Professional Training—John P. STEPANSKY

 

The Pennsylvania State Police - Computer Crime Investigations - and related update training.

 

EDCAP Services - Introduction to Data Evidence Collection and Preservation.  Introduced the student to the collection and preservation of electronic data.

 

The National White Collar Crime Center - Basic Data Recovery and Analysis (Cybercop 101) 03-26-1999.  36 Hrs of instruction relating to the handling, recovery and analysis of computer related evidence

 

The National White Collar Crime Center - Advanced Data Recovery and Analysis 05-04-2001 40 hrs of instruction relating to the handling, recovery and processing of computer related evidence.  Special emphasis was given to Windows 9.x, Windows ME, with some emphasis on the Windows NTFS file system.

 

Butler Co. Community College - Introduction to Computer Forensics - spring 2002

 

Butler Co. Community College - Security Systems - summer 2002

 

Butler Co. Community College - Data Communications and Networks - spring 2003

 

Butler Co. Community College - Micro computer Applications - fall 2003

 

AccessData – Intermediate Computer Forensics – 02-20-2004.  24 hrs of instruction relating to the recovery of computer related data using AcessData’s Forensic Tool Kit, and other Access Data software including Password Recovery Toolkit, Registry Browser, and FTK Imager.

 

Digital Intelligence - Network Forensics Essentials - 07-16-2004.  36 hrs of instruction relative to Basic Network Forensics.  The course included the installation and configuration of popular Network Operating Systems such as Windows XP, Windows 2003 Server, Netware, and Linux. From a forensic perspective, instruction was given on how to gain both file system and operating system access while still ensuring the integrity of your evidence.

 

 

The National White Collar Crime Center - Advanced Data and Recovery Analysis - Microsoft Windows NT/2000/XP 03-11-2005.  36 hrs of instruction on the handling and recover of computer related evidence from Windows NT / 2000 / XP operating systems.

 

International Association of Computer Investigative Specialists – Certified Electronic Evidence Collection Specialist 04-29-2005.  16 hrs of instruction on the Collection and preservation of Electronic evidence.

 

International Association of Computer Investigative Specialists – Forensic Computer Examiner Training Program 05-06-2005.  80 hrs of instruction on computer forensics.

 

New Horizons Computer Learning Centers –A+ Certification – hardware 07-07-2005

 

New Horizons Computer Learning Centers –A+ Certification – Software 07-23-2005

 

 

The National White Collar Crime Center Windows Internet Trace Evidence Cybercop 302 (INET) –01/26/2006.  32 hrs. of training dealing with Windows Internet Trace evidence.  The course revolved around obtaining and analyzing trace evidence from popular web browsers like Internet Explorer, Netscape and FireFox, as well as obtaining trace evidence from popular chat software programs such as AIM, MSN messenger, Yahoo Chat, and others.

 

The National White Collar Crime Center- Cyber Investigation 100 (STOP) Secure Techniques for Onsite Preview – 03/21/2006.  16 hrs of instruction relating to secure techniques for previewing hard drives for evidence onsite, prior to confiscation.

 

Guidance Software EnCE Certified Examiner – Guidance Software encase certified examiner status obtained 07-18-2007

 

Vista Forensics – 7 hrs of training. This advanced AccessData workshop provides the knowledge and skills necessary to analyze Microsoft® Windows Vista™ operating system artifacts and file system mechanics using Forensic Toolkit (FTK), FTK Imager, Password Recovery Toolkit (PRTK), and Registry Viewer. This 7 hour course of instruction dealt with the following:

o GUID Partition Tables. (GPT):

o File Structure Changes: in the Windows Vista environment.
o BitLocker-Full Volume Encryption (FVE): 10-05-2007

 

Windows forensics    10-23-2007 through 10-25-2007 - 24 hours of instruction  -Advanced Accessdata training course that provided  knowledge and necessary skills to conduct forensic examinations  and investigations on Microsoft Windows systems.  During the three day training course the following techniques were discussed, learned and practiced:

• Use advanced search options such as stemming, phonic, AND/OR operators and fuzzy logic.

• Create regular expressions.

• Create a Known File Filter^™ (KFF^™) from an empty HDB file.

• Use the Registry Viewer to locate evidentiary information in Windows 9x, 2K and XP registry files.

• Integrate Registry Viewer with FTK.

• Recover forensic information from Recycle Bin INFO2 files.

• Recover forensic information from Thumbs.db files.

• Identify and recover forensic information from OLE metadata.

• Recover forensic information from Windows link and print spool files.

• Use PRTK to recover user login passwords from the Windows SAM file and decrypt files with extended ASCII passwords.

• Use FTK and PRTK to recover EFS encrypted files on Windows 2000 and XP systems, including Windows XP SP1 and

• Recover forensic information from alternate data streams.

 

 

 

 

Encase Advanced Computer Forensics 05-19-2008 – 05-22-2008

This hands-on course is designed for examiners with advanced computer skills and two or more years of experience working in the field of computer forensics. Participants learn advanced data recovery techniques of artifacts in many of the file systems supported by EnCase. Delivery method: Group-Live. NASBA defined level: advanced.

Emphasis is placed on file system artifacts. This course provides in-depth coverage on topics including

· Students did recover NTFS artifacts in NT 4.0, Windows 2000, and Windows® XP

· Students did parse and examine the NTFS Registry

· Students did recover NTFS log files

· This course did address technical issues associated with NTFS file systems

· Students did learn about hardware and software RAIDs

· Students did learn the principles of encrypted data recovery

· Students did learn about Linux and Unix file system artifacts

· Students did learn how to recover Linux partitions

· Students did learn about Macintosh® file system artifacts

· This course did review and reinforce the EnCase Computer Forensic Methodology

· Students did learn advanced NTFS data recovery techniques

Students did composing Filters, Conditions and Queries within EnCase

 

 

AccessData software (Forensic Toolkit) Certified Examiner—07-13-2009

 

 

 

EXPERT TESTIMONY

 

05-30-2007 Recognized as Expert Witness Court of Common Pleas, Lawrence County Pa.  Judge J. Craig COX

07-10-2007 Recognized as Expert Witness Court of Common Pleas, Lawrence Co. Pa. Judge PICCONE

09-25-2007 Recognized as Expert Witness Court of Common Pleas, Beaver co. Pa.  Judge John P. DOHANICH

 

In addition to the aforementioned expert testimony, I have testified numerous times in both Federal and Commonwealth court relating to criminal matters.

 

 

 

Professional Memberships

 

Fraternal Order of Police, Brady Paul Memorial Lodge, Member since October, 1986

American Association of State Troopers, Member Since 1991

 

International Association of Computer Investigative Specialists, Member since April 2005