Advanced CDR Analysis with CDAMS
(Comprehensive Master Class)


Course Outline


Day Time (HH:mm) 24Hrs Activity Session Content
Day 1 09:30-10:00 Registration of Participants
Day 1 10:00-11:15 Session 1 • Introduction to Call Data Records (Fundamentals)
• How Cellular Networks Work
Day 1 11:15-11:45 Break
Day 1 11:45-13:30 Session 2 • Understanding Various Types of Telecom Logs (CDRs)
• Understanding Various Formats of Telecom Logs
  (Delimited, Excel, HTML)
• Tools to Open and View Various Telecom Logs.
Day 1 13:30-14:30 Lunch
Day 1 14:30-16:00 Session 3 • Installation and Configuration of Tools for the Analysis of
   Telecom Data (CDAMS).
   o SQL server installation and configuration.
   o CDAMS installation and configuration.
Day 1 16:00-16:30 Break
Day 1 16:30-18:00 Session 4 • Introduction to the Main CDAMS Graphical User Interface
  (GUI).
• Options to Customize Variables Before Using CDAMS for
   Your First Case.
   o Creating permissions for users with different levels of
       security clearances.
  o Customizing end user and other settings.
Day 2 10:00-11:15 Session 1 • How to Create a Case and Allocate Users to that Case.
• Understanding Individual CDRs/ Billing Logs Module.
• Defining Specifications for Formatting CDRs from Different
   Service Providers.
Day 2 11:15-11:45 Break
Day 2 11:45-13:30 Session 2 • Importing Individual CDRs into the Created Case.
• Decoding Cell Id Information and Subscriber Information for
  the case.
• Analysis of CDRs and extraction of Actionable Intelligence:
  o Determining common numbers & IMEIs between
     various Individual CDRs
  o Location and Movement Analysis of Suspect CDRs on a
     Map.
  o How to use the filters like Date & Time, Duration, Day of
      Week, Call Type, City, State/Circle, Country etc.
  o Matching Case Data with Mobile Forensic Extraction Data.
Day 2 13:30-14:30 Lunch
Day 2 14:30-16:00 Session 3 • Analysis of CDRs Cont.….
  o Identification of Conference & Sandwich Call patterns
  o Bookmarking of Important Data like Numbers, IMEIs, Cell
     Id etc.
  o Identifying calls from a Location of Interest on the Basis
     of Geo-fencing.
  o New number analysis for situations where the suspect
     has disposed of his original cell phone and sim card.
  o Cross Case Analysis for correlation of intelligence
     between cases.
  o Exporting targeted reports from a case.
  o New number analysis for situations where the suspect has
     gotten rid of his original cell phone and associated number
     and switched to a new device and number.
  o Cross case analysis for correlation of data between
     different cases.
  o Exporting a selection of or all the reports in a case.
• Link Analysis using IBM’s i2 Analyst Notebook
  o Sending information in i2 Analyst Notebook for
     creating Association and Time Line charts.
Day 2 16:00-16:30 Break
Day 2 16:30-18:00 Session 4 • Link Analysis using IBM’s i2 Analyst Notebook Cont.….
  o Identification of numbers within close calling clusters.
  o Viewing data in different chart layouts.
  o Using Dynamic Filters to filter out chart information.
  o Identifying a social network from a network of calls using
     Social
     Network Analysis algorithms.
  o Conditional formatting of charts on the basis of simple and
     complex attributes.
  o Exporting charts for briefing & printing in PDF formats.
Day 3 10:00-11:15 Session 1 • Understanding Tower Data Analysis Scenarios
• Creating a Case and Allocating Users.
• Defining specifications for formats of Tower/Mast Dumps
  from different service providers.
• Importing Tower/Mast Dumps into the case.
Day 3 11:15-11:45 Break
Day 3 11:45-13:30 Session 2 • Defining the Analysis Groups on the basis of Date, Time &
  Cell Towers Involved in a Crime.
• Analysis of Tower Data
  o Common Numbers & IMEI between two or more
      different locations.
  o Analysis on the Basis of the Frequency of Calls in the
      Analysis Group.
  o Calls to and from the country and state of interest.
Day 3 13:30-14:30 Lunch
Day 3 14:30-16:00 Session 3 • Analysis of Tower Data Cont.….
  o Identifying target or called numbers in an Analysis Group
      and identifying associations between different Analysis
      Groups.
  o Identifying calls from the same tower.
  o Cross Case Analysis.
Day 3 16:00-16:30 Break
Day 3 16:30-18:00 Session 4 • Filtering Analysis Group Data on the basis of Date, Time,
   Duration, Frequency and Call Type.
• Matching case data with suspect numbers and IMEI’s
   involved in previous crimes.
• Sending email requests for further CDR details of potential
   suspects identified in the case from within the tool.
• Exporting reports.
Day 4 10:00-11:15 Session 1 • Understanding international call data analysis scenarios.
• Creating a case and assigning users.
• Defining specifications for the formats of ISD Dumps from
   different service providers.
• Importing ISD Dumps into the case.
Day 4 11:15-11:45 Break
Day 4 11:45-13:30 Session 2 • Defining CDR Analysis Groups on the basis of Date, Time
   and List of Countries of interest.
• Analysis of ISD Data
   o Identification of countries of Interest in the Analysis Group.
   o Identifying international numbers and domestic numbers of
      interest on the basis of frequency.
Day 4 13:30-14:30 Lunch
Day 4 14:30-16:00 Session 3 • Analysis of ISD Data Cont.….
   o Identifying domestic numbers calling multiple international
      numbers.
   o Identifying domestic numbers calling international numbers
      with different handsets (typically done by prisoners).
   o Identifying calls to hostile countries from protected
      locations like prisons, Armed Forces establishments,
      nuclear power plants etc.
Day 4 16:00-16:30 Break
Day 4 16:30-18:00 Session 4 • Filtering analysis group data on the basis of date, time,
   duration, frequency etc.
• Matching case data with suspect numbers and IMEI’s
   involved in previous crimes.
• Sending email requests to request further CDR
   details of potential suspects identified in the case.
• Exporting reports
Day 5 10:00-11:15 Session 1 • Understanding Gateway Data Analysis scenarios.
• Creating a case and assigning users.
• Defining specifications for formatting Gateway Data Dumps
   from different service providers.
• Importing Gateway Data Dumps into open case.
Day 5 11:15-11:45 Break
Day 5 11:45-13:30 Session 2 • Defining the CDR Analysis Groups on the basis of Date,
   Time & List of Countries of interest.
• Analysis of Gateway Data:
   o Identification of hostile countries involved in the Analysis
      Group.
   o Identifying international and domestic numbers of interest
      on the basis of frequency.
Day 5 13:30-14:30 Lunch
Day 5 14:30-16:00 Session 3 • Filtering Analysis Group data on the basis of date, time,
   duration, frequency etc.
• Matching case data with suspect numbers and IMEI’s
   involved in previous crimes.
• Sending email requests for further CDR details of potential
   suspects identified in the case.
• Exporting Reports.
Day 5 16:00-16:30 Break
Day 5 16:30-18:00 Session 4 • Trouble shooting different crime scenarios.
• Feedback from participants.
• Valediction.
• Group Photo.