Network Investigative Techniques Course
Course details
2026
| Session(s) | Location | Start date | End date |
|---|---|---|---|
| 26-01 English | Ottawa | 2026-04-20 | 2026-05-01 |
| 26-02 English | Ottawa | 2026-09-28 | 2026-10-09 |
| 26-03 English | Ottawa | 2026-11-30 | 2026-12-11 |
| Tuition |
|---|
| $5,500.00 |
Notes
- Accommodations are offered to course participants. Our rooms are subject to availability and the request must be indicated on the course registration form
- Meal plans are offered to course participants. The specific meal plan must be indicated on the course registration form
- Travel grant funding is available to our non-federal law enforcement agencies
Description
This course provides the knowledge and skills to conduct searches, seizures and investigations of small, primarily Windows-based computer network environments. In this course, participants learn to collect information, develop a plan, and anticipate on-site needs and possibilities before investigating a computer network environment for evidence of criminal activity. Incorporating the added dimension of computer networking, participants learn effective techniques to ensure the continuity and preservation of seized evidence, to identify and explain the location of found evidence seized, to document the chain of possession, and to present these evidence items in court.
Format and delivery
- Length of course
- 10 days
- Class size
- maximum 20 participants
- Delivery setting
- A combination of a computer classroom and a computer laboratory
Learning outcomes
- Identify legal issues relevant to network investigations
- Formulate a structured approach for investigating a computer network
- Create a physical and a logical map of a computer network
- Identify and locate sources of evidence on networked devices
- Prioritize the collection and processing of evidence found on networked devices
- Perform a triage of evidence obtained from a computer network
- Describe possible coding and inventory issues relevant to network investigations and approaches to solve these
- Identify users of interest on a computer network and the files and folders that these specific users can access
- Demonstrate the seizure of configuration settings and log files from both wired and wireless routers
- Demonstrate the seizure of user and server configuration settings and log files from servers
- Demonstrate the seizure of files and directories from servers and mass storage devices
- Identify the source of Virtual Private Server data and demonstrate the methods of acquiring this digital evidence
- Summarize the tools and techniques used to capture email from a Microsoft Exchange Server
Eligibility and mandatory requirements
- This course is offered to digital forensic analysts working in a technological crime investigative unit or program
- Registrants must have completed: the Computer Forensic Examiners (CMPFOR) course
- Acceptance or refusal in the course is at the discretion of the Canadian Police College
Assessment
- Success in the course is based on attendance, participation and successful completion of all required assignments and learning evaluations
- Various evaluation methods are used, including an assessment of a practical scenario, an assignment, quiz, final written exam, and final practical exam
- Re-testing or re-evaluation is conducted in accordance with the CPC Academic Directives and at the discretion of the Canadian Police College
Contact
For more details or other information about the course, please email cpc_registrar-registraire_ccp@rcmp-grc.gc.ca.
- Date modified: