Computer Hacker Forensic Investigator

Every Crime Leaves a Trail of Evidence


Target Audience

  • Police and other law enforcement personnel
  • Defense and Military personnel
  • e-Business Security professionals
  • Systems administrators
  • Legal professionals
  • Banking, Insurance and other professionals
  • Government agencies
  • IT managers

 Course Details

5-Day, 40-Hour Program

14 comprehensive modules and 39 labs

More than 400 updated tools

  • Well tested, result-oriented, descriptive, and analytical lab manual to evaluate the presented concepts.
  • New and rich presentation style with eye-catching graphics.


  • Number of Questions: 150
  • Test Duration: 4 hours
  • Test Format: MCQ (Multi-Choice Questions)
  • Test Delivery: ECC exam portal

Complete Package USD $720


register today


Computer Hacking Forensic Investigators 

Digital forensic practices stem from forensic science, the science of collecting and examining evidence or materials. Digital or computer forensics focuses on the digital domain including computer forensics, network forensics, and mobile forensics. As the cybersecurity profession evolves, organizations are learning the importance of employing digital forensic practices into their everyday activities. Computer forensic practices can help investigate attacks, system anomalies, or even help System administrators detect a problem by defining what is normal functional specifications and validating system information for irregular behaviors. In the event of a cyber-attack or incident, it is critical investigations be carried out in a manner that is forensically sound to preserve evidence in the event of a breach of the law.

Far too many cyber-attacks are occurring across the globe where laws are clearly broken and due to improper or non-existent forensic investigations, the cybercriminals go either unidentified, undetected, or are simply not prosecuted. Cybersecurity professionals who acquire a firm grasp on the principles of digital forensics can become invaluable members of Incident Handling and Incident response teams. The Computer Hacking Forensic Investigator course provides a strong baseline knowledge of key concepts and practices in the digital forensic domains relevant to today’s organizations. CHFI provides its attendees with a firm grasp on the domains of digital forensics.



Computer Security and Computer investigations are changing terms. More tools are invented daily for conducting Computer Investigations, be it computer crime, digital forensics, computer investigations, or even standard computer data recovery. The tools and techniques covered in the CHFI program will prepare the students to conduct computer investigations using groundbreaking digital forensics technologies.

More about CHFI v9

Computer hacking forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks.

CHFI covers the detailed methodological approach including searching and seizing, chain-of-custody, acquisition, preservation, analysis, and reporting of digital evidence to computer forensic and evidence analysis.

It provides the necessary skill set for the identification of intruder’s footprints and gathering necessary evidence for its prosecution. All major tools and theories used by the cyber forensic industry are covered in the curriculum.

CHFI also provides necessary skills to perform an effective digital forensic investigation It is a comprehensive course covering major forensic investigation scenarios that enables students to acquire necessary hands-on experience on various forensic investigation techniques and standard forensic tools necessary to successfully carry out computer forensic investigation leading to the prosecution of perpetrators.




Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. CHFI investigators can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information known as computer data recovery.

The EC-Council’s CHFI certifies individuals in the specific security discipline of computer forensics from a vendor-neutral perspective. The digital forensics certification will fortify the application knowledge of law enforcement personnel, system administrators, security officers, defense and military personnel, legal professionals, bankers, security professionals, and anyone who is concerned about the integrity of the network infrastructure. 

Here is what our experts have to say about Digital Forensics Skills

Cybersecurity as a profession has seen tremendous growth over the past 10 years and EC-Council has been on the leading edge of this profession. Practices in Network Defense, Ethical Hacking, and Penetration Testing have proven to be the pillars of cybersecurity teams across the globe and Digital Forensics is no exception. Whether you operate a team of 2 or 2,000 to tackle cyber issues facing your organization, digital forensics must be a part of the equation as a critical skill and daily practice. To learn more about the Digital Forensics domain, visit – What is Digital Forensics


  • EC-Council is one of the few organizations that specialize in information security (IS) to achieve ANSI 17024 accreditation for its Computer Hacking Forensic Investigator certification

  • The CHFI v9 program has been redesigned and updated after thorough investigation including current market requirements, job tasks analysis, and recent industry focus on forensic skills
  • It is designed and developed by experienced subject matter experts and digital forensics practitioners
  • CHFI is a complete vendor-neutral course covering all major forensics investigations technologies and solutions

  • CHFI has detailed labs for the hands-on learning experience. On average, approximately 40% of training time is dedicated to labs
  • It covers all the relevant knowledge-bases and skills to meets with regulatory compliance standards such as ISO 27001, PCI DSS, SOX, HIPPA, etc.
  • The student kit contains a large number of white papers for additional reading
  • The program presents a repeatable forensics investigation methodology required from a versatile digital forensic professional which increases employability

  • The student kit contains several forensics investigation templates for evidence collection, chain-of-custody, final investigation reports, etc.
  • The program comes with cloud-based virtual labs enabling students to practice various investigation techniques in a real-time and simulated environment


CHFI v9 Course Outline

CHFI v9 curriculum is a comprehensive course with 14 training modules covering major forensic investigation scenarios.

Module 01: Computer Forensics in Today’s World

Understanding Computer Forensics

Why and When Do You Use Computer Forensics?

Cyber Crime (Types of Computer Crimes)

Case Study

Challenges Cyber Crimes Present For Investigators

Cyber Crime Investigation

Rules of Forensics Investigation

Understanding Digital Evidence

Types of Digital Evidence

Characteristics of Digital Evidence

Role of Digital Evidence

Sources of Potential Evidence

Rules of Evidence

Forensics Readiness

Computer Forensics as part of an Incident Response Plan

Need for Forensic Investigator

Roles and Responsibilities of Forensics Investigator

What makes a Good Computer Forensics Investigator?

Investigative Challenges

Legal and Privacy Issues

Code of Ethics

Accessing Computer Forensics Resources

Module 02: Computer Forensics Investigation Process

Importance of Computer Forensics Process

Phases Involved in the Computer Forensics Investigation Process

Pre-investigation Phase

Setting Up a Computer Forensics Lab

Build the Investigation Team

Review Policies and Laws

Establish Quality Assurance Processes

Data Destruction Industry Standards

Risk Assessment

Investigation Phase

Investigation Process

Computer Forensics Investigation Methodology: First Response

Computer Forensics Investigation Methodology: Search and Seizure

Computer Forensics Investigation Methodology: Collect the Evidence

Computer Forensics Investigation Methodology: Secure the Evidence

Computer Forensics Investigation Methodology: Data Acquisition

Computer Forensics Investigation Methodology: Data Analysis

Post-investigation Phase

Evidence Assessment

Documentation and Reporting

Testify as an Expert Witness

Module 03: Understanding Hard Disks and File Systems

Hard Disk Drive Overview

Disk Partitions and Boot Process

Understanding File Systems

RAID Storage System

File System Analysis

Module 04: Data Acquisition and Duplication

Data Acquisition and Duplication Concepts

Static Acquisition

Validate Data Acquisitions

Acquisition Best Practices

Module 05: Defeating Anti-forensics Techniques

What is Anti-Forensics?

Anti-Forensics techniques

Data/File Deletion

Password Protection


Data Hiding in File System Structures

Trail Obfuscation

Artifact Wiping

Overwriting Data/Metadata


Encrypted Network Protocols

Program Packers


Minimize Footprint

Exploiting Forensic Tools Bugs

Detecting Forensic Tool Activities

Anti-Forensics Countermeasures

Anti-Forensics Challenges

Anti-forensics Tools

Module 06: Operating System Forensics (Windows, Mac, Linux)

Introduction to OS Forensics

Windows Forensics

Collecting Volatile Information

Collecting Non-Volatile Information

Analyze the Windows thumbcaches

Windows Memory Analysis

Windows Registry Analysis

Cache, Cookie, and History Analysis

Windows File Analysis

Metadata Investigation

Text-Based Logs

Other Audit Events

Forensic Analysis of Event Logs

Windows Forensics Tools

Linux Forensics

Shell Commands

Linux Log files

Collecting Volatile Data

Collecting Non-Volatile Data

MAC Forensics

Introduction to MAC Forensics

MAC Forensics Data

MAC Log Files

MAC Directories

MAC Forensics Tools

Module 07: Network Forensics

Introduction to Network Forensics

Fundamental Logging Concepts

Event Correlation Concepts

Network Forensic Readiness

Network Forensics Steps

Network Traffic Investigation

Documenting the Evidence

Evidence Reconstruction

Module 08: Investigating Web Attacks

Introduction to Web Application Forensics

Web Attack Investigation

Investigating Web Server Logs

Web Attack Detection Tools

Tools for Locating IP Address

WHOIS Lookup Tools

Module 09: Database Forensics

Database Forensics and Its Importance

MSSQL Forensics

MySQL Forensics

MySQL Forensics for WordPress Website Database

Module 10: Cloud Forensics

Introduction to Cloud Computing

Cloud Forensics

Cloud Crimes

Cloud Forensics Challenges

Module 11: Malware Forensics

Introduction to Malware

Introduction to Malware Forensics

General Rules for Malware Analysis

Types of Malware Analysis

Analysis of Malicious Documents

Malware Analysis Challenges

Module 12: Investigating Email Crimes

Email System

Email Crimes (Email Spamming, Mail Bombing/Mail Storm, Phishing, Email Spoofing, Crime via Chat Room, Identity Fraud/Chain Letter)

Email Message

Steps to Investigate Email Crimes and Violation

Email Forensics Tools

Laws and Acts against Email Crimes

Module 13: Mobile Phone Forensics

Mobile Device Forensics

Why Mobile Forensics?

Top Threats Targeting Mobile Devices

Mobile Hardware and Forensics

Mobile OS and Forensics

What Should You Do Before the Investigation?

Mobile Forensics Process

Module 14: Forensics Report Writing and Presentation

Writing Investigation Reports

Expert Witness Testimony

Dealing with Media


 What will you learn?

  • Perform incident response and computer forensics
  • Perform electronic evidence collections
  • Perform digital forensic acquisitions as an analyst
  • Perform bit-stream Imaging/acquiring of the digital media seized during the process of investigation.
  • Examine and analyze text, graphics, multimedia, and digital images
  • Conduct thorough examinations of computer hard disk drives, and other electronic data storage media
  • Recover information and electronic data from computer hard drives and other data storage devices
  • Follow strict data and evidence handling procedures
  • Maintain audit trail (i.e., chain of custody) and evidence integrity
  • Work on the technical exams, analysis, and reporting of computer-based evidence
  • Prepare and maintain case files
  • Utilize forensic tools and investigative methods to find electronic data, including
  • Internet use history, word processing documents, images, and other files
  • Gather volatile and non-volatile information from Windows, MAC, and Linux

  • Recover deleted files and partitions in Windows, Mac OS X, and Linux 
  • Perform keyword searches including using target words or phrases
  • Investigate events for evidence of insider threats or attacks
  • Support the generation of incident reports and other collateral
  • Investigate and analyze all response activities related to cyber incidents
  • Plan, coordinate and direct recovery activities and incident analysis tasks
  • Examine all available information and supporting evidence or artifacts related to an incident or event
  • Collect data using forensic technology methods in accordance with evidence handling procedures, including a collection of hard copy and electronic documents
  • Conduct reverse engineering for known and suspected malware files
  • Perform detailed evaluation of the data and any evidence of activity in order to analyze the full circumstances and implications of the event
  • Identify data, images and/or activity which may be the target of an internal investigation
  • Establish threat intelligence and key learning points to support pro-active profiling and scenario modeling
  • Search file slack space where PC type technologies are employed
  • File MAC times (Modified, Accessed, and Create dates and times) as evidence of access and event sequences
  • Examine file type and file header information

  • Review e-mail communications including webmail and Internet Instant Messaging programs
  • Examine the Internet browsing history
  • Generate reports which detail the approach, and an audit trail which documents actions taken to support the integrity of the internal investigation process
  • Recover active, system and hidden files with date/time stamp information
  • Perform anti-forensics detection.
  • Maintain awareness and follow laboratory evidence handling, evidence examination, laboratory safety, and security policy and procedures.
  • Perform fundamental forensic activities and form a base for advanced digital forensics
  • Play a role of the first responder by securing and evaluating a cybercrime scene, conducting preliminary interviews, documenting a crime scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence, reporting of the crime scene
  • Perform post-intrusion analysis of electronic and digital media to determine the who, where, what, when, and how the intrusion occurred
  • Apply advanced forensic tools and techniques for attack reconstruction.
  • Identify and check the possible source/incident origin
  • Perform event co-relation
  • Extract and analyze logs from various devices such as proxies, firewalls, IPSs, IDSes, Desktops, laptops, servers, SIM tools, routers, switches, AD servers, DHCP servers, Access Control Systems, etc.
  • Ensure that reported incident or suspected weaknesses, malfunctions and deviations are handled with confidentiality
  • Assist in the preparation of search and seizure warrants, court orders, and subpoenas
  • Provide expert witness testimony in support of forensic examinations conducted by the examiner

CHFI Exams

Prove Your Skills and Abilities With Online, Practical Examinations.

The CHFI certification is awarded after successfully passing the exam EC0 312-49. CHFI EC0 312-49 exams are available at the ECC exam center around the world.

CHFI Exam Details

  • Number of Questions: 150
  • Test Duration: 4 hours
  • Test Format: Multiple choice
  • Test Delivery: ECC exam portal

Passing Score

In order to maintain the high integrity of our certification exams, EC-Council Exams are provided in multiple forms (I.e. different question banks). Each form is carefully analyzed through beta testing with an appropriate sample group under the purview of a committee of subject matter experts that ensure that each of our exams not only has academic rigor but also has “real world” applicability. We also have a process to determine the difficulty rating of each question. The individual rating then contributes to an overall “Cut Score” for each exam form. To ensure each form has equal assessment standards, cut scores are set on a “per exam form” basis. Depending on which exam form is challenged, cut scores can range from 60% to 78%.

Forensic Tracks and CHFI Career Path

if you would like to pursue your career beyond CHFI, you have many paths you can choose from:

  1. If you would like to be a licensed security consultant, apply to become a Licensed Penetration Tester (LPT).
  2. If you would like to become a trainer, apply to become a Certified EC-Council Instructor (CEI)
  3. If you would like to be a multi-domain expert, earn the Certified Ethical Hacking (CEH), Certified Application Security Engineer (CASE), or choose from many other specialized certifications.
  4. If you would like to earn a master’s degree in IT Security, consider applying for the EC-Council University (ECU) Master of Security Sciences (MSS). By earning the CHFI credential you have automatically earned 3 credits towards the degree.

13 Safe practices from Digital Forensic experts to SMEs amid COVID-19


USD $720 / iLearn Kits


  • 1 Year Full Access on Video Training
  • 6 Months Access to iLab Machines
  • 1 Year Access on Book, Slides, and Materials
  • 24x7x365 support
  • Exam Voucher Included
  • Certificate of Attendance 
  • 1-hour Free Consultation 
  • 5% OFF on 3+ Kits

Groups Purchases 

Starts from 5 iLearn Kits


  • All Personal Package
  • The best option for Institutions, Universities, Companies, Organizations, and Startups 
  • 7% OFF on 5+ Kits
  • 10% OFF on 10+ Kits
  • 12% OFF on 15+ Kits
  • 15% OFF on 20+ Kits
  • 25+ Kits Contact us 

iLearn Kits

Additional Promotion 

  • CLICK+ Members get 5% OFF on All Kits
  • Students will get 5% OFF on All Kits
  • Instructors will get 5% OFF on All Kits
  • Offers can NOT be transferred to 3rd party
  • Max 2 Offers will be applied to Purchases

We provide Training and Certification for all levels

* All Prices are in USD including:

  • One Year Access Training Videos
  • 6 Month Access iLab and Scenario
  • Certificate Exam Voucher
  • Certificate of Attendance
  • Online Exam
  • Books, Slides and Course Material
  • 24X7X365 Support


Security Principal and Cyber Awareness

  • CND – Certified Network Defender $720
  • CSCU – Certified Secure Computer User $130
  • ECES – EC-Council Certified Encryption Specialist $400
  • ECSS – EC-Council Certified Security Specialist $400


Hands-On Experience on Cybersecurity

  • CEH – Certified Ethical Hacker $720
  • CEH Practical $200
  • APT – Advanced Penetration Testing $400
  • LPT – Licensed Penetration Tester $999
  • CSA – Certified SOC Analyst $400
  • ECSA – EC-Council Certified Security Analyst $720
  • ECSA Practical $250
  • CPM – Certified Project Management $270


Need more? Don’t worry, we’re here.

  • CHFI – Computer Hacking Forensic Investigator $720
  • ECIH – EC-Council Certified Incident Handler $400
  • CTIA – Certified Threat Intelligence Analyst $400
  • EDRP – EC-Council Disaster Recovery Professional $720
  • CBP – Certified Blockchain Professional $720
  • CASE .NET Certified Application Security Engineer $390
  • CASE  JAVA Certified Application Security Engineer $390
  • CCISO – Certified Chief Information Security Officer $830

Frequently Asked Questions

Questions about the CHFI Program

Should I attend training to attempt the CHFI exam?

EC-Council recommends, but not mandatory, that CHFI aspirants attend formal classroom training or attend to an iLearn Training to reap the maximum benefit of the course and have a greater chance at clearing the examinations.

What are the pre-requisites for taking a CHFI exam?

If you have completed CHFI training (online, instructor-led, or academic learning), you are eligible to attempt the CHFI examination.

What is the eligibility criteria for self-study students?

It is mandatory for you to record two years of information security-related work experience and get the same endorsed by your employer. please contact the CLICK+ training department to get the best recommendation.

I have just completed the training. Can I defer taking a test to a later date?

Yes, you can - subject to the expiry date of your exam voucher. Ensure that you obtain a certificate of attendance upon completion of the training. You may contact your testing center at a later date and schedule the exam.

Why are there different versions for the exam?

EC-Council certifications are under continuous development. We incorporate new techniques and technology as they are made available and are deemed necessary to meet the exam objectives, as students are tested on concepts, techniques, and technology.

Do I have to recertify?

You will need to earn EC-Council Continuing Education Credits (ECE) to maintain the certification. Go to for more information. If you require any assistance on this, please contact

When will I get my certificate once I pass the certification examination?

Upon successfully passing the exam you will receive your digital ANSI accredited CHFI certificate within 7 working days.

How many questions are there in the exam and what is the time duration?

The examination consists of 150 questions. The exam is of 4-hour duration.

Can I review my answers?

You can mark your questions and review your answers before you end the test.

Frame your Future with CLICK+

EC-Council iLearn solution helps you to get trained with the latest techniques and skills in Cybersecurity domains. Click Plus professional team members always proud to help you find the best pathway of your training to promote your future. Wherever you are in your career, we are here to help!



Digital Forensic Blog


[boldgrid_component type=”wp_hootkit-posts-grid” opts=”%7B%22widget-hootkit-posts-grid%5B%5D%5Btitle%5D%22%3A%22%22%2C%22widget-hootkit-posts-grid%5B%5D%5Bcolumns%5D%22%3A%224%22%2C%22widget-hootkit-posts-grid%5B%5D%5Brows%5D%22%3A%221%22%2C%22widget-hootkit-posts-grid%5B%5D%5Bcategory%5D%5B%5D%22%3A%2283%22%2C%22widget-hootkit-posts-grid%5B%5D%5Bviewall%5D%22%3A%22bottom%22%2C%22widget-hootkit-posts-grid%5B%5D%5Bunitheight%5D%22%3A%22%22%2C%22widget-hootkit-posts-grid%5B%5D%5Bshow_title%5D%22%3A1%2C%22widget-hootkit-posts-grid%5B%5D%5Bshow_author%5D%22%3A1%2C%22widget-hootkit-posts-grid%5B%5D%5Bshow_date%5D%22%3A1%2C%22widget-hootkit-posts-grid%5B%5D%5Bshow_cats%5D%22%3A1%2C%22widget-hootkit-posts-grid%5B%5D%5Bshow_tags%5D%22%3A1%2C%22widget-hootkit-posts-grid%5B%5D%5Bfirstpost%5D%5Bauthor%5D%22%3A1%2C%22widget-hootkit-posts-grid%5B%5D%5Bfirstpost%5D%5Bdate%5D%22%3A1%2C%22widget-hootkit-posts-grid%5B%5D%5Bfirstpost%5D%5Bcats%5D%22%3A1%2C%22widget-hootkit-posts-grid%5B%5D%5Bfirstpost%5D%5Btags%5D%22%3A1%2C%22widget-hootkit-posts-grid%5B%5D%5Bfirstpost%5D%5Bcount%5D%22%3A%221%22%2C%22widget-hootkit-posts-grid%5B%5D%5Bfirstpost%5D%5Bfix%5D%22%3A%22na%22%2C%22widget-hootkit-posts-grid%5B%5D%5Bcustomcss%5D%5Bclass%5D%22%3A%22%22%2C%22widget-hootkit-posts-grid%5B%5D%5Bcustomcss%5D%5Bmt%5D%22%3A%22%22%2C%22widget-hootkit-posts-grid%5B%5D%5Bcustomcss%5D%5Bmb%5D%22%3A%22%22%2C%22widget-hootkit-posts-grid%5B%5D%5Bshow_comments%5D%22%3A0%2C%22widget-hootkit-posts-grid%5B%5D%5Bfirstpost%5D%5Bstandard%5D%22%3A0%2C%22widget-hootkit-posts-grid%5B%5D%5Bfirstpost%5D%5Bcomments%5D%22%3A0%7D”]