EC-Council – Computer Hacking Forensic Investigator Certification (CHFI v10)
For the Course
Computer hacking forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks.
Computer crime in today’s cyber world is on the rise. Computer Investigation techniques are being used by police, government, and corporate entities globally and many of them turn to EC-Council for our Digital Forensic Investigator CHFI Certification Program.
Computer Security and Computer investigations are changing terms. More tools are invented daily for conducting Computer Investigations, be it computer crime, digital forensics, computer investigations, or even standard computer data recovery. The tools and techniques covered in EC-Council’s CHFI program will prepare the student to conduct computer investigations using ground-breaking digital forensics technologies.
Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. CHFI investigators can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information known as computer data recovery.
Course Goals:
What You Will Learn ?
Perform incident response and computer forensics | Identify data, images and/or activity which may be the target of an internal investigation |
Perform electronic evidence collections | Establish threat intelligence and key learning points to support pro-active profiling and scenario modelling |
Perform digital forensic acquisitions as an analyst | Search file slack space where PC type technologies are employed |
Perform bit-stream Imaging/acquiring of the digital media seized during the process of investigation. | File MAC times (Modified, Accessed, and Create dates and times) as evidence of access and event sequences |
Examine and analyze text, graphics, multimedia, and digital images | Examine file type and file header information |
Conduct thorough examinations of computer hard disk drives, and other electronic data storage media | Review e-mail communications including web mail and Internet Instant Messaging programs |
Recover information and electronic data from computer hard drives and other data storage devices | Examine the Internet browsing history |
Follow strict data and evidence handling procedures | Generate reports which detail the approach, and an audit trail which documents actions taken to support the integrity of the internal investigation process |
Maintain audit trail (i.e., chain of custody) and evidence integrity | |
Work on technical examination, analysis, and reporting of computer-based evidence | Recover active, system and hidden files with date/time stamp information |
Prepare and maintain case files | Crack (or attempt to crack) password protected files |
Utilize forensic tools and investigative methods to find electronic data, including | Perform anti-forensics detection |
Internet use history, word processing documents, images, and other files | Maintain awareness and follow laboratory evidence handling, evidence examination, laboratory safety, and laboratory security policy and procedures |
Gather volatile and non-volatile information from Windows, MAC, and Linux | Play a role of the first responder by securing and evaluating a cybercrime scene, conducting preliminary interviews, documenting a crime scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence, reporting of the crime scene |
Recover deleted files and partitions in Windows, Mac OS X, and Linux | Perform post-intrusion analysis of electronic and digital media to determine the who, where, what, when, and how the intrusion occurred |
Perform keyword searches including using target words or phrases | Apply advanced forensic tools and techniques for attack reconstruction |
Investigate events for evidence of insider threats or attacks | Perform fundamental forensic activities and form a base for advanced digital forensics |
Support the generation of incident reports and other collateral | Identify and check the possible source/incident origin |
Investigate and analyze all response activities related to cyber incidents | Perform event co-relation |
Plan, coordinate and direct recovery activities and incident analysis tasks | Extract and analyze logs from various devices such as proxies, firewalls, IPSs, IDSes, Desktops, laptops, servers, SIM tools, routers, switches, AD servers, DHCP servers, Access Control Systems, etc. |
Examine all available information and supporting evidence or artifacts related to an incident or event | Ensure that reported incident or suspected weaknesses, malfunctions and deviations are handled with confidentiality |
Collect data using forensic technology methods in accordance with evidence handling procedures, including a collection of hard copy and electronic documents | Assist in the preparation of search and seizure warrants, court orders, and subpoenas |
Conduct reverse engineering for known and suspected malware files | Provide expert witness testimony in support of forensic examinations conducted by the examiner |
Perform detailed evaluation of the data and any evidence of activity in order to analyze the full circumstances and implications of the event |
Course Format:
Присъствен (Classroom) Курс в Учебната ни зала или В Офис на Клиент | Онлайн (Online/Virtual) Курс във виртуална зала с инструктор |
Course Language Option
Български (Bulgarian) | Английски (English) |
You can choose the language in which the training will be conducted - Bulgarian or English. All our instructors are fluent in English.
Student Guides:
The training materials are available in electronic format. They can be used online / offline on any device. Lifetime access.
Lab Environment:
Each student has their own lab environment where the exercises are conducted, part of the course. You do not need to install software on a computer or special hardware requirements. Participants in a face-to-face format in our Training Center have an individual computer during the training.
At Course Completion):
Lifetime Access - Video Archive 24/7 | Certificate of Course Completion |
Lifetime access to a video archive with recording of each individual lecture. Official internationally recognized certificate for completed training course.
Course Duration:
-
5 working days (Monday – Friday 09:00 – 17:00) or 40 uch.ch. training (theory and practice) in non-working hours lasting 1 week Saturday and Sunday 10:00 – 14:00, 14:00 – 18:00, 18:00 – 22:00 Monday and Wednesday 19:00 – 23:00 Tuesday and Thursday 19:00 – 23:00
Payment
An application for an invoice is accepted at the time of enrollment in the respective course. An invoice is issued within 7 days of confirming the payment.
Upcoming Courses
For more information, use the contact form. We will contact you to confirm the dates.
Prerequisites:
-
- If a candidate have completed an official EC-Council training either at an Accredited Training Center, via the iClass platform, or at an approved academic institution, the candidate is eligible to attempt the relevant EC-Council exam without going through the application process.
The course prepares for the following certification levels
- CHFI (Exam Voucher Included). IT-Training.pro is an authorized EC-Council Test Center. You can take the exam with us, after the training.
- The CHFI certification is awarded after successfully passing the exam EC0 312-49. CHFI EC0 312-49 exams are available at ECC exam center around the world. In order to maintain the high integrity of our certifications exams, EC-Council Exams are provided in multiple forms (I.e. different question banks). Each form is carefully analyzed through beta testing with an appropriate sample group under the purview of a committee of subject matter experts that ensure that each of our exams not only has academic rigor but also has “real world” applicability. We also have a process to determine the difficulty rating of each question. The individual rating then contributes to an overall “Cut Score” for each exam form. To ensure each form has equal assessment standards, cut scores are set on a “per exam form” basis. Depending on which exam form is challenged, cut scores can range from 60% to 78%.
FAQs
Features
- Computer Forensics in Today’s World
- Computer Forensics Investigation Process
- Understanding Hard Disks and File Systems
- Operating System Forensics
- Defeating Anti-Forensics Techniques
- Data Acquisition and Duplication
- Network Forensics
- Investigating Web Attacks
- Database Forensics
- Cloud Forensics
- Malware Forensics
- Investigating E-mail Crimes
- Mobile Forensics
- Investigative Reports
Target audiences
- Police and other law enforcement personnel
- Defense and Military personnel
- e-Business Security professionals
- Systems administrators
- Legal professionals
- Banking, Insurance and other professionals
- Government agencies
- IT managers