Reviewed by Scar de Courcier, Forensic Focus
On the 21st and 22nd of March 2016, Nuix ran a Foundations Investigations Training course in London to introduce forensic examiners to Nuix 6.2.7. The course was aimed at people who were new to the software, and took participants through all aspects of investigations from a basic level upwards.Course Structure
The Nuix Investigator training course normally runs over three days. The one I attended was condensed into two days, however, due to a conference and the Easter bank holiday both occurring later in the week.
The training took place at the Learning Tree building next to Euston station, which was a good location for such a course. Although the computers were a little slow – something that was fed back to Learning Tree by Nuix – the building was well set up for courses, and the options for break and lunchtimes were good. This led to a comfortable environment in which to study a course, the importance of which should not be underestimated.
Upon arriving in the classroom, students were presented with a manual and a USB. The manual was used throughout the course and was helpful as a point of reference for various sections. The manual is a useful tool as it serves as an ongoing reminder after the course is over, but it also allows students to follow along throughout the course and read a little more about subjects in which they have a particular interest.
The instructor, Pete Williams, was friendly and welcoming, and encouraged participation throughout the course. It is always good to have an instructor who is invested in their students’ progress, and Pete continually demonstrated that he really wanted to make sure everyone was learning and that no one was falling behind. He was patient and understanding, and made sure the course was engaging and interesting.
The course covered all of the basic aspects of using the Nuix Investigator suite, beginning with a brief overview of Nuix’s history. As a student, it was interesting to be given an understanding of how the company and the software came into being, and how it has changed over the years.
Once the introductions and overviews were out of the way, we learned how to install and set up Nuix Investigator, and then went through the basics of case creation. This included how to set up a new case, open an existing one, and add evidence items for evaluation. There was a brief overview of the evidence processing settings and features, as well as a useful guide to some basic troubleshooting.
Once the data had been loaded into the case, we set about analysing the evidence. This was broken into two sections: the first included in-depth explanations of the tabs and panes available in Nuix Investigator and their various uses. The second section took a deeper dive into the actual analysis itself: extracting data, tagging items, adding comments and exporting reports were all covered here. Creating hash sets and deduplication were also covered, and this is something that was expanded on later in the course as well.
The majority of the rest of the course focused on utilising the data we had loaded into the case, searching through it and coming to various conclusions. One thing I particularly enjoyed was that the hands-on lab exercises were exactly that: proper exercises. In my experience of forensics training courses in general, student exercises are generally drip-fed by the instructor, thus not allowing the best opportunity for students to learn from their own mistakes. This was not the case here. We were taught how to use the software and then told to go over what we had learned in a variety of practical exercises, which really helped both in terms of breaking up the course into distinct sections and also in terms of memorising the things we had learned.
Towards the end of the second day we went through some scripting exercises, which were interesting and once again provided a good hands-on approach that allowed us as students to put what we had learned to use. The instructor provided an excellent description of the languages used and why they had been chosen, and talked us through the best way to script applications for Nuix Investigator.
All that remained after this was the visual analytics and reporting sections, which took us through evaluations of reporting options, including how to export data to a CSV file and how to create user-friendly graphs that could be understood by non-technical end users.
Overall, I would say that the Nuix Investigator training was one of the best training courses I have attended to date. The instructor was friendly and approachable; the venue comfortable; the course content accessible and interesting; and the pace was excellent.
One thing that made the course particularly good was the instructor’s openness to helping students to apply the things learned to their own work. At various points during the sessions, Pete stopped to note how a particular feature of the software could be used to complement a given student’s role. This was helped by the introductions which we all made at the beginning, and also by the openly conversational nature of the training. As a student, I felt welcome to share my views and ask questions in an environment that was entirely non-judgemental.
When introducing the course, the instructor apologised for the fact that what would normally have been a three-day course was being condensed into two days. He made it clear that if anyone found the pace too fast, or if there were any supplemental questions at any point during or after the training, he was available to address these concerns. However, I actually found the pace to be much better than most of the courses I have been on. Often in forensics training I find my mind wandering when an instructor is explaining the ins and outs of every single option, or I find that there is too much time spent describing what things do and not enough practical exercises.
The Nuix Investigator training, however, had a great balance. The instructor described each feature and option well enough that I knew what it did and how to use it, but not in such depth that I switched off. The practical exercises were frequent and sometimes students were genuinely left to conduct the practical tests on their own, which was a great way to learn to use the software properly. At no point did I feel like I was either lagging behind the rest of the class or flagging in concentration; the pace was really excellent, and I wonder whether condensing courses as much as possible might be a good way to ensure increased student engagement in general.
All in all, therefore, the Nuix Investigator training course has my highest recommendation and is certainly a must for anyone who wants an in-depth introduction to the software.
Nuix is a digital forensics company, helping people to solve challenges relating to investigation, cybersecurity, insider threats, intelligence, litigation, regulation, privacy and risk management. Nuix Foundations – Investigations Training is a course that was designed for new and existing users of Nuix who want to understand how to properly use the Investigator tool.