Cyber Threat Investigator Course - February 2024

COURSE TIME  9:00 AM (EST) **  6:00 AM (PST)  ** 10:00 AM (AST)

HYBRID LEARNING ENVIROMENT 

• Students in Toronto may attend in person - Location will be confirmed by November 20th, 2023
• Online instruction is available for remote learning - Learning will be delivered via MS-Teams and Virtual desktops for practicals

COURSE OVERVIEW

This immersive course expands upon the skills and fundamentals taught in introductory cyber courses. The course will provide attendees with a more in-depth understanding of the online criminal ecosystem. We will focus on the existing cyber threats markets, forums and other criminality occuring there. OSINT techniques and other methods to investigate criminal activity on multiple layers of the web.  Students will assume different identities and communicate with others in the ecosystem via encrypted communications, utilizing PGP and peer to peer application.  The training will be mostly hands-on, with students walking through the steps, explanations of the programs and demonstrations of the browser add-ons while building a research machine. Additionally, attendees will be familiarized with open source and commercial tools and learn to leverage the tools for thier investigations. 

• Find and navigate the 'dark web' forums/marketplaces using the TOR network
• Conduct online research to identify threats to your organization
• Create a target profile report through the use of various research techniques/tools
• Learn fundamentals in interacting online through NCFTA-guided hands-on exercises
• Create and maintain research accounts, employ encryption techniques in order to communicate online
• Limit your footprint while conducting research.
• Understanding VPN, VM and info bleeds while using such environments
• Make purchases using crypto currencies
• Develop intelligence reporting based on information gathered
• Interact online using various P2P chat platforms
• Focus on dark web, deep web, Malware and Ransomware

The course will also focus on incident response to compromises and will provide attendees with an understanding of ransomware and best practices/tools for first response to ransomware incidents:

• What is Ransomware?
• Types of Ransomware
• How does it work?
• Responding to an attack
• Stop the spread
• Investigative strategies
• Finding available unlock keys
• Prevention

**This is an advanced cyber investigation course. We strongly recommend students have previous cyber investigative training or have completed the Cryptocurrency Investigators Course hosted by Ai6.

INSTRUCTORS BIOGRAPHY

Mr. Sean WILLIAMS

Sean Williams is a Trainer and Intelligence Analyst within Training at the National Cyber-Forensics & Training Alliance (NCFTA) located in Pittsburgh, Pennsylvania. Sean does dark web research and analysis on illicit markets, forums, actors, coordinates and develops training on a variety of topics. He received a graduate degree in Security and Intelligence Studies from the University of Pittsburgh's Graduate School of Public and International Affairs.

Ms. Kaitlin Martin

Kaitlin Martin has been an intelligence analyst on the Cyber Financial team at the National Cyber-Forensics & Training Alliance (NCFTA) since January 2020. Since then, she has conducted numerous cryptocurrency investigations for both law enforcement and private-sector partners. Kaitlin is also a Russian linguist and works on the Russian and Eastern European Crime-as-a-Service (CaaS) initiative, as well as the Business Email Compromise (BEC) initiative. Prior to joining NCFTA, Kaitlin worked for a financial intelligence firm in Washington, DC.

Ms. Stephanie M. Corvese - Manager: Risk & Forensics - Grant Thornton LLP

Stephanie started with Grant Thornton in 2017 and has been involved in performing forensic acquisitions and analysis of electronic data from a range of digital media including, computers, tablets, smartphones, and removable media such as USB keys SD cards, and other consumer electronic devices including cloud storage. She is also an active member of the cyber breach response investigations team and the OSINT investigations team.

Ms. Corvese will be presenting a case study involving the Lockbit variant.  Ms. Corvese will walk through students on using open source tools when first responding to ransomware investigations.  Each student will have their on virtual desktop for the practical section.