Training courses


Training programs

Duration and expected audience:

Half-day (0.5 days) training for LEA officers and business partners.

Short Description:

The world of IT security is moving ever faster with decision makers needing to stay current in order to defend against new threats. The objective of this training lies in providing executive officers the necessary knowledge in order to assess the criticality of existing and upcoming trends in the area of IT-Security and cybercrime for their respective companies, as well as to introduce the required countermeasures.

Topics of training: History and different forms of ransomware; Typical mechanisms; A-priori mitigation strategies (prevention); A-posteriori mitigation strategies (reaction)

Languages: German or English. Training material in English

More information: https://www.sba-research.org/professional-services/advanced-training/

Duration and expected audience:

One (1) day training for executive officers at LEA and business partners.

Short Description:

The world of IT security is moving ever faster with decision makers needing to stay current in order to defend against new threats. The objective of this training lies in providing executive officers the necessary knowledge in order to assess the criticality of existing and upcoming trends in the area of IT-Security and cybercrime for their respective companies, as well as to introduce the required countermeasures.

In this one-day training, executive officers and other high-ranking decision makers are provided with the fundamental concepts of IT-Security, as well as the latest trends in the area of cybercrime.

Languages: German or English. Training material in English.

More information: https://www.sba-research.org/professional-services/advanced-training/

Duration and expected audience:

  • Two (2) days training for LEA officers and business partners.

Short Description:

Wireshark is a highly customizable software for network analysis. The Lua scripting language can be used to extend nearly all aspects of Wireshark including the definition of new protocols (protocol dissectors), event triggers, GUI elements, etc. In this hands-on training, attendants will learn how to customize Wireshark to their own needs for network analysis, protocol research, etc. using Lua scripts.

Topics of the training: Introduction to the Lua scripting language and the Lua-API in Wireshark; Write your own protocol dissectors for protocol reverse engineering, support of uncommon protocols, etc.; Extend existing protocol dissectors for a more detailed view on a network protocol; Create listeners to trigger events based on traffic patterns; Create your own UI elements (menu, windows, preferences) within Wireshark, File IO; Application of Lua scripting for automated analysis and post-processing tasks.

Languages: German or English. Training material in English.

More information: https://www.sba-research.org/professional-services/advanced-training/wireshark-scripting-mit-lua/

The training program “First responders” according to the training programme that is developed by Cybersecurity and Cybercrime investigation Centre of Dublin College University (UCD CCI), is adapted in cooperation with L3CE, Ekonominės konsultacijos ir tyrimai (EKT) and Vilnius County Police Headquarters (VCP). Training programme is dedicated to law enforcement officers who investigate or are related with solving ICT use for criminal purposes. The main objective of this programme is to equip the participants with knowledge about IT and their abuse, cybercrime evidence collection, and instructions on how to effectively react to the reports on cybercrime. Moreover, the trainees will be introduced with seizure and handling of electronic evidence. This training programme also contains a component for training of trainers how to deliver course First responders – what training methods, practical exercises to be used, how to perform the testing and examination of gained knowledge and skills. First responders course systematically acknowledging with basic how computers work, jargon buster, cybercrime business model, Tor and Darknet, psychology of child abuse, how malware infects, how Freetool for first responders could be used, search basic and LDF for first responders, what are CCIU requirements, how does network, Ips & domains work, what are Email headers, ASP request, ebay& paypal, Facebook, Google search and how all these affecting victims and how the crime could be committed. The theoretical knowledge presentation is followed by demonstration of Freetool that tackles to detect and search of footprints and cyber evidences. The training also includes the introduction into OSINT– what are OSINT tools and resources, exif, the main OSINT principle “follow the Money” explanation followed by demonstration and analysis of the OSINT case study. The topic on introduction to computers, peripheral devices & networking covers the various components of modern computers, expansion cards, Ethernet expansion cards, input and output hardware, RAM (random access memory), SSD (solid state drives), hard disk drives (HDDs), auxiliary storage (floppy disks, optical disks, flash drives, magnetic storage, RAID (redundant array independent disks), the principles of connecting to other computers, the main numeral systems used by computers and networks, how do computers process data, the main encoding systems ASCII (American Standard Code for Information Interchange) and Unicode, cryptography overview, time zones and converting to UTC. Topic on Jargon Buster allows for participants to understand and describe understand and describe the most common attack vectors such as computer worms, Spyware, DDoS attack (distributed denial-of-service attack), phishing, vishing and the hallmark features of these scams, schemes “man in the middle and watering hole attack, Cross-Site Scripting (XSS) attacks, zero day attack, Botnet. The crime prevention advices are also presented. This topic includes the practical exercise for participants on phishing. Cybercrime business model topic cover the list of prominent cybercrime marketplaces, categories of cybercrime business models (commercial model, organised model, outsourcing model, mentor-apprentice model) followed by “Topfox” case study, theft chain, exploitation of affiliate marketing, customer service, legitimate merchant account and webmoney for committing of cybercrime, roles and types of money mules, the chain how the fraud works. The topic on deep internet covers the deep web, the underground internet, the onion router (Tor), the mechanism how Tor works, what are Tor hidden services, how to access Tor and what are Tor investigation tools for law enforcement. Introduction into psychology and Child Sexual Exploitation (CAM) is relevant to understand patterns and behaviour of criminals on internet. The types of child sexual exploitation are presenting such as contact sexual abuse, trafficking for sex, recording sexual abuse, trading recorded material, grooming and inappropriate attention. Based on psychology (Finkelor theory) the four preconditions for child sex offending are explained such as motivation, overcoming internal inhibitors, overcoming external impediments, overcoming victim resistance and how this goes throw the internet into the mix. The key topic is on search and seizure guidelines that explain the principles for the seizure of electronic evidences, on demonstration how to identify, seize and transport electronic evidence and how identify portable and removable storage media. The good practice principles for electronic evidence are presented. Detail description of steps to be taken covers pre-search preparation process, crime scene investigation process and related legislation. Pre-search phase preparation includes the presentation of the main principles, actions for pre-search preparation such as appointment of officer in charge, distribution of roles scene secure team appointment, equipment preparation, application to CCTV (Closed Circuit Television), search briefing background and targets, search team appointment. The crime scene investigation process covers on-site analysis, on-site computer response team, appointment of equipment officer and transport team, case information search site intelligence, search methodology, photographing / sketching scene, evaluation for “live” analysis, live forensics; on-site live computer systems, response team, on-site observations and transporting evidence. LDF (live data forensics) for first responders focuses on how to examine historical data from web browsers, to perform basic Live forensic operation, what to do and what don’t, what are ACPO Guidelines, how to record activities and ensure compliance with the Law, what is ‘Post Mortem’ (cold) forensics. The topic is followed by exercises on “live analysis”, what is private browsing: Firefox, Google Chrome, Internet Explorer, Safari, how to analyse e-mails and IM chats, what are evidence of e-mails and IM chats. Basic on encryption is presented – knowledge and observation. Training course knowledge is supported by Freetool demonstration and exercise. The topic on internet enable the participants to discuss the history of the Internet and covers items such as principles of the internet, internet protocols, TCP/IP architecture and protocol suite, IP addresses, network addressing, network addressing capabilities, reserved IP addresses, circuit switched vs. packet switched, packet header information, TCP/IP and packet switching, the internet – the real view, additional notes on IP addresses, ipv6 addresses, connecting to the internet, what is a HTML file, creating and opening a HTML file, mypage.html, web pages – image issues, correcting our code, web pages and colours, adding colour to our web page, extending HTML, web browsers, browser statistics, Firefox 5.0, web servers, what is HTTP, how to send a HTTP request, cookies, top level domain names & country codes, domain names, IP and e-mail addresses, managing the domain name server system, Regional Internet Registries, how do you get a domain, hosting options, web pages and web servers, web site statistics Introduction into identity theft includes definition of identity theft, how data used to commit identity fraud or obtain personal information, what information at social networking sites could be used for fraud, what are ID theft & Cyber-bullying, phishing for data, a phishing scam, publicly available personal information, impersonating the Dead, information collected at e-commerce sites, database hacking, insider threats, identity theft online, social engineering, using personal information to defraud financial institutions, selling personal information, how to protect against identity theft. The topic is followed by practical exercise on incident response task. The topic on auction fraud and online payment systems covers items such as online auctions, making money from auctions, analysis of case studies on different types of frauds such as auction for sale (PlayStation 2 Original Box and Receipt), non-delivery of purchased items (the Rotten Apple), misrepresentation, shill bidding as well as other types of auction fraud (overpayment fraud, black-market/counterfeit goods, bid siphoning, second-chance schemes). To this topic is related investigation of in payments systems. This investigation topic covers eBay’s privacy policy, information that eBay can provide, using payment systems to protect your money, what is PayPal, sending and receiving money via PayPal, PayPal e-mail scams, escrow services and fictitious ‘escrow’. The topic is followed by examples and introduces the LEP (Law Enforcement Portal) – tool for registered Law Enforcement officers to obtain eBay user information without the need of faxing a data request, Law Enforcement eRequest System (LERS). Network Investigation: e-mail headers, online groups and social networking, Newsgroups, Usenet News, Google Groups, News Programs, Usenet newsgroups, Usenet Headers. Facebook Investigations topic allow to understand the Facebook data request process, present a list the information to include in a data request, how does it work an access the Facebook activity log, how to download an injured parties/suspect Facebook account, what does it mean to “preserve” records, what are account preservation requests, data requests process, identifying Facebook profiles, Facebook graph, information to include into records, data received for basic subscriber information, data requests statistics, Mlat, accessing fb activity log, activity log, picture info, downloading a Facebook account, download process, index.html, messages, security tag, photographs. The introduction into OSINT covers definition of OSINT, explains the relevance of OSINT for law enforcement and presents the sources of OSINT, tips for success, safe surfing and evidencing OSINT. This topic is followed by exercise 1: Using ECHOSEC.net. The basic on Google Search presented: Quotation Marks and Search Term, Google Operators, Sites, “Linkto:”, Google Search Tools, Google Alerts, images.google.com, Google Operators Guide. The training programme is tailored both for in the class-training and learning remotely.

The training programme is designed for law enforcement agents who perform investigations of identity theft in cyberspace. Law enforcement agents seeking to successfully investigate identity theft in cyberspace crimes should be familiar with the concept of such crimes, the methods, forms and legal aspects. The training programme is based on an analysis of the legal and regulatory practices in the European Union and Lithuania and is dedicated to researchers investigating the cases of identity theft. The training courses include the European Union (EU), Lithuania (LT) legislation, EN and EU court procedures, case studies and best practices. This training programme cover the topics such as personal identity and identification, dangers for personal data in cyberspace, personal identity theft, the concept of identity theft, related danger, results and trends in such activity, forms and methods of committing identity theft, subjects and victims of identity theft in cyberspace, legal regulation related to identity theft in cyberspace, liability for identity theft in cyberspace, prevention of identity theft in cyberspace, legal relationship between electronic information and electronic documents. Personal identity and identification topic covers the definition of personal identity, the linked to state-approved identification, ways and means for identification in cyberspace, dangers for personal data in cyberspace, the concept and definition of personal identity theft, related danger, results, and tendencies of such activity. The one of the most dangerous threats in cyberspace is electronic identity theft and closely related to dangers for personal data in cyberspace. The identity theft in cyberspace is a wider and complicated crime: electronic identity usage and total accessibility of personal information will only increase, and virtual social networks are spreading quickly, a need for false electronic identity increases as well as the increasing scale of identity theft in cyberspace influences e-business and public e-services, therefore, the financial identity threats are the most dangerous and entrain the biggest financial damage. Forms and methods of committing identity theft: due to constant progress of information and communication technologies the phenomenon itself acquires new forms, which are moving more and more often into cyberspace. Due to the mentioned reasons the finite list of the forms of identity theft may be compiled only for the present moment. The main forms of committing identity theft are following: thefts of medical identity, computer identity, driver’s license identity, internet identity, financial identity, social security identity, banking identity, corporate identity, criminal identity and passport identity as well as identity theft cloning. The main methods are: phishing, scam, spam, spoofing, spyware, skimming, pharming, replay attack, dumpster diving, creation of a false profile in a social network. Under the topic for subjects and victims of identity theft in cyberspace the classification of identity theft subjects, the factors that motivate subjects of identity theft in cyberspace, concept and definition of the victim of identity theft in cyberspace are presented as well as ways, how victims usually find out about identity theft, what are prevention measures. Legal regulation related to identity theft in cyberspace covers the main aspects of EU legal regulation directly and indirectly related to identity theft such as Convention on cybercrime, Convention for the protection of individuals with regard to automatic processing of personal data (the Strasbourg Convention) of 1981, Directive 95/46/EB of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, certain of EU communications, legal regulation that has the biggest link with identity theft in cyberspace is legal regulation of identification, legal protection of personal data, and security of electronic information (cybersecurity). Some principles for legal regulation are established in the Cybersecurity strategy An Open, Safe and Secure Cyberspace of 2013. In addition, the roles and function in cybersecurity of certain institution that act in the domain of cybersecurity on EU level, such as ENISA, EUROPOL and EDA, are explained. The topic on legal regulation of cybersecurity in Lithuania focuses on 2014 the Law on Cybersecurity of the Republic of Lithuania, the Programme of Cybersecurity Development for 2011-2019 of 29 June 2011 with roles and functions of the main institution for cybersecurity in Lithuania – National Cybersecurity Centre. The topic on liability for identity theft in cyberspace covers aspects of the criminalisation of identity theft in cyberspace, including comparative aspects on criminalisation of identity theft in cyberspace in Lithuania, the main provisions of Criminal Code of Republic of Lithuania (hereinafter – the Code) and phases of the legal process: for example, the receiving information related to identity is criminalised by articles 166, 167, 198, 198(1), 214 of the Code, the use of information related to identity with the purpose to commit a crime falls under the area of regulation of articles 182, 207, 215, and 300 of the Code, and storing, distribution – partly fall under the area of application of articles 198 and 214 of the Code. The topic on prevention of identity theft in cyberspace includes crime prevention (common aspects, levels of identity theft in cyberspace prevention, prevention level of specific person, 21 rules, prevention in public and private sectors, Red Flag rules), the level of non-formal social combinations, formations and organisations as well as prevention of identity theft in cyberspace on the international, bilateral (inter-national) and (or) regional level. The topic on legal relationship between electronic information and electronic documents focuses on such aspects: when assessing electronic evidence and its probative value, the court must consider the reliability of such evidence, which could be questioned. Therefore it is necessary to determine a method of creating, storing and transmitting electronic information / data, the integrity, authenticity, and reliability of stored information and other important circumstances. These conditions are necessary for physical documents as well as for information recorded in cyberspace – for electronic documents: authenticity and reliability of a document, document integrity, suitable for use. The definition of electronic document, electronic information, electronic data and electronic document is presented and their suitability as evidence in criminal proceedings. The training programme is tailored both for in the class-training and learning remotely.

The training programme is designed for law enforcement agents who perform investigations of identity theft in cyberspace. Law enforcement agents seeking to successfully investigate identity theft in cyberspace crimes should be familiar with the concept of such crimes, the methods, forms and legal aspects. The training programme is based on an analysis of the legal and regulatory practices in the European Union and Lithuania and is dedicated to researchers investigating the cases of identity theft. The training courses include the European Union (EU), Lithuania (LT) legislation, EN and EU court procedures, case studies and best practices. This training programme cover the topics such as personal identity and identification, dangers for personal data in cyberspace, personal identity theft, the concept of identity theft, related danger, results and trends in such activity, forms and methods of committing identity theft, subjects and victims of identity theft in cyberspace, legal regulation related to identity theft in cyberspace, liability for identity theft in cyberspace, prevention of identity theft in cyberspace, legal relationship between electronic information and electronic documents. Personal identity and identification topic covers the definition of personal identity, the linked to state-approved identification, ways and means for identification in cyberspace, dangers for personal data in cyberspace, the concept and definition of personal identity theft, related danger, results, and tendencies of such activity. The one of the most dangerous threats in cyberspace is electronic identity theft and closely related to dangers for personal data in cyberspace. The identity theft in cyberspace is a wider and complicated crime: electronic identity usage and total accessibility of personal information will only increase, and virtual social networks are spreading quickly, a need for false electronic identity increases as well as the increasing scale of identity theft in cyberspace influences e-business and public e-services, therefore, the financial identity threats are the most dangerous and entrain the biggest financial damage. Forms and methods of committing identity theft: due to constant progress of information and communication technologies the phenomenon itself acquires new forms, which are moving more and more often into cyberspace. Due to the mentioned reasons the finite list of the forms of identity theft may be compiled only for the present moment. The main forms of committing identity theft are following: thefts of medical identity, computer identity, driver’s license identity, internet identity, financial identity, social security identity, banking identity, corporate identity, criminal identity and passport identity as well as identity theft cloning. The main methods are: phishing, scam, spam, spoofing, spyware, skimming, pharming, replay attack, dumpster diving, creation of a false profile in a social network. Under the topic for subjects and victims of identity theft in cyberspace the classification of identity theft subjects, the factors that motivate subjects of identity theft in cyberspace, concept and definition of the victim of identity theft in cyberspace are presented as well as ways, how victims usually find out about identity theft, what are prevention measures. Legal regulation related to identity theft in cyberspace covers the main aspects of EU legal regulation directly and indirectly related to identity theft such as Convention on cybercrime, Convention for the protection of individuals with regard to automatic processing of personal data (the Strasbourg Convention) of 1981, Directive 95/46/EB of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, certain of EU communications, legal regulation that has the biggest link with identity theft in cyberspace is legal regulation of identification, legal protection of personal data, and security of electronic information (cybersecurity). Some principles for legal regulation are established in the Cybersecurity strategy An Open, Safe and Secure Cyberspace of 2013. In addition, the roles and function in cybersecurity of certain institution that act in the domain of cybersecurity on EU level, such as ENISA, EUROPOL and EDA, are explained. The topic on legal regulation of cybersecurity in Lithuania focuses on 2014 the Law on Cybersecurity of the Republic of Lithuania, the Programme of Cybersecurity Development for 2011-2019 of 29 June 2011 with roles and functions of the main institution for cybersecurity in Lithuania – National Cybersecurity Centre. The topic on liability for identity theft in cyberspace covers aspects of the criminalisation of identity theft in cyberspace, including comparative aspects on criminalisation of identity theft in cyberspace in Lithuania, the main provisions of Criminal Code of Republic of Lithuania (hereinafter – the Code) and phases of the legal process: for example, the receiving information related to identity is criminalised by articles 166, 167, 198, 198(1), 214 of the Code, the use of information related to identity with the purpose to commit a crime falls under the area of regulation of articles 182, 207, 215, and 300 of the Code, and storing, distribution – partly fall under the area of application of articles 198 and 214 of the Code. The topic on prevention of identity theft in cyberspace includes crime prevention (common aspects, levels of identity theft in cyberspace prevention, prevention level of specific person, 21 rules, prevention in public and private sectors, Red Flag rules), the level of non-formal social combinations, formations and organisations as well as prevention of identity theft in cyberspace on the international, bilateral (inter-national) and (or) regional level. The topic on legal relationship between electronic information and electronic documents focuses on such aspects: when assessing electronic evidence and its probative value, the court must consider the reliability of such evidence, which could be questioned. Therefore it is necessary to determine a method of creating, storing and transmitting electronic information / data, the integrity, authenticity, and reliability of stored information and other important circumstances. These conditions are necessary for physical documents as well as for information recorded in cyberspace – for electronic documents: authenticity and reliability of a document, document integrity, suitable for use. The definition of electronic document, electronic information, electronic data and electronic document is presented and their suitability as evidence in criminal proceedings. The training programme is tailored both for in the class-training and learning remotely.