Difference between pages "Tools:File Analysis" and "Training Courses and Providers"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
(Open Source Tools)
 
(COMMERCIAL TRAINING)
 
Line 1: Line 1:
== Image Analysis ==
+
This is the list of Training Providers, who offer training courses of interest to practitioners and researchers in the field of Digital Forensics.  Conferences which may include training are located on the [[Upcoming_events]] page.
; [[SurfRecon LE rapid image analysis tool]] by SurfRecon, Inc.
+
: http://www.surfrecon.com
+
  
== Open Source Tools ==
+
<b>PLEASE READ BEFORE YOU EDIT THE LIST BELOW</b><br>
 +
Some training providers offer on-going training courses that are available in an on-line "any time" format. Others have regularly scheduled training that is the same time each month.  Others have recurring training but are scheduled at various times throughout the year. Providers training courses should be listed in alphabetical order, and should be listed in the appropriate section.  Non-Commercial training is typically offered by governmental agencies or organizations that directly support law enforcement.  Tool Vendor training is training offered directly by a specific tool vendor, which may apply broadly, but generally is oriented to the vendor's specific tool (or tool suite).  Commercial Training is training offered by commercial companies which may or may not be oriented to a specific tool/tool suite, but is offered by a company other than a tool vendor.
  
; [[file]]
+
<i>Some training opportunities may be <u>limited</u> to <b>Law Enforcement Only</b> or to a specific audience.  Such restrictions should be noted when known.</i>
: The file command determines the file type of a given file, depending on its contents and not on e.g. its extension or filename. In order to do that, it uses a magic configuration file that identifies filetypes.
+
== On-going / Continuous Training ==
 +
{| border="0" cellpadding="2" cellspacing="2" align="top"
 +
|- style="background:#bfbfbf; font-weight: bold"
 +
! width="40%"|Title
 +
! width="20%"|Date/Location
 +
! width="40%"|Website
 +
|-
 +
|- style="background:pink;align:left"
 +
! DISTANCE LEARNING
 +
|-
 +
|Basic Computer Examiner Course - Computer Forensic Training Online
 +
|Distance Learning Format
 +
|http://www.cftco.com
 +
|-
 +
|Linux Data Forensics Training
 +
|Distance Learning Format
 +
|http://www.crazytrain.com/training.html
 +
|-
 +
|SANS On-Demand Training
 +
|Distance Learning Format
 +
|http://www.sans.org/ondemand/?portal=69456f95660ade45be29c00b0c14aea1
 +
|-
 +
|Champlain College - CCE Course
 +
|Online / Distance Learning Format
 +
|http://extra.champlain.edu/cps/wdc/alliances/cce/landing/
 +
|-
 +
|Las Positas College
 +
|Online Computer Forensics Courses
 +
|http://www.laspositascollege.edu
 +
|-
 +
|- style="background:pink;align:left"
 +
!RECURRING TRAINING
 +
|-
 +
|Evidence Recovery for Windows Vista&trade;
 +
|First full week every month<br>Brunswick, GA
 +
|http://www.internetcrimes.net
 +
|-
 +
|Evidence Recovery for Windows Server&reg; 2003 R2
 +
|Second full week every month<br>Brunswick, GA
 +
|http://www.internetcrimes.net
 +
|-
 +
|Evidence Recovery for the Windows XP&trade; operating system
 +
|Third full week every month<br>Brunswick, GA
 +
|http://www.internetcrimes.net
 +
|-
 +
|Computer Forensics Training and CCE&trade; Testing for Litigation Support Professionals
 +
|Third weekend of every month(Fri-Mon)<br>Dallas, TX
 +
|http://www.md5group.com
 +
|-
 +
|}
  
; [[ldd]]
+
==NON-COMMERCIAL TRAINING==
: List dynamic dependencies of executable files.
+
{| border="0" cellpadding="2" cellspacing="2" align="top"
 +
|- style="background:#bfbfbf; font-weight: bold"
 +
! width="40%"|Title
 +
! width="40%"|Website
 +
! width="20%"|Limitation
 +
|-
 +
|Defense Cyber Investigations Training Academy (DCITA)
 +
|http://www.dc3.mil/dcita/dcitaAbout.php
 +
|Limited To Certain Roles within US Government Agencies[http://www.dc3.mil/dcita/dcitaRegistration.php (1)]
 +
|-
 +
|Federal Law Enforcement Training Center
 +
|http://www.fletc.gov/training/programs/technical-operations-division
 +
|Limited To Law Enforcement
 +
|-
 +
|MSU National Forensics Training Center
 +
|http://www.security.cse.msstate.edu/ftc
 +
|Limited To Law Enforcement
 +
|-
 +
|IACIS
 +
|http://www.iacis.com/training/course_listings
 +
|Limited To Law Enforcement and Affiliate Members of IACIS
 +
|-
 +
|SEARCH
 +
|http://www.search.org/programs/hightech/courses/
 +
|Limited To Law Enforcement
 +
|-
 +
|National White Collar Crime Center
 +
|http://www.nw3c.org/ocr/courses_desc.cfm
 +
|Limited To Law Enforcement
 +
|-
 +
|}
  
; [[truss]]
+
==TOOL VENDOR TRAINING==
: Solaris tool used to trace the system/library calls (not user calls) and signals made/received by a new or existing process. It sends the output to stderr.
+
{| border="0" cellpadding="2" cellspacing="2" align="top"
: http://docs.sun.com/app/docs/doc/819-2239/truss-1?l=en&a=view&q=truss
+
|- style="background:#bfbfbf; font-weight: bold"
 +
! width="40%"|Title
 +
! width="40%"|Website
 +
! width="20%"|Limitation
 +
|-
 +
|AccessData (Forensic Tool Kit FTK)
 +
|http://www.accessdata.com/courses.html
 +
|-
 +
|ASR Data (SMART)
 +
|http://www.asrdata.com/training/
 +
|-
 +
|ATC-NY (P2P Marshal, Mac Marshal)
 +
|http://p2pmarshal.atc-nycorp.com/index.php/training http://macmarshal.atc-nycorp.com/index.php/training
 +
|-
 +
|BlackBag Technologies (Mac Forensic Tools- BlackLight and SoftBlock)
 +
|https://www.blackbagtech.com/training.html
 +
|-
 +
|Cellebrite (UFED)
 +
|http://www.forwarddiscovery.com
 +
|-
 +
|CPR Tools (Data Recovery)
 +
|http://www.cprtools.net/training.php
 +
|-
 +
|Digital Intelligence (FRED Forensics Platform)
 +
|http://www.digitalintelligence.com/forensictraining.php
 +
|-
 +
|e-fense, Inc. (Helix3 Pro)
 +
|http://www.e-fense.com/training/index.php
 +
|-
 +
|Guidance Software (EnCase)
 +
|http://www.guidancesoftware.com/computer-forensics-training-courses.htm
 +
|-
 +
|Micro Systemation (XRY)
 +
|http://www.msab.com/training/
 +
|-
 +
|Nuix (eDiscovery)
 +
|http://www.nuix.com.au/eDiscovery.asp?active_page_id=147
 +
|-
 +
|Paraben (Paraben Suite)
 +
|http://www.paraben-training.com/training.html
 +
|-
 +
|Software Analysis & Forensic Engineering (CodeSuite)
 +
|http://www.safe-corp.biz/training.htm
 +
|-
 +
|Technology Pathways(ProDiscover)
 +
|http://www.techpathways.com/DesktopDefault.aspx?tabindex=6&tabid=9
 +
|-
 +
|SubRosaSoft (MacForensicsLab)
 +
|http://www.macforensicslab.com/ProductsAndServices/index.php?main_page=index&cPath=2
 +
|-
 +
|WetStone Technologies (Gargoyle, Stego Suite, LiveWire Investigator)
 +
|https://www.wetstonetech.com/trainings.html
 +
|-
 +
|X-Ways Forensics (X-Ways Forensics)
 +
|http://www.x-ways.net/training/
 +
|-
 +
|}
  
; [[PDF Miner]]
+
==COMMERCIAL TRAINING==
: "...suite of programs that aims to help analyzing text data from PDF documents. It includes a PDF parser, a PDF renderer (though only rendering text is supported for now), and a couple of nice tools to extract texts. Unlike other PDF-related tools, it allows to obtain the exact location of texts in a page, as well as other layout information such as font size or font name, which could be useful for analyzing the document. It also infers text running within a page by using clustering technique."  
+
{| border="0" cellpadding="2" cellspacing="2" align="top"
: http://www.unixuser.org/~euske/python/pdfminer/index.html
+
|- style="background:#bfbfbf; font-weight: bold"
 
+
! width="40%"|Title
; [[ltrace]]
+
! width="40%"|Website
: Library call tracer.
+
! width="20%"|Limitation
: http://linux.die.net/man/1/ltrace
+
|-
 
+
|BerlaCorp iOS and GPS Forensics Training
; [[strace]]
+
|http://www.berlacorp.com/training.html
: System Call Tracer.
+
|-
: http://sourceforge.net/projects/strace/
+
|Computer Forensic Training Center Online (CFTCO)
 
+
|http://www.cftco.com/
; [[xtrace]]
+
|-
: eXtended trace utility, similar to strace, ptrace, truss, but with extended functionality and unique features, such as dumping function calls (dynamically or statically linked), dumping call stack and more.
+
|CCE Bootcamp
: http://sourceforge.net/projects/xtrace/
+
|http://www.cce-bootcamp.com/
 
+
|-
; [[ktrace]]
+
|Dera Forensics Group
: Enables kernel process tracing on OpenBSD.
+
|http://www.deraforensicgroup.com/courses.htm
: http://www.openbsd.org/cgi-bin/man.cgi?query=ktrace&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html
+
|-
 
+
|e-fense Training
; [[Valgrind]]
+
|http://www.e-fense.com/training/index.php
: Executes a program under emulation, performing analysis according to one of the many plug-in modules as desired. You can write your own plug-in module as desired.
+
|-
: http://valgrind.org/
+
|Forward Discovery, Inc.
 
+
|http://www.forwarddiscovery.com
; [[DTrace]]
+
|-
: Comprehensive dynamic tracing framework for Solaris (also ported to MacOS X - XRays and FreeBSD). DTrace provides a powerful infrastructure to permit investigation of the behavior of the operating system and user programs.
+
|H-11 Digital Forensics
: http://www.sun.com/bigadmin/content/dtrace/
+
|http://www.h11-digital-forensics.com/training/viewclasses.php
 
+
|-
; [[strings]]
+
|High Tech Crime Institute
: Strings will print the strings of printable characters in files. It allows choosing different charactersets (ASCII, UNICODE). It is a quick way to browse through files/partitions/... in order to look for words, filenames, keywords etc.
+
|http://www.gohtci.com
 
+
|-
; The [[Open Computer Forensics Architecture]]
+
|Infosec Institute
: http://ocfa.sourceforge.net/
+
|http://www.infosecinstitute.com/courses/security_training_courses.html
 
+
|-
; [[Rifiuti]] (not GPL)
+
|Intense School (a subsidiary of Infosec Institute)
: Examines the INFO2 file in the Recycle Bin.
+
|http://www.intenseschool.com/schedules
: http://www.foundstone.com/us/resources/proddesc/rifiuti.htm
+
|-
 
+
|ManTech Computer Security Training
; [[Pasco]] (not GPL)
+
|http://www.mantech.com/capabilities/comptraining.asp
: Parses ''index.dat'' files.
+
|-
: http://www.foundstone.com/us/resources/proddesc/pasco.htm
+
|Mobile Forensics, Inc
 
+
|http://mobileforensicsinc.com/
; [[Galleta]] (not GPL)
+
|-
: Parses cookie files.
+
|NetSecurity
: http://www.foundstone.com/us/resources/proddesc/galleta.htm
+
|http://www.netsecurity.com/training/registration_schedule.html
 
+
|-
; dumpster_dive.pl
+
|NID Forensics Academy (Certified Digital Forensic Investigator - CDFI Program)
: MS Windows Recycle Bin INFO2 parser
+
|http://www.nidforensics.com.br/
: http://jafat.sourceforge.net/files.html
+
|-
 
+
|NTI (an Armor Forensics Company)
; cookie_cruncher.pl
+
|http://www.forensics-intl.com/training.html
: MS IE cookie file parser
+
|-
: http://jafat.sourceforge.net/files.html
+
|Security University
 
+
|http://www.securityuniversity.net/classes.php
; [[yim2text]]
+
|-
: Extracts the 'encrypted' info in Yahoo Instant Messenger log files.
+
|Steganography Analysis and Research Center (SARC)
: http://www.1vs0.com/tools.html
+
|http://www.sarc-wv.com/training
 
+
|-
; [[Hachoir]]
+
|Sumuri - Forensics Simplified
: Determines the file type using file header/footer (hachoir-metadata --type), able to list strings in Unicode (hachoir-grep), etc. Support more than 60 file formats.
+
|http://sumuri.com/
 
+
|-
; [[Cygwin]]
+
|SysAdmin, Audit, Network, Security Institute (SANS)
: http://www.cygwin.com/
+
|http://computer-forensics.sans.org/courses/
: Linux like environment for Windows.
+
|-
 
+
|Teel Technologies Mobile Device Forensics Training
; [[UnxUtils]]
+
|http://www.teeltech.com/tt3/training.asp
: http://unxutils.sourceforge.net/
+
|-
: Common unix utilities compiled for a Windows environment.
+
|Zeidman Consulting (MCLE)
 
+
|http://www.zeidmanconsulting.com/speaking.htm
; [[GnuWin32]]
+
|-
: http://gnuwin32.sourceforge.net/
+
|}
: Common GNU utilities compiled for a Windows Environment.
+
 
+
; [[SUA]]
+
: http://www.microsoft.com/windowsserver2003/R2/unixcomponents/webinstall.mspx
+
: Microsoft Subsystem for UNIX-based Applications.
+
 
+
== File Sharing Analysis Tools ==
+
; [[P2PMarshal|P2P Marshal]]
+
: Tools to discover and analyze peer-to-peer files for Windows.
+
 
+
== [[NDA]] and [[scoped distribution]] tools ==
+

Revision as of 14:17, 7 November 2011

This is the list of Training Providers, who offer training courses of interest to practitioners and researchers in the field of Digital Forensics. Conferences which may include training are located on the Upcoming_events page.

PLEASE READ BEFORE YOU EDIT THE LIST BELOW
Some training providers offer on-going training courses that are available in an on-line "any time" format. Others have regularly scheduled training that is the same time each month. Others have recurring training but are scheduled at various times throughout the year. Providers training courses should be listed in alphabetical order, and should be listed in the appropriate section. Non-Commercial training is typically offered by governmental agencies or organizations that directly support law enforcement. Tool Vendor training is training offered directly by a specific tool vendor, which may apply broadly, but generally is oriented to the vendor's specific tool (or tool suite). Commercial Training is training offered by commercial companies which may or may not be oriented to a specific tool/tool suite, but is offered by a company other than a tool vendor.

Some training opportunities may be limited to Law Enforcement Only or to a specific audience. Such restrictions should be noted when known.

Contents

On-going / Continuous Training

Title Date/Location Website
DISTANCE LEARNING
Basic Computer Examiner Course - Computer Forensic Training Online Distance Learning Format http://www.cftco.com
Linux Data Forensics Training Distance Learning Format http://www.crazytrain.com/training.html
SANS On-Demand Training Distance Learning Format http://www.sans.org/ondemand/?portal=69456f95660ade45be29c00b0c14aea1
Champlain College - CCE Course Online / Distance Learning Format http://extra.champlain.edu/cps/wdc/alliances/cce/landing/
Las Positas College Online Computer Forensics Courses http://www.laspositascollege.edu
RECURRING TRAINING
Evidence Recovery for Windows Vista™ First full week every month
Brunswick, GA
http://www.internetcrimes.net
Evidence Recovery for Windows Server® 2003 R2 Second full week every month
Brunswick, GA
http://www.internetcrimes.net
Evidence Recovery for the Windows XP™ operating system Third full week every month
Brunswick, GA
http://www.internetcrimes.net
Computer Forensics Training and CCE™ Testing for Litigation Support Professionals Third weekend of every month(Fri-Mon)
Dallas, TX
http://www.md5group.com

NON-COMMERCIAL TRAINING

Title Website Limitation
Defense Cyber Investigations Training Academy (DCITA) http://www.dc3.mil/dcita/dcitaAbout.php Limited To Certain Roles within US Government Agencies(1)
Federal Law Enforcement Training Center http://www.fletc.gov/training/programs/technical-operations-division Limited To Law Enforcement
MSU National Forensics Training Center http://www.security.cse.msstate.edu/ftc Limited To Law Enforcement
IACIS http://www.iacis.com/training/course_listings Limited To Law Enforcement and Affiliate Members of IACIS
SEARCH http://www.search.org/programs/hightech/courses/ Limited To Law Enforcement
National White Collar Crime Center http://www.nw3c.org/ocr/courses_desc.cfm Limited To Law Enforcement

TOOL VENDOR TRAINING

Title Website Limitation
AccessData (Forensic Tool Kit FTK) http://www.accessdata.com/courses.html
ASR Data (SMART) http://www.asrdata.com/training/
ATC-NY (P2P Marshal, Mac Marshal) http://p2pmarshal.atc-nycorp.com/index.php/training http://macmarshal.atc-nycorp.com/index.php/training
BlackBag Technologies (Mac Forensic Tools- BlackLight and SoftBlock) https://www.blackbagtech.com/training.html
Cellebrite (UFED) http://www.forwarddiscovery.com
CPR Tools (Data Recovery) http://www.cprtools.net/training.php
Digital Intelligence (FRED Forensics Platform) http://www.digitalintelligence.com/forensictraining.php
e-fense, Inc. (Helix3 Pro) http://www.e-fense.com/training/index.php
Guidance Software (EnCase) http://www.guidancesoftware.com/computer-forensics-training-courses.htm
Micro Systemation (XRY) http://www.msab.com/training/
Nuix (eDiscovery) http://www.nuix.com.au/eDiscovery.asp?active_page_id=147
Paraben (Paraben Suite) http://www.paraben-training.com/training.html
Software Analysis & Forensic Engineering (CodeSuite) http://www.safe-corp.biz/training.htm
Technology Pathways(ProDiscover) http://www.techpathways.com/DesktopDefault.aspx?tabindex=6&tabid=9
SubRosaSoft (MacForensicsLab) http://www.macforensicslab.com/ProductsAndServices/index.php?main_page=index&cPath=2
WetStone Technologies (Gargoyle, Stego Suite, LiveWire Investigator) https://www.wetstonetech.com/trainings.html
X-Ways Forensics (X-Ways Forensics) http://www.x-ways.net/training/

COMMERCIAL TRAINING

Title Website Limitation
BerlaCorp iOS and GPS Forensics Training http://www.berlacorp.com/training.html
Computer Forensic Training Center Online (CFTCO) http://www.cftco.com/
CCE Bootcamp http://www.cce-bootcamp.com/
Dera Forensics Group http://www.deraforensicgroup.com/courses.htm
e-fense Training http://www.e-fense.com/training/index.php
Forward Discovery, Inc. http://www.forwarddiscovery.com
H-11 Digital Forensics http://www.h11-digital-forensics.com/training/viewclasses.php
High Tech Crime Institute http://www.gohtci.com
Infosec Institute http://www.infosecinstitute.com/courses/security_training_courses.html
Intense School (a subsidiary of Infosec Institute) http://www.intenseschool.com/schedules
ManTech Computer Security Training http://www.mantech.com/capabilities/comptraining.asp
Mobile Forensics, Inc http://mobileforensicsinc.com/
NetSecurity http://www.netsecurity.com/training/registration_schedule.html
NID Forensics Academy (Certified Digital Forensic Investigator - CDFI Program) http://www.nidforensics.com.br/
NTI (an Armor Forensics Company) http://www.forensics-intl.com/training.html
Security University http://www.securityuniversity.net/classes.php
Steganography Analysis and Research Center (SARC) http://www.sarc-wv.com/training
Sumuri - Forensics Simplified http://sumuri.com/
SysAdmin, Audit, Network, Security Institute (SANS) http://computer-forensics.sans.org/courses/
Teel Technologies Mobile Device Forensics Training http://www.teeltech.com/tt3/training.asp
Zeidman Consulting (MCLE) http://www.zeidmanconsulting.com/speaking.htm