• Classroom
  • Online, Instructor-Led
Course Description

EC-Council’s Certified Hacking Forensic Investigator (CHFI)
program prepares cybersecurity professionals with the knowledge and skills to perform effective digital forensics investigations and bring their organization into a state of forensic readiness. This includes establishing the forensics process, lab and evidence handling procedures, as well as the investigation procedures required to validate/triage incidents and point the incident
response teams in the right direction. Forensic readiness is crucial as it can differentiate between a minor incident and a major cyber-attack that brings a company to its knees.

This intense hands-on digital forensics program immerses students in over 68 forensic labs, enabling them to work on crafted evidence files and utilize the tools employed by the world's top digital forensics professionals. Students will go beyond traditional hardware and memory forensics and learn current topics such as cloud forensics, mobile and IoT, investigating web application attacks, and malware forensics. CHFI presents a methodological approach to computer forensics, including searching and seizing, chain-of-custody, acquisition, preservation, analysis, and reporting of digital evidence.

Learning Objectives

  • The computer forensic investigation process and the various legal issues involved
  • Evidence searching, seizing and acquisition methodologies in a legal and forensically sound manner
  • Types of digital evidence, rules of evidence, digital evidence examination process, and electronic crime and digital evidence consideration by crime category
  • Roles of the first responder, first responder toolkit, securing and evaluating electronic crime scene, conducting preliminary interviews, documenting electronic crime scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence, and reporting the crime scene
  • Setting up a computer forensics lab and the tools involved in it
  • Various file systems and how to boot a disk
  • Gathering volatile and non-volatile information from Windows
  • Data acquisition and duplication rules
  • Validation methods and tools required
  • Recovering deleted files and deleted partitions in Windows, Mac OS X, and Linux
  • Forensic investigation using Access Data FTK and EnCase
  • Steganography and its techniques
  • Steganalysis and image file forensics
  • Password cracking concepts, tools, and types of password attacks
  • Investigating password protected files
  • Types of log capturing, log management, time synchronization, and log capturing tools
  • Investigating logs, network traffic, wireless attacks, and web attacks
  • Tracking emails and investigate email crimes
  • Mobile forensics and mobile forensics software and hardware tools
  • Writing investigative reports

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):