Spyder Forensics Programs

SQLite Forensic Analysis

June 1-2 (Pre-Conference)

If you think of database formats encountered during an examination, SQLite databases are most likely top of your list. From mobile devices to standard desktops there are thousands of applications that utilize SQLite to store data. At Spyder Forensics we recognize the importance that SQLite database forensics plays in the potential recovery of data that can provide the key actionable intelligence needed for a case.

The question now becomes, are you examining all the data stored in the SQLite Data Files?

This two-day intermediate forensic course gives examiners a deeper understanding of how SQLite works under the hood. On Day 1 we start by deep diving into the main database file, looking at b-tree pages, freelist pages, and overflow pages. Participants will gain an understanding of the page structures and the potential for recovering records from page unallocated space, freeblocks, and freelist pages.

The main focus of Day 2 is the SQLite Journal files and how they can play a key role in uncovering past states of the database. With an understanding of how the Journals files work, participants can exploit the journal files design to potentially recover deleted records including scenarios where secure_delete is in play.

By the end of the course, participants will have a firm grasp of the inner workings of SQLite databases and will have the knowledge they need to competently deal with this popular database format.

Dark Web and Cryptocurrency Investigations Training

June 3-4 (Pre-Conference)

The Dark web had become a place of mystery and intrigue. It really isn’t either. Criminals have found a new neighborhood to commit crimes. Those crimes run the standard gamut of fraud and drugs to illegal gun sales to even chemical and biological material being sold. Investigators are finding evidence of the dark web on computers and phones in local investigations. Investigating what occurs on the Dark web is now an extension of a standard response to a victim’s complaint.

What is the preferred method of payment on the Dark Web? Cryptocurrency! The pseudo-anonymous nature of this form of virtual currency has paved the way for criminals to conduct their crimes.

This two-day course designed for investigators exposes participants to both the Dark Web and Cryptocurrency.

Day 1 is an introduction to the Dark web, where participants will learn what the Dark Web really is, how to build a Darknet persona for investigative purposes, and the basics of investigating Tor Onion Services.

On Day 2 the focus is on cryptocurrency. Participants will get introduced to the concepts of this popular form of currency, how to perform Cryptocurrency transactions, and where we can find evidence of Crypto usage.

At the end of the course, we will tie Cryptocurrency and the Dark web together and how cryptocurrency is used in conjunction with the Dark Web to facilitate criminal activity.