CacheBack » Technical Support » Courses & Training
|
Advanced Internet
Forensics - Using CacheBack® |
course syllabus | course dates | register now! |
| This advanced SiQuest training course provides the knowledge and skills necessary to use CacheBack to recover and analyze Internet artifacts from today's top leading browsers. Participants will learn how to decode cache entries and rebuild web pages using CacheBack, as well as, perform advanced data queries and analysis. CacheBack is the first and only forensic product to support all five top browsers: Internet Explorer, Firefox, Opera, Safari and Google Chrome. Originally introduced as a web page rebuilder, CacheBack has come a long way in the last few years. Now in its third generation, CacheBack has evolved to encompass a much broader range of evidentiary artifacts such as pictures, movies, and chat files. |
|
TOPICS TO BE COVERED
The following is a list of the features that will be covered in detail during this 3-day course:
The following is a list of the features that will be covered in detail during this 3-day course:
- DECODING. Decode and interpret the complex mapping systems for all five browsers with a special focus on the cryptic formats used by Firefox and Google Chrome.
- HTML/JAVSCRIPT. Explore Hypertext Markup Language with the interest of understanding how web pages and embedded javascript code operate in the context of web page analysis.
- REBUILDING. Rebuild web pages so they appear exactly as they were originally viewed. This includes understanding "how" this is done and how CacheBack's built-in auditing is reported.
- PICTURE ANALYSIS. Using GrabMedia, students will import pictures from a local disk and use CacheBack to quickly categorize and report on the evidence. The Photograph Aspect Ratio Differential (PARD) system will reveal how students can "dramatically" decrease the amount of time to investigate photograph related evidence.
- MOVIE ANALYSIS. Use CacheBack's built-in movie file viewer to examine the following file formats: .3GP, .3G2, .AVI, .WMV, .FLV, .MOV, .MPG and .VOB. Students will also learn how to split movies into frames (thumbnails) for storyboard reporting and seek-to-time indexing.
- QUERIES. How to build custom queries using the new step-by-step Query Builder engine and save them for future use.
- FILTERS. How to use Bookmark Queries, Exclude Queries and Quarantine Queries to expedite analysis of thousands of database records. Students will also be shown how Bookmark Queries can be used to dramatically reduce the amount of time required to categorize picture evidence (as is the case in many CP type cases).
- GALLERY. How to use the built-in Gallery to view thumbnails of both HTML content and pictures, all within the same viewing space.
- CACHEGRAB. How to use the CacheGrab (for Windows) data mining tool to import data into CacheBack. This includes the use of the CacheGrab EnScript.
- FACEBOOK CHAT. How to identify, recover and rebuild Facebook chat, complete with emoticons and avatars. Create compelling chat reports in rich, HTML format. This includes a new Chatters List Report where each Chatter profile and related metadata is reported in a cardfile-like format. This includes a list of all the persons the Chatter spoke with.
- TIME ZONES. Univeral Coordinated Time (UTC) will be covered with an emphasis on how CacheBack reports Daylight Savings accurately and independently of the examiner's workstation. This is an important section that will also highlight a major issue with (an) other history analysis tool(s) which report(s) timestamps inaccurately in common situations. This section is invaluable for court testimony and multi-jurisdictional investigations.
- MORE QUERIES. The use of filters and creating compound queries is an advanced topic that will be explored in detail on Day 3.
- ADVANCED QUERIES. Students will learn how to interpret and write their own queries using Microsoft Structed Query Language. This particular section will provide new skills that can be ported to other programs (eg: Microsoft Access).
- REPORTING. Students learn how to create a variety of rich, HTML based reports such as Time Charts, Cache (with Thumbnail) Reports, History Reports and rebuilt Facebook Chat Reports.
- PUBLISHING. The reporting section will also cover CacheBack's Publishing option to provide effective and quick disclosure of any report. This section will also cover the new ChatEm (Chat Emulator) tool which is a pack-and-go player for simulating real-time playback of chat conversations.
|
CACHEBACK 1-Day BOOTCAMP ** NEW ** This information packed day provides attendees with the fundamentals of using CacheBack to conduct day-to-day Internet related investigations and provides a solid foundation for using all of the other advanced features. This one-day training opportunity closely mirrors Day 2 of our regular 3-Day training course, but with some added material such as Facebook chat recovery and rebuilding. Special software licensing is available at this event only. TUITION:
|
Prerequisites
This hands-on course is intended for forensic investigators, law enforcement personnel, and security and network administrators who are, or are considering using CacheBack for their investigation of Internet cache and history data.
To obtain the maximum benefit from this course, you should meet the following requirements:
- Read and understand the English language.
- No previous experience of CacheBack required (although students must already be licensed users OR purchase the software along with the course tuition).
- Have previous experience in forensic investigations (optional).
- Have a working knowledge of the latest versions of Internet Explorer, Firefox, Opera, Safari and Google Chrome.
Course Materials and Software
You will receive the student training manual and CD containing lab exercises and course-related information.
Click here to download the 3-day course syllabus (PDF Format).