CSI Learn is a collaboration between leading digital forensic investigation & training providers.

All our courses have been taught in a classroom setting to 100's of Law Enforcement officers, Government and Corporate investigators in 15+ countries.

Learn more »

What Will You Learn   Cryptocurrencies in their many forms, based on the blockchain concept, are here to stay and will increasingly pervade the way people trade and create contracts with each other.  This already provides a significant challenge for investigators from many different fields who are increasingly being faced with transactions that appear anonymous and incomprehensible. This course, developed by respected investigator and researcher, Nick Furneaux, is designed to take an investigator from a basic understanding of blockchain technologies through to being an expert in the field, able to confidently investigate transactions and give evidence on their findings. During the course, we build and then play with a simple new cryptocurrency (NickCoin!) to understand all the basic concepts, even mining for new ‘coins’.  We learn about the underlying encryption and hashing algorithms used and what it teaches us about a transaction before setting up Wallets and understanding how transactions actually work. Next, we learn how to find and extract addresses from paper wallets, computer disks/memory and the web.  Then we look at how to extract raw data from all the primary blockchains using their API’s and discover numerous techniques to de-anonymize users within the blockchain and even how to extract attributable Bitcoin addresses from a wiretap or seized device.  Lastly, we consider how to seize and protect Coins used in criminal activity. We are not aware of any course currently available that digs this deep into the subject. Although we cover Bitcoin and Ethereum specifically, the skills taught should enable the investigator to figure out the process of examining any cryptocurrency. Read More

This is a hands on, practical and immersive course suitable for those who use the internet to conduct open source investigations or intelligence research. Learners will undertake a number of practical exercises during the 17 modules with module 18 being a final exercise using the skills developed throughout. The course is aimed at professionals, experienced in their fields, but new to internet investigations or experienced researchers who want to make sure that their work can withstand legal scrutiny. Read More

The course is designed for Hi-Tech Crime Units and other digital investigators who want to leverage RAM to acquire evidence or intelligence which may be difficult or even impossible to acquire from disk.  The course does not focus on the complex structures and technology behind how RAM works but rather how an investigator can extract what they need for an investigation quickly and simply. An extraordinary course which has opened up a whole new world of evidence gathering - UK Metropolitan Police Officer This course has been taught in a classroom format to 100's of investigators in over a dozen countries and receives rave reviews. The best computer forensics class I've ever taken - Swedish Police Officer We use professionally shot video, screen capture and high quality audio combined with whiteboard animations, quizzes and interactive sections to maximise your learning and retention. The course is designed to be fully hands-on, it is vital that the student follow along with each section and so would benefit from having 2 screens if possible.  The class should take around 18 hours to complete if you try each command, complete the practicals and take the final exam. To sit this course in a classroom with Nick Furneaux teaching costs around £1850 (UK), however you can now enjoy the class from the comfort of your own computer for just £950 (UK).  If you are Government or Law Enforcement please contact me via the contact page on www.csitech.co.uk for a discount code. Take this class!  You will never look at computer memory the same again - Investigator for European Bank Syllabus Approaching the Live Scene Live RAM imaging (Cmd line and GUI based) Imaging Windows RAM Volatile data acquisition Live Disk imaging Creating and scripting your own USB based toolkits Scripted disk and RAM imaging Quick Wins - what can we do with a RAM dump quickly Advanced Memory analysis Extraction of bespoke file types Extraction of Internet History Extraction of Skype chat and other data Extracting data from Hiberfil and Crashdump files Understanding running processes and how they can help an investigation Enumerating network sockets and connections Finding and carving files for each process Reconstructing the Internet History Carving and investigating network packets Extracting executables from memory samples Virus checking RAM dumps Registry analysis Location and extraction of specific registry keys Extracting the SAM and decrypting passwords Decryption of Truecrypt Finding other plain text passwords passwords Cracking the OSX keychain Imaging Linux RAM Linux RAM analysis section Imaging Intel Mac’s (OSX) OSX RAM Analysis section Real world practicals Loads more….. What will you need? You will require a Windows computer or Virtual Machine.   2 monitors is useful but not essential. You will need to be able to install programs. You will need a browser such as Firefox installed. You will need access to the command shell (locked down on some corporate machines) A pen and paper is useful. Read More

Shopping Cart

Your cart is empty