Digital Photo Forensics Training - Certified Adroit Forensic Examiner (CAFE)
Course summary
The course will cover the basics of photo forensics, and give investigators the knowledge
to better understand, process, and analyze cases involving digital photographic evidence.
Investigators will learn how Adroit Photo Forensics can help in every step of the forensic
process from evidence acquisition, recovery, organization, content analysis, details, categorization,
integrity and reporting.
Duration
2 days
Prerequisites
Fundemental forensics knowledge. Advance preparation is not required.
Objectives
At the end of the course, the investigator will be able to understand the benefits and usage
of Adroit Photo Forensics at every step of processing a case with photos:
- 1. Evidence - Know the benefits and pitfalls of using different types of evidence (logical, physical, disk images).
- 2. Recovery - Recovers photos that no other product can using our proprietary SmartCarving™ and GuidedCarving™ technology.
- 3. Organization - View photos based on photo specific properties like Camera, Software, Resolution and EXIF Dates.
- 4. Content Analysis - Filter photos based on content using SmartHashing, Explicit Image Detection + Child Detection, etc.
- 5. Photo Details - View and understand photo details in the most comprehensive Forensic Photo Viewer available.
- 6. Categorization- Utilize the most advanced manual and automatic categorization product on the market.
- 7. Integriy - Set verifications and alerts based on MD5, SHA-1 or SHA256 hashes for photos and evidence.
- 8. Reports/Exports - Bookmark, categorize and generate customizable reports, csv files or export into FTK.
Investigators will learn how to use EXIF data to get additional information critical to
a case. Investigators will also learn how to tune Adroit for triage and for more detailed
analysis.
Core concepts covered
- Photo Formats - Description of and differences between JPEG, PNG, GIFs and high end camera RAW formats.
- Carving Techniques - Understanding sequential and fragmented carving. Content carvers vs. signature carvers.
- Cryptographic Hashes - Usage and problems of hashes to identify known illicit photos.
- Fuzzy Hashes - How Fuzzy Hashing can help identify known illicit photos.
- Thumbnail Cache Attribution - How thumbnail caches can help to identify photos that may have been present on the system.
- EXIF/IPTC Metadata - How metadata can be used to gain crucial information not present in the file system.
- Filtering - How to quickly reduce a case involving hundreds of thousands of photos to a more manageable size.
- Anti-Forensic Techniques - Like thumbnail photo mismatch detection.
- Image Tampering - How photos can be tampered with and issues related to its detection.
Adroit Photo Forensics features covered
- Recovery Techniques - Active, LogCarved, Sequentially Carved, SmartCarved Recovery.
- GuidedCarving - Manual software assisted technique to recover highly fragmented deleted photos.
- Photo Gallery Grouping - Grouping can be used to identify software, cameras, GPS information etc.
- Timelines - Used to view photos based on file system or EXIF dates.
- Explicit Image Detection - Tuning for triage or detailed analysis. Useful for CP and corporate investigations.
- Thumbnail Mismatch Detection - Learn how to counter some Anti-Forensic techniques.
- Categorization and Bookmarking - Group, view, analyze and report on photos of interest.
- Photo Forensic Viewer - View all the details about a photo available in one screen.
- SmartHashing - Use fuzzy hashing to group photos that are slight modifications of each other.
- Reporting and Exporting - Customize reports, export data into CSV's and export into FTK.
Who should attend
- Criminal Investigators
- Local, State and Federal Law Enforcement
- Private Investigators
- IT Security Professionals
- Security Auditors
Attendees receive
- 2 Full Days of Training
- Attendance Certificate
- Adroit Certification (Student must successfully pass exam)
- Software packages are available upon request
Schedule
Next Course: To be announced
Course Provider:
Digital Assembly
Contact:
sales@digital-assembly.com
For more information regarding refund concerns and program cancellation policies, contact Digital Assembly at sales@digital-assembly.com or (212)-292-3136
