Difference between pages "USB History Viewing" and "Training Courses and Providers"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(External Links)
 
m
 
Line 1: Line 1:
Microsoft [[Windows]] operating systems records artifacts when [[USB]] removable storage devices (thumb drives, iPods, digital cameras, external HDD, etc.) are connected to the system.
+
This is the list of Scheduled Training Courses, referred to by [[Upcoming_events]].
  
== Plug and Play Manager ==
+
<b>PLEASE READ BEFORE YOU EDIT THE LIST BELOW</b><br>
 +
Events should be posted in date order.  An event should NEVER be listed in more than one section (i.e. Ongoing/Continuous events should not be listed in Scheduled Training).  When events begin the same day, events of a longer length should be listed first.  New postings of events with the same date(s) as other events should be added after events already in the list. If a provider offers the same event at several locations simultaneously, the listing should have a single (ONE) entry in the list with the date(s) and ALL locations for the event. Please use three-letter month abbreviations (i.e. Sep, NOT Sept. or September), use two digit dates (i.e. Jan 01 NOT Jan 1), and use date ranges rather than listing every date during an event(i.e. Jan 02-05, NOT Jan 02, 03, 04, 05).<br>
 +
<i>Some training opportunities may be <u>limited</u> to <b>Law Enforcement Only</b> or to a specific audience.  Such restrictions should be noted when known.</i>
  
When a USB removable storage device is connected to a Windows system for the first time, the Plug and Play (PnP) Manager receives the event notification, queries the device descriptor for the appropriate information to develop a device class identifier (device class ID) and attempts to locate the appropriate driver for that device.
+
The Conference and Training List is provided by the American Academy of Forensic Sciences (AAFS) Digital and Multi-media Listserv. 
 +
<i> (Subscribe by sending an email to listserv@lists.mitre.org with message body containing SUBSCRIBE AAFS-DIGITAL-MULTIMEDIA-LIST)</i>
 +
Requests for additions, deletions or corrections to this list may be sent by email to David Baker <i>(bakerd AT mitre.org)</i>.
  
Looking for and installing the correct driver for the device is recorded in the [http://www.microsoft.com/whdc/driver/install/setupapilog.mspx setupapi.log] file. For example:
+
{| border="0" cellpadding="2" cellspacing="2" align="top"
 
+
|- style="background:#bfbfbf; font-weight: bold"
    [2007/06/10 21:25:41 1140.8 Driver Install]
+
! Title
    #-019 Searching for hardware ID(s): usbstor\disksandisk_u3_cruzer_micro_3.27,...
+
! Date/Location
 
+
! Website
This provides the date and time that the removable storage device was first connected to the system. The Windows system will also create an entry in the Registry beneath the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR\ key using the device class ID:
+
! Limitation
 
+
|-
    Disk&Ven_SanDisk&Prod_U3_Cruzer_Micro&Rev_3.27
+
|BlackBag Introductory MacIntosh Forensics
 
+
|Oct 06-10, Los Angeles, CA
This identifies the class of the device. Beneath this [[Windows Registry|Registry key]], a unique instance ID key will be created, using either the serial number retrieved from the device's device descriptor (you can use [http://www.microsoft.com/whdc/device/stream/vidcap/UVCView.mspx UVCView] to view the contents of the device descriptor), or, if the device does not have a serial number, using an identifier generated by the system itself (based on additional information retrieved from the device descriptor, the USB port the device was plugged into, etc...the vendor has not publicized the algorithm used to generate this identifier). For example:
+
|http://www.blackbagtech.com/products/training.htm
 
+
|-
    0000161511737EFB&0
+
|X-Ways Forensics
 
+
|Oct 07-09, London, UK
Note: If the second character of the unique instance ID is a '&', then the ID was generated by the system, as the device did not have a serial number.
+
|http://www.x-ways.net/training/london.html
 
+
|-
Note: The device descriptor is not located in the memory area of the device. While you can acquire an image of the device using any number of imaging tools, that image will not include the device descriptor. For complete documentation of the device, the device descriptor should be retrieved separately from the image acquisition process, using tools such as UVCView.
+
|AccessData&reg; Windows Forensics
 
+
|Oct 07-09, Las Vegas, NV and New York City, NY
== Device Information ==
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
 
+
|-
Beneath this key are several Registry values that provide information about the device itself. Of particular note is the ParentIdPrefix value; this value can be used to map to the MountedDevices Registry key in order to identify the drive letter to which the device was mounted. Beneath the MountedDevices Registry key are several values, all of which are REG_BINARY data types. With RegEdit open, select one of the values that begins with "\DosDevices\" and includes a drive letter. The value selected should be one whose data begins with "5C 00 3F 00 3F 00". Right-click the value name and choose "Modify". When the "Edit Binary Value" dialog appears, you will see the binary data displayed as if it were viewed in a hex viewer. On the right-most column, you should see what appears as:
+
|WetStone- Steganography Investigator Training
 
+
|Oct 13-14, The Netherlands ENFSC Conference
    \??\STORAGE#RemovableMedia#'''7&2c9a320d&0'''&RM#{53f5630d...
+
|https://www.wetstonetech.com/trainings.html
 
+
|-
The portion in bold is the ParentIdPrefix for the device.
+
|AccessData&reg; BootCamp
 
+
|Oct 14-16, Louisville, KY
In order to determine the last time the device was connected to the system, we have to navigate to the following Registry key:
+
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
 
+
|Limited to Law Enforcement
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses
+
|-
 
+
|WetStone- Live Investigator Training
Beneath this key are two other keys of interest:
+
|Oct 18-19, Atlantic City, NJ HTCIA Conference
 
+
|https://www.wetstonetech.com/trainings.html
    {53f56307-b6bf-11d0-94f2-00a0c91efb8b}
+
|-
 
+
|Computer Hacking Forensic Investigator CHFI Prep/QFE Qualified Forensics Expert
and
+
|Oct 20-24, Reston, VA
 
+
|http://www.securityuniversity.net/classes_CHFI_QFE.php
    {53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
+
|-
 
+
|Interpol "Train-the-Trainer" Workshop on Computer Forensics
These are Device Class [[Universally Unique Identifier|GUID]] keys for Disks and Volumes, respectively. Beneath the Disk GUID key are several subkeys that appear as follows (the key name is wrapped):
+
|Oct 20-24, Hong Kong Police College
 
+
|http://training.tcd.hk
    ##?#USBSTOR#Disk&Ven_SanDisk&Prod_U3_Cruzer_Micro&Rev_3.27#'''0000161511737EFB&0'''
+
|Limited to Law Enforcement
    #{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
+
|-
 
+
|Windows NT Operating System(NTOS)
The bold portion of the key name is the devices unique instance ID, which in this case, is also the device's serial number. Similarly, the Volume GUID key contains subkeys for each volume that was mounted on the system, and those subkey names appear as follows:
+
|Oct 20-23, St. Louis, MO
 
+
|http://www.nw3c.org/ocr/courses_desc.cfm
    ##?#STORAGE#RemovableMedia#'''7&2c9a320d&0'''&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
+
|Limited to Law Enforcement
 
+
|-
The bold portion of the key name is the ParentIdPrefix value for the device.
+
|EnCase&reg; v6 Computer Forensics II
 
+
|Oct 21-24, Toronto, Canada
To determine when the device was last connected to the system, obtain the LastWrite time value from the respective Disk and Volume GUID Registry keys for the device.
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
 
+
|-
== U3-enabled Devices ==
+
|AccessData&reg; Applied Decryption
 
+
|Oct 23-25, Sterling, VA
Many thumb drives that are available come with the capability of being used as a portable desktop. In essence, the device includes a suite of applications (web browser, etc.) that have been specifically configured to run from the device, as well as store data within the memory area of the device. These applications are stored within a CDFS partition on the device, and appear with a device class ID (beneath the Enum\USBStor Registry key) similar to the following:  
+
|http://guest.cvent.com/EVENTS/Info/Summary.aspx?e=ab0c756b-3cf8-4161-8a70-0c11c6f018fc
 
+
|-
    CdRom&Ven_SanDisk&Prod_U3_Cruzer_Micro&Rev_3.27
+
|SARC - Certified Steganography Examiner Training
 
+
|Oct 23-24, Gaithersburg, MD
By default, [[Windows]] systems are configured to parse autorun.inf files found in the root of certain media, and to execute the "load=" and "run=" lines of those files for CDFS volumes (among others). However, by default, the systems are configured to NOT execute the "load=" and "run=" lines for autorun.inf files located on removable media, such as thumb drives (this behavior is controlled by a Registry entry and can be modified).
+
|http://www.sarc-wv.com/training/training_gaithersburg.aspx
 
+
|-
== External Links ==
+
|WetStone- Live Investigator Training
 
+
|Oct 24-25, Gaithersburg, MD Techno Forensics Conference
* [http://www.nirsoft.net/utils/usb_devices_view.html USBDeview] is a tool that automates the viewing of USB device history for Windows 2000/XP/2003/Vista systems. It can recover the device name, description, last plug/unplug date & time, and serial number.
+
|https://www.wetstonetech.com/trainings.html
 
+
|-
* [http://msdn2.microsoft.com/en-us/library/aa906848.aspx UVCView] or the USB Video Class descriptor viewer is a tool in the [[Windows]] Driver Kit (WDK) that allows you to view the descriptors of any attached USB device. It runs on most recent Windows platforms, both 32bit and 64bit.  
+
|WetStone- Steganography Investigator Training
 
+
|Oct 24-25, Gaithersburg, MD Techno Forensics Conference
* [http://www.tzworks.net/prototype_page.php?proto_id=13 Windows USB Storage (USBSTOR) parser.] Free tool that can be run on Windows, Linux or Mac OS-X. Useful to view when a USB storage device was first installed on a system and what user account(s) were accessing the volume.
+
|https://www.wetstonetech.com/trainings.html
 
+
|-
[[Category:Howtos]]
+
|X-Ways Forensics (3 days), File Systems Revealed (2 days)
 +
|Oct 27-31, Canberra, Australia
 +
|http://www.x-ways.net/training/
 +
|Limited to Law Enforcement/Government
 +
|-
 +
|EnCase&reg; v6 EnScript&reg; Programming - Phase I
 +
|Oct 28-31, Toronto, Canada
 +
|http://www.guidancesoftware.com/training/course_schedule.aspx
 +
|-
 +
|AccessData&reg; Windows Forensics
 +
|Oct 28-30, Manchester, United Kingdom
 +
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
 +
|-
 +
|Qualified Network Security Policy Admin and SOA Security Oriented Architect 
 +
|Nov 03-07, Reston, VA
 +
|http://www.securityuniversity.net/classes_policy_SOA.php
 +
|-
 +
|Q/PTL Qualified Penetration Tester License and LPT Prep
 +
|Nov 03-07, Reston, VA
 +
|http://www.securityuniversity.net/classes_LPT_QPTL.php
 +
|-
 +
|Q/SA Qualified Security Analyst Penetration Tester ECSA Prep
 +
|Nov 03-07, Reston, VA
 +
|http://www.securityuniversity.net/classes_ECSA_QSA.php
 +
|-
 +
|X-Ways Forensics
 +
|Nov 03-05, Sydney, Australia
 +
|http://www.x-ways.net/training/sydney.html
 +
|-
 +
|Macintosh Forensic Survival Course (MFSC)
 +
|Nov 03-07, Bern, Switzerland
 +
|http://www.forwarddiscovery.com/shop/index.php?act=viewCat&catId=3
 +
|-
 +
|Windows NT File System(NTFS)
 +
|Nov 03-06, Meriden, CT
 +
|http://www.nw3c.org/ocr/courses_desc.cfm
 +
|Limited to Law Enforcement
 +
|-
 +
|EnCase&reg; v6 Computer Forensics II
 +
|Nov 04-07, Toronto, Canada
 +
|http://www.guidancesoftware.com/training/course_schedule.aspx
 +
|-
 +
|AccessData&reg; BootCamp
 +
|Nov 04-06, London, United Kingdom
 +
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
 +
|-
 +
|AccessData&reg; Internet Forensics
 +
|Nov 04-06, St Paul, MN
 +
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
 +
|-
 +
|AccessData&reg; Windows Forensics
 +
|Nov 04-06, Albany, NY
 +
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
 +
|-
 +
|Catching the Hackers Intro to IDS
 +
|Nov 10-14, Reston, VA
 +
|http://www.securityuniversity.net/classes_introIDS.php
 +
|-
 +
|Catching The Hackers II: Systems to Monitor Your Network
 +
|Nov 10-14, Reston, VA
 +
|http://www.securityuniversity.net/classes_IDSII.php
 +
|-
 +
|Q/SSE Qualified Software Security Expert 5-day Bootcamp
 +
|Nov 10-14, Reston, VA
 +
|http://www.securityuniversity.net/classes_SI_SoftwareSecurity_Bootcamp.php
 +
|-
 +
|Q/EP Qualified Edge Protection: Black Belt
 +
|Nov 10-14, Reston, VA
 +
|http://www.securityuniversity.net/classes_QEP.php
 +
|-
 +
|X-Ways Forensics
 +
|Nov 11-13, Hong Kong
 +
|http://www.x-ways.net/training/hong_kong.html
 +
|-
 +
|WetStone- Steganography Investigator Training
 +
|Nov 11-12, Fairfax, VA
 +
|https://www.wetstonetech.com/trainings.html
 +
|-
 +
|Security Plus
 +
|Nov 17-21, Reston VA Andrews AFB
 +
|http://www.securityuniversity.net/classes_Security+.php
 +
|-
 +
|BlackBag Intermediate MacIntosh Forensics
 +
|Nov 17-21, Washington D.C.
 +
|http://www.blackbagtech.com/products/training.htm
 +
|-
 +
|Qualified Security Awareness Class for MGT
 +
|Nov 18, Reston VA
 +
|http://www.securityuniversity.net/classes_areUprotected_MGT.php
 +
|-
 +
|WetStone- Hacking BootCamp for Investigators
 +
|Nov 18-21, Vancouver BC
 +
|https://www.wetstonetech.com/trainings.html
 +
|-
 +
|EnCase&reg; v6 Network Intrusion Investigations - Phase I
 +
|Nov 18-21, Toronto, Canada
 +
|http://www.guidancesoftware.com/training/course_schedule.aspx
 +
|-
 +
|Qualified Security Awareness Training
 +
|Nov 19, Reston VA
 +
|http://www.securityuniversity.net/classes_areUprotected.php
 +
|-
 +
|EnCase&reg; v6 Computer Forensics II
 +
|Nov 25-28, Toronto, Canada
 +
|http://www.guidancesoftware.com/training/course_schedule.aspx
 +
|-
 +
|AccessData&reg; Internet Forensics
 +
|Nov 25-27, Manchester, United Kingdom
 +
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
 +
|-
 +
|BlackBag Intermediate MacIntosh Forensics
 +
|Dec 01-05, San Diego, CA
 +
|http://www.blackbagtech.com/products/training.htm
 +
|-
 +
|Windows Internet Trace Evidence(INET)
 +
|Dec 01-05, St. Louis, MO
 +
|http://www.nw3c.org/ocr/courses_desc.cfm
 +
|Limited to Law Enforcement
 +
|-
 +
|Q/WAD Qualified Wireless Analyst and Defender
 +
|Dec 01-05, Reston VA
 +
|http://www.securityuniversity.net/classes_wireless_QWAD.php
 +
|-
 +
|Security Plus
 +
|Dec 01-05, Reston VA
 +
|http://www.securityuniversity.net/classes_Security+.php
 +
|-
 +
|SSCP Systems Security Certified Practitioner and Security Plus
 +
|Dec 01-05, Reston VA
 +
|http://www.securityuniversity.net/classes_SSCP.php
 +
|-
 +
|CWNA Certified Wireless Network Admin/ CWSP Certified Wireless Security Professional Boot Camp
 +
|Dec 02-11, San Francisco, CA
 +
|http://www.securityuniversity.net/classes_wireless_bootcamp.php
 +
|-
 +
|AccessData&reg; Windows Forensics
 +
|Dec 02-04, Ft Lauderdale, FL; New York City, NY; and London, United Kingdom
 +
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
 +
|-
 +
|Fundamentals of Computer Forensics Imaging
 +
|Dec 02-05, Falls Church, VA
 +
|http://www.mantech.com/msma/isso.asp
 +
|-
 +
|SC World Congress 2008 - Q/PTL Qualified/ Penetration Tester License 
 +
|Dec 05-08, New York City
 +
|http://www.securityuniversity.net/classes_LPT_QPTL.php
 +
|-
 +
|SC World Congress 2008 - Q/SA Qualified/ Security Analyst Penetration Tester (ECSA Prep)
 +
|Dec 05-08, New York City
 +
|http://www.securityuniversity.net/classes_LPT_QPTL.php
 +
|-
 +
|SC World Congress 2008 - Q/EH Qualified Ethical Hacker (CEH Prep) Class
 +
|Dec 05-08, New York City
 +
|http://www.securityuniversity.net/classes_LPT_QPTL.php
 +
|-
 +
|CWSP Certified Wireless Security Professional
 +
|Dec 08-11, San Francisco, CA
 +
|http://www.securityuniversity.net/classes_wireless_CWSP.php
 +
|-
 +
|Computer Hacking Forensic Investigator CHFI Prep/QFE Qualified Forensics Expert
 +
|Dec 08-12, Reston, VA
 +
|http://www.securityuniversity.net/classes_CEH_QEH.php
 +
|-
 +
|Windows NT Operating System(NTOS)
 +
|Dec 08-11, Meriden, CT
 +
|http://www.nw3c.org/ocr/courses_desc.cfm
 +
|Limited to Law Enforcement
 +
|-
 +
|Application Forensics Course
 +
|Dec 08-19, Hong Kong Police College
 +
|http://www.police.gov.hk/police/policecollege/english/pdl/pold.htm
 +
|Limited to Law Enforcement
 +
|-
 +
|EnCase&reg; v6 Computer Forensics II
 +
|Dec 09-12, Toronto, Canada
 +
|http://www.guidancesoftware.com/training/course_schedule.aspx
 +
|-
 +
|AccessData&reg; Internet Forensics
 +
|Dec 09-11, Dallas, TX and New York City, NY
 +
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
 +
|-
 +
|AccessData&reg; Windows Forensics
 +
|Dec 09-11, Louisville, KY
 +
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
 +
|Limited to Law Enforcement
 +
|-
 +
|EnCase&reg; v6 Advanced Computer Forensics
 +
|Dec 16-19, Toronto, Canada
 +
|http://www.guidancesoftware.com/training/course_schedule.aspx
 +
|-
 +
|AccessData&reg; BootCamp
 +
|Dec 16-18, Manchester, United Kingdom
 +
|http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
 +
|-
 +
|**__2009 EVENTS__**
 +
|_______2009_______
 +
|-
 +
|Q/EH Qualified Ethical Hacker Class CEH Prep
 +
|Jan 12-16, Reston, VA
 +
|http://www.securityuniversity.net/classes_CEH_QEH.php
 +
|-
 +
|SSCP Systems Security Certified Practitioner and Security Plus
 +
|Jan 12-16, San Francisco, CA
 +
|http://www.securityuniversity.net/classes_%20SSCP_Security+_Bootcamp.php
 +
|-
 +
|Security Plus
 +
|Jan 12-16, Reston, CA
 +
|http://www.securityuniversity.net/classes_%20SSCP_Security+_Bootcamp.php
 +
|-
 +
|Linux File System for Computer Forensic Examiners(Linux)
 +
|Jan 12-16, 2009, St. Louis, MO
 +
|http://www.nw3c.org/ocr/courses_desc.cfm
 +
|Limited to Law Enforcement
 +
|-
 +
|Q/EP Qualified Edge Protection: Black Belt
 +
|Jan 18-22, Reston, CA
 +
|http://www.securityuniversity.net/classes_QEP.php
 +
|-
 +
|Q/SSE Qualified Software Security Expert 5 day Bootcamp
 +
|Jan 19-23, Reston, CA
 +
|http://www.securityuniversity.net/classes_SI_SoftwareSecurity_Bootcamp.php
 +
|-
 +
|Windows Internet Trace Evidence(INET)
 +
|Jan 19-23, 2009, Meriden, CT
 +
|http://www.nw3c.org/ocr/courses_desc.cfm
 +
|Limited to Law Enforcement
 +
|-
 +
|Q/SA Qualified Security Analyst Penetration Tester ECSA Prep
 +
|Jan 26-30, Reston, VA
 +
|http://www.securityuniversity.net/classes_ECSA_QSA.php
 +
|-
 +
|Q/PTL Qualified Penetration Tester License and LPT Prep
 +
|Jan 26-30, Reston, VA
 +
|http://www.securityuniversity.net/classes_LPT_QPTL.php
 +
|-
 +
|CWNA Certified Wireless Network Admin/ CWSP Certified Wireless Security Professional Boot Camp
 +
|Jan 27-Feb 05, Reston, VA
 +
|http://www.securityuniversity.net/classes_wireless_bootcamp.php
 +
|-
 +
|Linux File System for Computer Forensic Examiners(Linux)
 +
|Mar 02-06, 2009, Meriden, CT
 +
|http://www.nw3c.org/ocr/courses_desc.cfm
 +
|Limited to Law Enforcement
 +
|-
 +
|}

Revision as of 13:00, 6 November 2008

This is the list of Scheduled Training Courses, referred to by Upcoming_events.

PLEASE READ BEFORE YOU EDIT THE LIST BELOW
Events should be posted in date order. An event should NEVER be listed in more than one section (i.e. Ongoing/Continuous events should not be listed in Scheduled Training). When events begin the same day, events of a longer length should be listed first. New postings of events with the same date(s) as other events should be added after events already in the list. If a provider offers the same event at several locations simultaneously, the listing should have a single (ONE) entry in the list with the date(s) and ALL locations for the event. Please use three-letter month abbreviations (i.e. Sep, NOT Sept. or September), use two digit dates (i.e. Jan 01 NOT Jan 1), and use date ranges rather than listing every date during an event(i.e. Jan 02-05, NOT Jan 02, 03, 04, 05).
Some training opportunities may be limited to Law Enforcement Only or to a specific audience. Such restrictions should be noted when known.

The Conference and Training List is provided by the American Academy of Forensic Sciences (AAFS) Digital and Multi-media Listserv. (Subscribe by sending an email to listserv@lists.mitre.org with message body containing SUBSCRIBE AAFS-DIGITAL-MULTIMEDIA-LIST) Requests for additions, deletions or corrections to this list may be sent by email to David Baker (bakerd AT mitre.org).

Title Date/Location Website Limitation
BlackBag Introductory MacIntosh Forensics Oct 06-10, Los Angeles, CA http://www.blackbagtech.com/products/training.htm
X-Ways Forensics Oct 07-09, London, UK http://www.x-ways.net/training/london.html
AccessData® Windows Forensics Oct 07-09, Las Vegas, NV and New York City, NY http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
WetStone- Steganography Investigator Training Oct 13-14, The Netherlands ENFSC Conference https://www.wetstonetech.com/trainings.html
AccessData® BootCamp Oct 14-16, Louisville, KY http://www.accessdata.com/common/pagedetail.aspx?PageCode=train Limited to Law Enforcement
WetStone- Live Investigator Training Oct 18-19, Atlantic City, NJ HTCIA Conference https://www.wetstonetech.com/trainings.html
Computer Hacking Forensic Investigator CHFI Prep/QFE Qualified Forensics Expert Oct 20-24, Reston, VA http://www.securityuniversity.net/classes_CHFI_QFE.php
Interpol "Train-the-Trainer" Workshop on Computer Forensics Oct 20-24, Hong Kong Police College http://training.tcd.hk Limited to Law Enforcement
Windows NT Operating System(NTOS) Oct 20-23, St. Louis, MO http://www.nw3c.org/ocr/courses_desc.cfm Limited to Law Enforcement
EnCase® v6 Computer Forensics II Oct 21-24, Toronto, Canada http://www.guidancesoftware.com/training/course_schedule.aspx
AccessData® Applied Decryption Oct 23-25, Sterling, VA http://guest.cvent.com/EVENTS/Info/Summary.aspx?e=ab0c756b-3cf8-4161-8a70-0c11c6f018fc
SARC - Certified Steganography Examiner Training Oct 23-24, Gaithersburg, MD http://www.sarc-wv.com/training/training_gaithersburg.aspx
WetStone- Live Investigator Training Oct 24-25, Gaithersburg, MD Techno Forensics Conference https://www.wetstonetech.com/trainings.html
WetStone- Steganography Investigator Training Oct 24-25, Gaithersburg, MD Techno Forensics Conference https://www.wetstonetech.com/trainings.html
X-Ways Forensics (3 days), File Systems Revealed (2 days) Oct 27-31, Canberra, Australia http://www.x-ways.net/training/ Limited to Law Enforcement/Government
EnCase® v6 EnScript® Programming - Phase I Oct 28-31, Toronto, Canada http://www.guidancesoftware.com/training/course_schedule.aspx
AccessData® Windows Forensics Oct 28-30, Manchester, United Kingdom http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
Qualified Network Security Policy Admin and SOA Security Oriented Architect Nov 03-07, Reston, VA http://www.securityuniversity.net/classes_policy_SOA.php
Q/PTL Qualified Penetration Tester License and LPT Prep Nov 03-07, Reston, VA http://www.securityuniversity.net/classes_LPT_QPTL.php
Q/SA Qualified Security Analyst Penetration Tester ECSA Prep Nov 03-07, Reston, VA http://www.securityuniversity.net/classes_ECSA_QSA.php
X-Ways Forensics Nov 03-05, Sydney, Australia http://www.x-ways.net/training/sydney.html
Macintosh Forensic Survival Course (MFSC) Nov 03-07, Bern, Switzerland http://www.forwarddiscovery.com/shop/index.php?act=viewCat&catId=3
Windows NT File System(NTFS) Nov 03-06, Meriden, CT http://www.nw3c.org/ocr/courses_desc.cfm Limited to Law Enforcement
EnCase® v6 Computer Forensics II Nov 04-07, Toronto, Canada http://www.guidancesoftware.com/training/course_schedule.aspx
AccessData® BootCamp Nov 04-06, London, United Kingdom http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
AccessData® Internet Forensics Nov 04-06, St Paul, MN http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
AccessData® Windows Forensics Nov 04-06, Albany, NY http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
Catching the Hackers Intro to IDS Nov 10-14, Reston, VA http://www.securityuniversity.net/classes_introIDS.php
Catching The Hackers II: Systems to Monitor Your Network Nov 10-14, Reston, VA http://www.securityuniversity.net/classes_IDSII.php
Q/SSE Qualified Software Security Expert 5-day Bootcamp Nov 10-14, Reston, VA http://www.securityuniversity.net/classes_SI_SoftwareSecurity_Bootcamp.php
Q/EP Qualified Edge Protection: Black Belt Nov 10-14, Reston, VA http://www.securityuniversity.net/classes_QEP.php
X-Ways Forensics Nov 11-13, Hong Kong http://www.x-ways.net/training/hong_kong.html
WetStone- Steganography Investigator Training Nov 11-12, Fairfax, VA https://www.wetstonetech.com/trainings.html
Security Plus Nov 17-21, Reston VA Andrews AFB http://www.securityuniversity.net/classes_Security+.php
BlackBag Intermediate MacIntosh Forensics Nov 17-21, Washington D.C. http://www.blackbagtech.com/products/training.htm
Qualified Security Awareness Class for MGT Nov 18, Reston VA http://www.securityuniversity.net/classes_areUprotected_MGT.php
WetStone- Hacking BootCamp for Investigators Nov 18-21, Vancouver BC https://www.wetstonetech.com/trainings.html
EnCase® v6 Network Intrusion Investigations - Phase I Nov 18-21, Toronto, Canada http://www.guidancesoftware.com/training/course_schedule.aspx
Qualified Security Awareness Training Nov 19, Reston VA http://www.securityuniversity.net/classes_areUprotected.php
EnCase® v6 Computer Forensics II Nov 25-28, Toronto, Canada http://www.guidancesoftware.com/training/course_schedule.aspx
AccessData® Internet Forensics Nov 25-27, Manchester, United Kingdom http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
BlackBag Intermediate MacIntosh Forensics Dec 01-05, San Diego, CA http://www.blackbagtech.com/products/training.htm
Windows Internet Trace Evidence(INET) Dec 01-05, St. Louis, MO http://www.nw3c.org/ocr/courses_desc.cfm Limited to Law Enforcement
Q/WAD Qualified Wireless Analyst and Defender Dec 01-05, Reston VA http://www.securityuniversity.net/classes_wireless_QWAD.php
Security Plus Dec 01-05, Reston VA http://www.securityuniversity.net/classes_Security+.php
SSCP Systems Security Certified Practitioner and Security Plus Dec 01-05, Reston VA http://www.securityuniversity.net/classes_SSCP.php
CWNA Certified Wireless Network Admin/ CWSP Certified Wireless Security Professional Boot Camp Dec 02-11, San Francisco, CA http://www.securityuniversity.net/classes_wireless_bootcamp.php
AccessData® Windows Forensics Dec 02-04, Ft Lauderdale, FL; New York City, NY; and London, United Kingdom http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
Fundamentals of Computer Forensics Imaging Dec 02-05, Falls Church, VA http://www.mantech.com/msma/isso.asp
SC World Congress 2008 - Q/PTL Qualified/ Penetration Tester License Dec 05-08, New York City http://www.securityuniversity.net/classes_LPT_QPTL.php
SC World Congress 2008 - Q/SA Qualified/ Security Analyst Penetration Tester (ECSA Prep) Dec 05-08, New York City http://www.securityuniversity.net/classes_LPT_QPTL.php
SC World Congress 2008 - Q/EH Qualified Ethical Hacker (CEH Prep) Class Dec 05-08, New York City http://www.securityuniversity.net/classes_LPT_QPTL.php
CWSP Certified Wireless Security Professional Dec 08-11, San Francisco, CA http://www.securityuniversity.net/classes_wireless_CWSP.php
Computer Hacking Forensic Investigator CHFI Prep/QFE Qualified Forensics Expert Dec 08-12, Reston, VA http://www.securityuniversity.net/classes_CEH_QEH.php
Windows NT Operating System(NTOS) Dec 08-11, Meriden, CT http://www.nw3c.org/ocr/courses_desc.cfm Limited to Law Enforcement
Application Forensics Course Dec 08-19, Hong Kong Police College http://www.police.gov.hk/police/policecollege/english/pdl/pold.htm Limited to Law Enforcement
EnCase® v6 Computer Forensics II Dec 09-12, Toronto, Canada http://www.guidancesoftware.com/training/course_schedule.aspx
AccessData® Internet Forensics Dec 09-11, Dallas, TX and New York City, NY http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
AccessData® Windows Forensics Dec 09-11, Louisville, KY http://www.accessdata.com/common/pagedetail.aspx?PageCode=train Limited to Law Enforcement
EnCase® v6 Advanced Computer Forensics Dec 16-19, Toronto, Canada http://www.guidancesoftware.com/training/course_schedule.aspx
AccessData® BootCamp Dec 16-18, Manchester, United Kingdom http://www.accessdata.com/common/pagedetail.aspx?PageCode=train
**__2009 EVENTS__** _______2009_______
Q/EH Qualified Ethical Hacker Class CEH Prep Jan 12-16, Reston, VA http://www.securityuniversity.net/classes_CEH_QEH.php
SSCP Systems Security Certified Practitioner and Security Plus Jan 12-16, San Francisco, CA http://www.securityuniversity.net/classes_%20SSCP_Security+_Bootcamp.php
Security Plus Jan 12-16, Reston, CA http://www.securityuniversity.net/classes_%20SSCP_Security+_Bootcamp.php
Linux File System for Computer Forensic Examiners(Linux) Jan 12-16, 2009, St. Louis, MO http://www.nw3c.org/ocr/courses_desc.cfm Limited to Law Enforcement
Q/EP Qualified Edge Protection: Black Belt Jan 18-22, Reston, CA http://www.securityuniversity.net/classes_QEP.php
Q/SSE Qualified Software Security Expert 5 day Bootcamp Jan 19-23, Reston, CA http://www.securityuniversity.net/classes_SI_SoftwareSecurity_Bootcamp.php
Windows Internet Trace Evidence(INET) Jan 19-23, 2009, Meriden, CT http://www.nw3c.org/ocr/courses_desc.cfm Limited to Law Enforcement
Q/SA Qualified Security Analyst Penetration Tester ECSA Prep Jan 26-30, Reston, VA http://www.securityuniversity.net/classes_ECSA_QSA.php
Q/PTL Qualified Penetration Tester License and LPT Prep Jan 26-30, Reston, VA http://www.securityuniversity.net/classes_LPT_QPTL.php
CWNA Certified Wireless Network Admin/ CWSP Certified Wireless Security Professional Boot Camp Jan 27-Feb 05, Reston, VA http://www.securityuniversity.net/classes_wireless_bootcamp.php
Linux File System for Computer Forensic Examiners(Linux) Mar 02-06, 2009, Meriden, CT http://www.nw3c.org/ocr/courses_desc.cfm Limited to Law Enforcement