



Mission Statement

The workshop and masterclass, held over 5 days, covers the very best up to date methods and tradecraft to equip the modern day cyber investigator with all the latest cutting edge tools and proactive investigation methodology. The content of this unique course not offered anywhere else. The course material is supported by real world examples and incidents. This is not a general lecture course. This course will provide the student with the understanding of how to accomplish effective investigation of OSINT and Darknet investigations. The course will allow Law enforcement to step up their investigative skills to meet the new challenges offered by Internet investigations the anonymity of the Darknet..This is an advanced level course presented from an investigators point of view. Those with a non-technical background will also benefit from the material presented. The course is strictly restricted to Government and police as it contains new and innovative methodology and techniques.

Course structure

The course is designed to take the student through the full spectrum of topics necessary to be an effective Cyber Internet investigator. Whether it’s chasing cryptocurrencies, tracking paedophiles through keywords or images, or simply finding deep buried and historic data on your target, on the Darknet or the open web, this is the course for you. From network exploration and how we all leave digital footprints, to device tracking and bitcoin analysis, The course focusses on all online offenders and organised criminal gangs from financial criminal behaviour to offenders against children. 

The course also covers in detail, tracking and tracing images, Exif and meta-data, and live internet searches. The foray into the Darknet includes everything you need to know about anonymous networks their use, finding targets and tracing data on hidden networks. What cryptocurrency is and how it facilitates crime on the Darknet and how law enforcement can trace and analyse transactions.


This masterclass is a full hands-on interactive course where the methodology and best practice is explained, and then the students practice the tradecraft live and online.  Please be advised that this course is almost 50% practical workshops and exercises, so your own laptop is essential. The course will be a presentation and demonstration of the techniques. Students are encouraged to follow along during the course on the own laptop.

Cases and examples, both current and historic will be given throughout, to add depth and relevance to the methodology.

Students will receive

Students will each receive an electronic copy of the course material, Step-by-step instructions for all exercise, handouts and cheat-sheets for quick reference to detailed information sources and a course USB drive with associated software and resource material. Included on the USB drive are the software tools used during the course, tutorials and over 1000 OSINT tool links to ensure they continue to have the tools they need, post course.

Elements and modules

The content of this unique course are not offered anywhere else. The course material is supported by real world examples and incidents. This is not a general lecture course. This course will provide the student with the understanding of how to accomplish effective investigation of Internet and Darknet crimes, sites and users. The course will allow Law enforcement to step up their investigative skills to meet the new challenges offered by the anonymity of the Darknet and the complication of Internet data collection and analysis.

The session descriptions below are specifically short so as not to specifically publish specific techniques and methods. This course will fully explore each area during the individual sessions. Use of any of these new and innovative methods and techniques explained during the sessions will be up to the individual and the agencies to implement based on their ability and any legal constraints applied by their jurisdiction.


The Darknet/Dark Web, what it is and what it is not

Understanding what the Darknet really is can be a challenge.  The technology behind the Darknet is not a single program or location. This session will explore what the Darknet is and how it differs from the Deepweb.


To Tor or not to Tor

Setting up and using Tor may in itself be easy, but finding what you want on the Tor network can be a challenge. This session will look at the Tor network how it works and methods for using it during an investigation.


CryptoCurrency and its use in the Darknet

New to investigations involving bitcoin? Need to understand how to track the funds through various cryptocurrencies?  How do wallets work and is there any evidence I can use when I find one? This session will provide you with the ability to understand and deal with Bitcoin and other cryptocurrencies during you investigations.


Going Undercover on the Darknet

Darknet investigations require the use of a persona like any other investigation. It also requires that you understand the equipment you are using and practice online officer safety techniques specialized for online/Darknet investigations. This session will look at the requirements and investigator has equipment and persona background specializing in Darknet investigations.


Using web bugs and other technology to locate a suspect

How can we locate targets online through the use of various code. How can it be done and what skills does the investigator need.  What are the potential legal issues?  


Advanced Darknet/Dark Web Investigations, identifying the anonymous user

Are there legally available methods which we can implement to identify anonymous users on the Internet? The answer is definitely yes.  This session will discuss the techniques available to the investigator to identify users of anoymization on the Internet.



Tracking duplicates, sources uploading, meta data and exif data interrogation and identifiers to establish device, location, source and tracking. Hashing and searching for sharing and uploading significant images. Providing sufficient data and intel to support dissemination to active teams and support warrants and DSA. 


Provision and access to over 1200 OSINT tools on my dedicated investigator training site which is a library of tools collected over the last 35 years in LEA. These cover everything. Delegates will be given access forever. Historic and specific searching. 

Website analysis 

Deep searching of links and connections into a website; common or accessed sites sharing the same server space. Identifying IP and owners of sites and upload location. Possible server vulnerabilities and exploits  


A headache for most prosecutors and investigators. We can put a device at a location but how do we show who was there with the device. What other clues are there to prove ownership and use? Let us look at them all. 

Human anthropology Versus digital foot printing 
How we live, move and react with the real world is reflected in the digit footprint we leave in the virtual world. This session will look at where to look for clues in the data and footprint, to profile and help identify the person leaving it 

Social engineering tricks and exploits 
This session gives the delegate an understanding of the origins, impact and harm that the modern criminal social engineer plays in crime and intelligence security in the modern day internet. It covers both attack and defence. Can we identify, exploit and copy their tactics? 

Geo location 

Tracking and identifying devices on the internet and their speed direction and use by the target. Includes vehicle telematics, association, speed, data sources and non visual surveillance . Identifying buildings/ locations ( public and private ) that the device uses and frequents. 

lifestyle analysis 

Identifying targets by their device movement and location. Identifying public wifi spots used and interrogation. 


Covers all aspects of relevant legislation in respect of paint research - pitfalls and considerations regarding Intercept and AP.   Also cover the transition to evidence from intel online , Business data without applying for it, and identifying company interests and ownership which were not available or known. 

Social Networking 

Identifying which sites are used by the target quickly , then interrogation of the sites by searching the data not by using the site. Links between targets on the same and different SN sites. Direct and historic chats between multiple profiles to prove association and analysis. Analysis online of a subjects location when uploading / tweeting/ blogging AND the identity and location of the people in their online group. 


Covert (non attrib) and non identifying search methods. Deep searching and analysis. Alternative tool and site searching. footprint reduction and incognito browsing. Non identifying profile creation using virtual mobiles and emails to allow registration. 

OSINT legend building 

Non attributable SN profile and legend building, tradecraft and good digital hygiene around this area. 

Other identifiers of value 

Mac IMSI and IMEI, SSID and BSSID identifiers that will be of significant value to the investigation. Their anomalies, values, and potential. Port scanning and network analysis 


Food and beverage

Lunch and refreshments, coffee and snacks will be provided and included in the course price. Accommodations and travel expense are the responsibility of the delegate.

Pre requisite technical knowledge

Please be advised that this is an immersive and fully interactive course. Knowledge in the use of Windows Operating System is required. During the course students will be required to install and use various software programs and tools unique to the material.

Bring your own laptop

Throughout the course, students will participate in hands-on lab exercises. Students are encouraged to bring their own laptops to class that meet the requirements described below.


Students must bring a 64-bit Windows 10 laptop to class, preferably running natively on the system hardware. It is possible to complete the lab exercises using a virtualized Windows installation.


Apple laptops can be used if there are able to run a virtualized Windows machine or use Bootcamp.

Administrative Access-REQURED

Many of the tools utilized in this training require  administrative privileges. Students must have administrative access on their Windows host, including the ability to unload or disable security software such as anti-virus or firewall agents as necessary for the completion of  certain exercises. Further, students should have knowledge of the local passwords required to manage their system, including local Administrator account passwords, and passwords necessary to make system BIOS configuration changes.


Students can use a virtualized tool within the class for all of the exercises. VMware Workstation, VMware Player or VirtualBox are recommended. VMware Workstation Player and their other tools can be downloaded from the VMware website. VirtualBox can be downloaded from the Oracle website.

Hardware Requirements

Several of the software components used in the course are hardware intensive, requiring more system resources than what might be required otherwise for day-to-day use of a system. Please ensure your laptop meets the following minimum hardware requirements:

  • Minimum 2 GB RAM, 4 GB recommended

  • Wireless only access to the Internet will be provided during the course.

  • 30 GB free hard disk space

During the course, you will install numerous tools, and make several system changes. Some students may wish to bring a clean system that is not their everyday production system, or a dedicated Windows virtual machine that meets the minimum requirements for a system, to avoid any changes that may interfere with other system software.


About the speakers

Todd G. Shipley is a globally recognized expert on Internet Investigations. He has 25 years of law enforcement experience. As a Detective Sergeant he supervised the Financial and Cybercrime units for the Reno, Nevada Police Department starting the first cybercrime unit in the State of Nevada. He is also a IACIS Certified Forensic Computer Examiner. 


He writes on the topic of cybercrime and is co-author of Investigating Internet Crimes, An introduction to solving crimes in cyberspace. He is the featured Internet crime expert in the movie “Deepweb” directed by Alex Winter. He is a patent holder and inventor of the software WebCase designed to aid investigators collect defensible online evidence during their investigations.


Mr. Shipley presents this and other subjects to government, law enforcement and investigators around the world. He is a lecturer for the Canadian Police College, the University of Nevada, Reno and Interpol.



Mark Bentley, of BENTAC training, is a globally recognised communications data expert, and OSINT specialist, who works as an adviser, trainer and consultant to security services, government and police forces around the world. His experience is based on 36 years as a detective, which includes experience gained working for the UK National Crime Agency (NCA), Metropolitan police, Child Exploitation and Online Exploitation (CEOP), and UK government agencies, in the capacity of overt, reactive and covert operations management. With 20+ years in financial investigation, as a qualified financial investigation development officer (FIDO) , he has been at the cutting edge of investigating financial transactions online, laundering, carouselling financial transactions and online laundry operations. Mark has been involved in the tracking of high profile cases, persons and vessels and is the open source expert and lead advisor for forces and government agencies both domestic and abroad. His specialist area is device tracking and interrogation, pedophile digital profiling, alternative profile digital shadowing, Vehicle telematics, crypto currency tracing, Advanced OSINT skills, injection and weaponising. Mark presents this and other subjects to government and law enforcement globally and lecturers for international policing organisations around the globe,  Child protection services, UK Gov cyber capability building programme, EU cybercrime twinning project, Government agencies, Military, The Council of Europe and The UK College of Policing. He runs his own training company and law enforcement open sourcing tools site to empower and train officers around the world on best practice and lateral thinking in investigations online.



Course Fees

€3000/ £2700pp. Discounts when booked as a multiple of 2 or more.  . Please email me for further discounts for groups of 4 or more. 



Central Prague. 


bottom of page