Successful completion of the Cyber Enforcement Resources Incorporated Internet Investigation Basic Level Program, or equivalent experience, is required.

Participants are strongly recommended to have at least basic administrative knowledge of popular Microsoft Operating systems (Win9x, WinNT, Win2K, WinXP recommended), and optionally, a Unix based operating system (Linux, BSD, etc..). Strong familiarity with several Internet enabled applications, including but not limited to, web browsers, telnet, ftp, email, chat, internet messaging software also required. Some familiarity with networking devices, such as hubs, switches, and routers recommended. Additionally, prior investigation experience in any discipline, having advanced UNIX skills, familiarity with common technologies on the Internet - such as newsgroups, search engines, guest-books, and message boards - are also helpful.

The course is open to law enforcement and Internet security professionals via the Internet meeting minimum requirements.

Participants may work within the course track or additionally opt for fullfilling requirements that will lead to certification at the level of the course material.

As a result of the course, it is expected that participants will

• Understand the diverse resourcefullness of the Internet
• Have a basic understanding of how network and Internet applications communicate
• Be able to overcome difficult obstacles found during the investigation of websites
• Know what information important to capture for investigation and court testimony purposes
• Understand how to use the Internet to advance your investigation
• Stealthfully investigate suspect websites
• Overcome some typical obstacles in determining origins of Email
• Become skilled with some basic "networking self-defense" techniques
• Understand and be able to use one of the favorite basic tools of the Black Hat

On-line information, articles, distributed learning tools, and supplementary readings will be provided by the instructors. Reading assignments and tool information will be periodically updated on the course website.

Active participation is required for maximum learning. Participants are expected to carefully read all assigned reading material, thoroughly complete all assignments and skill exercises. Additionally, certification candidates are to provide thorough documentation of all computer and Internet investigations they have participated in. This includes but is not limited to investigations that were initiated via the Cybersnitch Reporting System. Participants are also strongly encouraged to work with other online participants to work out problems, discuss scenarios and issues, and other training related matters.

Participation in on-line meetings is optional unless an instructor specifically states otherwise. Participants are free to request a meeting for themselves or for all members. Participants are free and encouraged to interact with instructors using available training tools, including but not limited to Email, chat, and multimedia solutions.

Announcement for meetings will typically be done via Email or via a posting in the classroom main menu area. Meetings will generally be announced 24 hours in advance. Online meeting time will be used for purposes of training, question and answer sessions, demonstrations, and discussions.

This course will utilize a combination of reference material, skill exercises using online tools, possible multimedia interaction including presentations, real-world investigation exercises, online tours, message-bases, Email, and Internet relay chat for communication and discussions.

This course will primarily focus on the Windows platform, as well as Microsoft based Internet technologies, for examples and demonstrations. Other platforms will also be addressed.

Each participant is expected to accrue enough points to merit successful completion of the course. Points may be obtained through all the following:

• The completion of tasks deemed "Milestone exercises"

Additionally, Certification candidates will be expected to accrue enough points to merit certification. Points may be obtained through all the following:

• The completion of tasks deemed "Milestone exercises"
• The investigation and submission of well documented investigation reports
• Passing of a comprehensive "examination"

Certification eligibility for each participant will be determined based on the total number of points obtained through the training program.

All tasks, skill exercises, exams, quizzes, and other projects and assignments will be evaluated based on a pass/incomplete criterion.

Milestones need to not only be completed successfully, but accurately.

Investigation reports need to be thoroughly documented, covering the report incident from start to finish, including insights and descriptions of methodologies used, technology used, interviews with victims, witnesses, etc.. To help facilitate the accurate creation of reports, forms have been created and made available on the course menu.

Upon receipt of an incomplete of any Milestone or report submission, the participant will be allowed to ask questions, request advice, and make corrections. Participants then will be given the opportunity for resubmission. This will be allowed for up to (3) three reviews in total per submission item.

During the entire course, participants may inquire and discuss all challenges with the instructors and virtual classmates using the communication media afforded through the training program. The only time this convenience will not be available to the participant is during the final exam and final skill exercises. The final exam will be, however, "open net", meaning the participant can use the Internet to assist in the taking of the exam. Obtaining assistance from anyone either in the training program or outside the training program, during a final exam or final skill exercise, i.e.. "cheating", will result in the participant being ineligible to receive certification, and fees paid will not be refunded.

Module 1 :Introduction - the Intenet is your toolbox
Module 2 :Introduction - The OSI Model
Module 3 :Advanced Website Investigations I - "If you can see it, you can get it"
Module 4 :Advanced Website Investigations II - Breaking the nest
Module 5 :Advanced Website Investigations III - Proper Techniques for Suspect Websites
Module 6 :Investigative Techniques I - Setting up and using the Anonymous Website
Module 7 :Investigative Techniques II - Investigating the Instant Messenger Network
Module 8 :Investigative Techniques III - Visiting sites without being detectable
Module 9 :Investigative Techniques IV - Getting behind the anonymous Email
Module 10:Investigative Techniques V - Introduction to Sniffing
Module 11:Technology I - Getting comfy with SMTP
Module 12:Technology II - Bots and Clones, Advanced IRC tactics
Module 13:Hack I - Understanding and Defending Against the Spoofers.
Module 14:Hack II - Preventing the Exploiters of the Wireless Network
Module 15:Hack III - Dissecting a favorite of the Black Hat
Module 16:Hack IV - Desktop Investigation I
Module 17: Final exam
Module 18: Session conclusion