DMX Workstation Information is the new currency of the digital world and navigating this web requires software allowing users to manage the limitless data flow between an individual and the virtual world. The NATO SOF Digital Media Exploitation (DMX) Course concentrates on the retrieval and examination of data stored on computers and other digital storage devices, and the fusion of this data into intelligible reports. Students will learn computer forensic basics, memory structure, how to identify and correct corrupted data, file carving, password breaking, and basic decryption techniques. All forensic tools used in this class are ‘freeware’ and will be available to the student upon graduation.

Once data is available for analysis, students will be presented with a series of scenarios where they will triage extracted information and structure the data for further analysis. From decoding pictures hidden within text, retrieving deleted data from unallocated space, to building a virtual user profile during an investitation, A NATO SOF DMX graduate will leave with the software tools and knowledge that can immediately enhance their unit's capabilities at any level of operation.

This course has a technology-heavy curriculum.


The world of cyber forensics is exploding and the job opportunities for people involved in cyber forensics grow daily. Students in high school and college need to understand the need for professional cyber forensic technicians and managers. This two-day course is designed to introduce teachers and educators to a curriculum that explores digital forensics. The labs designed for the teacher/educator will allow a student to explore the world of cyber forensic investigations using established legal frameworks and scientific digital forensic discovery.

This course will cover various digital device concepts, including how data is stored and transmitted on a network, why forensic programs can find deleted data on electronic media, and how that information can be used in civil and criminal investigations. Teachers/Educators will be provided free open-source tools and the lesson plans to use the tools in a classroom training environment.

With over 9 Billion wireless subscriptions worldwide as of 2016, every criminal investigation involves information that can be captured from a digital device, including phones and tablets. Understanding what information can be obtained from these devices, as well as how to collect and preserve the information legally is critical. This course will cover various digital devices, how wireless and cellular networks operate, and review data and information that can be obtained from carriers, devices, and the web. Attendees will be exposed to FTK Imager and Autopsy, open source tools for digital device imaging, as well as commercial products including Paraben’s E3:DS (Device Seizure) and HTCI’s MapLink and DART tools.  Students will conduct practical exercises on mobile devices and learn how to create presentations and reports that meet law enforcement legal requirements.

Class Overview:

Day 1

  • Overview of the Digital Evidence cycle Collection, Preservation, Evaluation, Report (CPER) model
  • Introduction to Open Source Forensic Tools: FTK Imager and Autopsy
  • Conduct a sample case to show the power of FTK and Autopsy in a hands on case environment 

Day 2

  • Cell Phone collection overview
  • Using Paraben DS to collect cellphone data from the handsets
  • Using DART to correlate multiple cellphone extractions for a case file
  • Using Call Detail Records (CDR) in your investigations including MapLink to create plots and reports
  • Hands on practical exercise using the cellphone collection tools to produce evidence.