Computer Hacker Forensic Investigator
Every Crime Leaves a Trail of Evidence
SECURING NETWORKS WITH FORENSIC SCIENCE
Target Audience
- Police and other law enforcement personnel
- Defense and Military personnel
- e-Business Security professionals
- Systems administrators
- Legal professionals
- Banking, Insurance and other professionals
- Government agencies
- IT managers
Course Details
5-Day, 40-Hour Program
14 comprehensive modules and 39 labs
More than 400 updated tools
- Well tested, result-oriented, descriptive, and analytical lab manual to evaluate the presented concepts.
- New and rich presentation style with eye-catching graphics.
Certification
- Number of Questions: 150
- Test Duration: 4 hours
- Test Format: MCQ (Multi-Choice Questions)
- Test Delivery: ECC exam portal
Complete Package USD $720
Computer Hacking Forensic Investigators
Digital forensic practices stem from forensic science, the science of collecting and examining evidence or materials. Digital or computer forensics focuses on the digital domain including computer forensics, network forensics, and mobile forensics. As the cybersecurity profession evolves, organizations are learning the importance of employing digital forensic practices into their everyday activities. Computer forensic practices can help investigate attacks, system anomalies, or even help System administrators detect a problem by defining what is normal functional specifications and validating system information for irregular behaviors. In the event of a cyber-attack or incident, it is critical investigations be carried out in a manner that is forensically sound to preserve evidence in the event of a breach of the law.
Far too many cyber-attacks are occurring across the globe where laws are clearly broken and due to improper or non-existent forensic investigations, the cybercriminals go either unidentified, undetected, or are simply not prosecuted. Cybersecurity professionals who acquire a firm grasp on the principles of digital forensics can become invaluable members of Incident Handling and Incident response teams. The Computer Hacking Forensic Investigator course provides a strong baseline knowledge of key concepts and practices in the digital forensic domains relevant to today’s organizations. CHFI provides its attendees with a firm grasp on the domains of digital forensics.
Computer Security and Computer investigations are changing terms. More tools are invented daily for conducting Computer Investigations, be it computer crime, digital forensics, computer investigations, or even standard computer data recovery. The tools and techniques covered in the CHFI program will prepare the students to conduct computer investigations using groundbreaking digital forensics technologies.
More about CHFI v9
Computer hacking forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks.
CHFI covers the detailed methodological approach including searching and seizing, chain-of-custody, acquisition, preservation, analysis, and reporting of digital evidence to computer forensic and evidence analysis.
It provides the necessary skill set for the identification of intruder’s footprints and gathering necessary evidence for its prosecution. All major tools and theories used by the cyber forensic industry are covered in the curriculum.
CHFI also provides necessary skills to perform an effective digital forensic investigation It is a comprehensive course covering major forensic investigation scenarios that enables students to acquire necessary hands-on experience on various forensic investigation techniques and standard forensic tools necessary to successfully carry out computer forensic investigation leading to the prosecution of perpetrators.
Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. CHFI investigators can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information known as computer data recovery.
The EC-Council’s CHFI certifies individuals in the specific security discipline of computer forensics from a vendor-neutral perspective. The digital forensics certification will fortify the application knowledge of law enforcement personnel, system administrators, security officers, defense and military personnel, legal professionals, bankers, security professionals, and anyone who is concerned about the integrity of the network infrastructure.
Here is what our experts have to say about Digital Forensics Skills
Cybersecurity as a profession has seen tremendous growth over the past 10 years and EC-Council has been on the leading edge of this profession. Practices in Network Defense, Ethical Hacking, and Penetration Testing have proven to be the pillars of cybersecurity teams across the globe and Digital Forensics is no exception. Whether you operate a team of 2 or 2,000 to tackle cyber issues facing your organization, digital forensics must be a part of the equation as a critical skill and daily practice. To learn more about the Digital Forensics domain, visit – What is Digital Forensics
Why CHFI?
-
EC-Council is one of the few organizations that specialize in information security (IS) to achieve ANSI 17024 accreditation for its Computer Hacking Forensic Investigator certification
- The CHFI v9 program has been redesigned and updated after thorough investigation including current market requirements, job tasks analysis, and recent industry focus on forensic skills
- It is designed and developed by experienced subject matter experts and digital forensics practitioners
-
CHFI is a complete vendor-neutral course covering all major forensics investigations technologies and solutions
- CHFI has detailed labs for the hands-on learning experience. On average, approximately 40% of training time is dedicated to labs
- It covers all the relevant knowledge-bases and skills to meets with regulatory compliance standards such as ISO 27001, PCI DSS, SOX, HIPPA, etc.
- The student kit contains a large number of white papers for additional reading
-
The program presents a repeatable forensics investigation methodology required from a versatile digital forensic professional which increases employability
- The student kit contains several forensics investigation templates for evidence collection, chain-of-custody, final investigation reports, etc.
-
The program comes with cloud-based virtual labs enabling students to practice various investigation techniques in a real-time and simulated environment
CHFI v9 Course Outline
CHFI v9 curriculum is a comprehensive course with 14 training modules covering major forensic investigation scenarios.
Understanding Computer Forensics
Why and When Do You Use Computer Forensics?
Cyber Crime (Types of Computer Crimes)
Case Study
Challenges Cyber Crimes Present For Investigators
Cyber Crime Investigation
Rules of Forensics Investigation
Understanding Digital Evidence
Types of Digital Evidence
Characteristics of Digital Evidence
Role of Digital Evidence
Sources of Potential Evidence
Rules of Evidence
Forensics Readiness
Computer Forensics as part of an Incident Response Plan
Need for Forensic Investigator
Roles and Responsibilities of Forensics Investigator
What makes a Good Computer Forensics Investigator?
Investigative Challenges
Legal and Privacy Issues
Code of Ethics
Accessing Computer Forensics Resources
Importance of Computer Forensics Process
Phases Involved in the Computer Forensics Investigation Process
Pre-investigation Phase
Setting Up a Computer Forensics Lab
Build the Investigation Team
Review Policies and Laws
Establish Quality Assurance Processes
Data Destruction Industry Standards
Risk Assessment
Investigation Phase
Investigation Process
Computer Forensics Investigation Methodology: First Response
Computer Forensics Investigation Methodology: Search and Seizure
Computer Forensics Investigation Methodology: Collect the Evidence
Computer Forensics Investigation Methodology: Secure the Evidence
Computer Forensics Investigation Methodology: Data Acquisition
Computer Forensics Investigation Methodology: Data Analysis
Post-investigation Phase
Evidence Assessment
Documentation and Reporting
Testify as an Expert Witness
Hard Disk Drive Overview
Disk Partitions and Boot Process
Understanding File Systems
RAID Storage System
File System Analysis
Data Acquisition and Duplication Concepts
Static Acquisition
Validate Data Acquisitions
Acquisition Best Practices
What is Anti-Forensics?
Anti-Forensics techniques
Data/File Deletion
Password Protection
Steganography
Data Hiding in File System Structures
Trail Obfuscation
Artifact Wiping
Overwriting Data/Metadata
Encryption
Encrypted Network Protocols
Program Packers
Rootkits
Minimize Footprint
Exploiting Forensic Tools Bugs
Detecting Forensic Tool Activities
Anti-Forensics Countermeasures
Anti-Forensics Challenges
Anti-forensics Tools
Introduction to OS Forensics
Windows Forensics
Collecting Volatile Information
Collecting Non-Volatile Information
Analyze the Windows thumbcaches
Windows Memory Analysis
Windows Registry Analysis
Cache, Cookie, and History Analysis
Windows File Analysis
Metadata Investigation
Text-Based Logs
Other Audit Events
Forensic Analysis of Event Logs
Windows Forensics Tools
Linux Forensics
Shell Commands
Linux Log files
Collecting Volatile Data
Collecting Non-Volatile Data
MAC Forensics
Introduction to MAC Forensics
MAC Forensics Data
MAC Log Files
MAC Directories
MAC Forensics Tools
Introduction to Network Forensics
Fundamental Logging Concepts
Event Correlation Concepts
Network Forensic Readiness
Network Forensics Steps
Network Traffic Investigation
Documenting the Evidence
Evidence Reconstruction
Introduction to Web Application Forensics
Web Attack Investigation
Investigating Web Server Logs
Web Attack Detection Tools
Tools for Locating IP Address
WHOIS Lookup Tools
Database Forensics and Its Importance
MSSQL Forensics
MySQL Forensics
MySQL Forensics for WordPress Website Database
Introduction to Cloud Computing
Cloud Forensics
Cloud Crimes
Cloud Forensics Challenges
Introduction to Malware
Introduction to Malware Forensics
General Rules for Malware Analysis
Types of Malware Analysis
Analysis of Malicious Documents
Malware Analysis Challenges
Email System
Email Crimes (Email Spamming, Mail Bombing/Mail Storm, Phishing, Email Spoofing, Crime via Chat Room, Identity Fraud/Chain Letter)
Email Message
Steps to Investigate Email Crimes and Violation
Email Forensics Tools
Laws and Acts against Email Crimes
Mobile Device Forensics
Why Mobile Forensics?
Top Threats Targeting Mobile Devices
Mobile Hardware and Forensics
Mobile OS and Forensics
What Should You Do Before the Investigation?
Mobile Forensics Process
Writing Investigation Reports
Expert Witness Testimony
Dealing with Media
What will you learn?
- Perform incident response and computer forensics
- Perform electronic evidence collections
- Perform digital forensic acquisitions as an analyst
- Perform bit-stream Imaging/acquiring of the digital media seized during the process of investigation.
- Examine and analyze text, graphics, multimedia, and digital images
- Conduct thorough examinations of computer hard disk drives, and other electronic data storage media
- Recover information and electronic data from computer hard drives and other data storage devices
- Follow strict data and evidence handling procedures
- Maintain audit trail (i.e., chain of custody) and evidence integrity
- Work on the technical exams, analysis, and reporting of computer-based evidence
- Prepare and maintain case files
- Utilize forensic tools and investigative methods to find electronic data, including
- Internet use history, word processing documents, images, and other files
- Gather volatile and non-volatile information from Windows, MAC, and Linux
- Recover deleted files and partitions in Windows, Mac OS X, and Linux
- Perform keyword searches including using target words or phrases
- Investigate events for evidence of insider threats or attacks
- Support the generation of incident reports and other collateral
- Investigate and analyze all response activities related to cyber incidents
- Plan, coordinate and direct recovery activities and incident analysis tasks
- Examine all available information and supporting evidence or artifacts related to an incident or event
- Collect data using forensic technology methods in accordance with evidence handling procedures, including a collection of hard copy and electronic documents
- Conduct reverse engineering for known and suspected malware files
- Perform detailed evaluation of the data and any evidence of activity in order to analyze the full circumstances and implications of the event
- Identify data, images and/or activity which may be the target of an internal investigation
- Establish threat intelligence and key learning points to support pro-active profiling and scenario modeling
- Search file slack space where PC type technologies are employed
- File MAC times (Modified, Accessed, and Create dates and times) as evidence of access and event sequences
- Examine file type and file header information
- Review e-mail communications including webmail and Internet Instant Messaging programs
- Examine the Internet browsing history
- Generate reports which detail the approach, and an audit trail which documents actions taken to support the integrity of the internal investigation process
- Recover active, system and hidden files with date/time stamp information
- Perform anti-forensics detection.
- Maintain awareness and follow laboratory evidence handling, evidence examination, laboratory safety, and security policy and procedures.
- Perform fundamental forensic activities and form a base for advanced digital forensics
- Play a role of the first responder by securing and evaluating a cybercrime scene, conducting preliminary interviews, documenting a crime scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence, reporting of the crime scene
- Perform post-intrusion analysis of electronic and digital media to determine the who, where, what, when, and how the intrusion occurred
- Apply advanced forensic tools and techniques for attack reconstruction.
- Identify and check the possible source/incident origin
- Perform event co-relation
- Extract and analyze logs from various devices such as proxies, firewalls, IPSs, IDSes, Desktops, laptops, servers, SIM tools, routers, switches, AD servers, DHCP servers, Access Control Systems, etc.
- Ensure that reported incident or suspected weaknesses, malfunctions and deviations are handled with confidentiality
- Assist in the preparation of search and seizure warrants, court orders, and subpoenas
- Provide expert witness testimony in support of forensic examinations conducted by the examiner
CHFI Exams
Prove Your Skills and Abilities With Online, Practical Examinations.
The CHFI certification is awarded after successfully passing the exam EC0 312-49. CHFI EC0 312-49 exams are available at the ECC exam center around the world.
CHFI Exam Details
- Number of Questions: 150
- Test Duration: 4 hours
- Test Format: Multiple choice
- Test Delivery: ECC exam portal
Passing Score
In order to maintain the high integrity of our certification exams, EC-Council Exams are provided in multiple forms (I.e. different question banks). Each form is carefully analyzed through beta testing with an appropriate sample group under the purview of a committee of subject matter experts that ensure that each of our exams not only has academic rigor but also has “real world” applicability. We also have a process to determine the difficulty rating of each question. The individual rating then contributes to an overall “Cut Score” for each exam form. To ensure each form has equal assessment standards, cut scores are set on a “per exam form” basis. Depending on which exam form is challenged, cut scores can range from 60% to 78%.
Forensic Tracks and CHFI Career Path
if you would like to pursue your career beyond CHFI, you have many paths you can choose from:
- If you would like to be a licensed security consultant, apply to become a Licensed Penetration Tester (LPT).
- If you would like to become a trainer, apply to become a Certified EC-Council Instructor (CEI).
- If you would like to be a multi-domain expert, earn the Certified Ethical Hacking (CEH), Certified Application Security Engineer (CASE), or choose from many other specialized certifications.
- If you would like to earn a master’s degree in IT Security, consider applying for the EC-Council University (ECU) Master of Security Sciences (MSS). By earning the CHFI credential you have automatically earned 3 credits towards the degree.
13 Safe practices from Digital Forensic experts to SMEs amid COVID-19
Personal
USD $720 / iLearn Kits
- 1 Year Full Access on Video Training
- 6 Months Access to iLab Machines
- 1 Year Access on Book, Slides, and Materials
- 24x7x365 support
- Exam Voucher Included
- Certificate of Attendance
- 1-hour Free Consultation
- 5% OFF on 3+ Kits
Groups Purchases
Starts from 5 iLearn Kits
- All Personal Package
- The best option for Institutions, Universities, Companies, Organizations, and Startups
- 7% OFF on 5+ Kits
- 10% OFF on 10+ Kits
- 12% OFF on 15+ Kits
- 15% OFF on 20+ Kits
- 25+ Kits Contact us
iLearn Kits
Additional Promotion
- CLICK+ Members get 5% OFF on All Kits
- Students will get 5% OFF on All Kits
- Instructors will get 5% OFF on All Kits
- Offers can NOT be transferred to 3rd party
- Max 2 Offers will be applied to Purchases
We provide Training and Certification for all levels
* All Prices are in USD including:
- One Year Access Training Videos
- 6 Month Access iLab and Scenario
- Certificate Exam Voucher
- Certificate of Attendance
- Online Exam
- Books, Slides and Course Material
- 24X7X365 Support
Core
Security Principal and Cyber Awareness
- CND – Certified Network Defender $720
- CSCU – Certified Secure Computer User $130
- ECES – EC-Council Certified Encryption Specialist $400
- ECSS – EC-Council Certified Security Specialist $400
Advanced
Hands-On Experience on Cybersecurity
- CEH – Certified Ethical Hacker $720
- CEH Practical $200
- APT – Advanced Penetration Testing $400
- LPT – Licensed Penetration Tester $999
- CSA – Certified SOC Analyst $400
- ECSA – EC-Council Certified Security Analyst $720
- ECSA Practical $250
- CPM – Certified Project Management $270
Expert
Need more? Don’t worry, we’re here.
- CHFI – Computer Hacking Forensic Investigator $720
- ECIH – EC-Council Certified Incident Handler $400
- CTIA – Certified Threat Intelligence Analyst $400
- EDRP – EC-Council Disaster Recovery Professional $720
- CBP – Certified Blockchain Professional $720
- CASE .NET Certified Application Security Engineer $390
- CASE JAVA Certified Application Security Engineer $390
- CCISO – Certified Chief Information Security Officer $830
Frequently Asked Questions
Questions about the CHFI Program
EC-Council recommends, but not mandatory, that CHFI aspirants attend formal classroom training or attend to an iLearn Training to reap the maximum benefit of the course and have a greater chance at clearing the examinations.
If you have completed CHFI training (online, instructor-led, or academic learning), you are eligible to attempt the CHFI examination.
It is mandatory for you to record two years of information security-related work experience and get the same endorsed by your employer. please contact the CLICK+ training department to get the best recommendation.
Yes, you can - subject to the expiry date of your exam voucher. Ensure that you obtain a certificate of attendance upon completion of the training. You may contact your testing center at a later date and schedule the exam.
EC-Council certifications are under continuous development. We incorporate new techniques and technology as they are made available and are deemed necessary to meet the exam objectives, as students are tested on concepts, techniques, and technology.
You will need to earn EC-Council Continuing Education Credits (ECE) to maintain the certification. Go to https://cert.eccouncil.org/ece-policy.html for more information. If you require any assistance on this, please contact https://eccouncil.zendesk.com/anonymous_requests/new
Upon successfully passing the exam you will receive your digital ANSI accredited CHFI certificate within 7 working days.
The examination consists of 150 questions. The exam is of 4-hour duration.
You can mark your questions and review your answers before you end the test.
Frame your Future with CLICK+
EC-Council iLearn solution helps you to get trained with the latest techniques and skills in Cybersecurity domains. Click Plus professional team members always proud to help you find the best pathway of your training to promote your future. Wherever you are in your career, we are here to help!
Digital Forensic Blog