Computer hacking forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks. Computer forensics enables the systematic and careful identification of evidence in computer related crime and abuse cases. This may range from tracing the tracks of a hacker through a client’s systems, to tracing the originator of defamatory emails, to recovering signs of fraud. The CHFI course will provide participants the necessary skills to identify an intruder’s footprints and to properly gather the necessary evidence to prosecute in the court of law.
It is no longer a matter of “will your organization be comprised (hacked)?” but, rather, “when?” Today’s battles between corporations, governments, and countries are no longer fought only in the typical arenas of boardrooms or battlefields using physical force. Now the battlefield starts in the technical realm, which ties into most every facet of modern day life.
If you or your organization requires the knowledge or skills to identify, track, and prosecute the cyber-criminal, then this is the course for you. Many of today’s top tools of the forensic trade will be taught during this course, including software, hardware and specialized techniques.
Learning Objectives
Upon completing this course, students will be able to:
• Establish threat intelligence and key learning points to support pro-active profiling and scenario modeling
• Perform anti-forensic methods detection
• Perform post-intrusion analysis of electronic and digital media to determine the who, where, what, when, and how the intrusion occurred
• Extract and analyze of logs from various devices like proxy, firewall, IPS, IDS, Desktop, laptop, servers, SIM tool, router, firewall, switches AD server, DHCP logs, Access Control Logs & conclude as part of investigation process.
• Identify & check the possible source / incident origin.
• Recover deleted files and partitions in Windows, Mac OS X, and Linux
• Conduct reverse engineering for known and suspected malware files
• Collect data using forensic technology methods in accordance with evidence handling procedures, including collection of hard copy and electronic documents
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):