EC Council Computer Hacking Forensic Investigator Course & Exam

Document created by Matthew Bradley Employee on Oct 8, 2018Last modified by Joseph Cantor on Nov 6, 2019
Version 7Show Document
  • View in full screen mode

Schedule & Register

Schedule Only



In order to register for a class, you need to first create a Dell Education account

If you need further assistance, contact us



CHFI v9 covers detailed methodological approach to computer forensic and evidence analysis. It provides the necessary skillset for identification of intruder’s footprints and gathering necessary evidence for its prosecution. All major tools and theories used by cyber forensic industry are covered in the curriculum. The certification can fortify the applied knowledge level of law enforcement personnel, system administrators, security officers, defense and military personnel, legal professionals, bankers, computer and network security professionals, and anyone who is concerned about the integrity of the network and digital investigations. CHFI provides necessary skills to perform effective digital forensic investigation It is a comprehensive course covering major forensic investigation scenarios that enables students to acquire necessary hands-on experience on various forensic investigation techniques and standard forensic tools necessary to successfully carryout computer forensic investigation leading to prosecution of perpetrators CHFI presents a methodological approach to computer forensic including searching and seizing, chain-of-custody, acquisition, preservation, analysis and reporting of digital evidence.



• Police and other law enforcement personnel

• Defense and Military personnel .

• e-Business Security professionals

• Systems administrators

• Legal professionals

• Banking, Insurance and other professionals

• Government agencies

• IT managers 



5 days (ILT)


Prerequisite Knowledge/Skills

Students should have a basic knowledge of computer science and networks. 


Course Objectives

Upon successful completion of this course, participants should be able to:

• Perform incident response and forensics

• Perform electronic evidence collections

• Perform digital forensic acquisitions

• Perform bit-stream Imaging/acquiring of the digital media seized during the process of investigation.

• Examine and analyze text, graphics, multimedia, and digital images

• Conduct thorough examinations of computer hard disk drives, and other electronic data storage media

• Recover information and electronic data from computer hard drives and other data storage devices

• Follow strict data and evidence handling procedures

• Maintain audit trail (i.e., chain of custody) and evidence integrity

• Work on technical examination, analysis and reporting of computer-based evidence

• Prepare and maintain case files

• Utilize forensic tools and investigative methods to find electronic data, including Internet use history, word processing documents, images and other files

• Gather volatile and non-volatile information from Windows, MAC and Linux

• Recover deleted files and partitions in Windows, Mac OS X, and Linux

• Perform keyword searches including using target words or phrases

• Investigate events for evidence of insider threats or attacks

• Support the generation of incident reports and other collateral

• Investigate and analyze all response activities related to cyber incidents

• Plan, coordinate and direct recovery activities and incident analysis tasks

• Examine all available information and supporting evidence or artefacts related to an incident or event

• Collect data using forensic technology methods in accordance with evidence handling procedures, including collection of hard copy and electronic documents • Conduct reverse engineering for known and suspected malware files

• Perform detailed evaluation of the data and any evidence of activity in order to analyze the full circumstances and implications of the event

• Identify data, images and/or activity which may be the target of an internal investigation

• Establish threat intelligence and key learning points to support pro-active profiling and scenario modelling

• Search file slack space where PC type technologies are employed

• File MAC times (Modified, Accessed, and Create dates and times) as evidence of access and event sequences

• Examine file type and file header information

• Review e-mail communications including web mail and Internet Instant Messaging programs

• Examine the Internet browsing history

• Generate reports which detail the approach, and an audit trail which documents actions taken to support the integrity of the internal investigation process

• Recover active, system and hidden files with date/time stamp information

• Crack (or attempt to crack) password protected files

• Perform anti-forensics detection

• Maintain awareness and follow laboratory evidence handling, evidence examination, laboratory safety, and laboratory security policy and procedures

• Play a role of first responder by securing and evaluating a cybercrime scene, conducting preliminary interviews, documenting crime scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence, reporting of the crime scene

• Perform post-intrusion analysis of electronic and digital media to determine the who, where, what, when, and how the intrusion occurred

• Apply advanced forensic tools and techniques for attack reconstruction

• Perform fundamental forensic activities and form a base for advanced forensics

• Identify and check the possible source/incident origin

• Perform event correlation

• Extract and analyze logs from various devices such as proxies, firewalls, IPSes, IDSes, Desktops, laptops, servers, SIM tools, routers, switches, AD servers, DHCP servers, Access Control Systems, etc.

• Ensure that reported incident or suspected weaknesses, malfunctions and deviations are handled with confidentiality

• Assist in the preparation of search and seizure warrants, court orders, and subpoenas

• Provide expert witness testimony in support of forensic examinations conducted by the examiner 


Course Outline

Computer Forensics in Today’s World

Computer Forensics Investigation Process Module

3 Understanding Hard Disks and File Systems 

Data Acquisition and Duplication

Defeating Anti-Forensics Techniques

Operating System Forensics

Network Forensics

Investigating Web Attacks

Database Forensics

Cloud Forensics

Malware Forensics

Investigating Email Crimes

Mobile Forensics

Forensics Report Writing and Presentation 


Schedule & Register

Schedule Only



In order to register for a class, you need to first create a Dell Education account

If you need further assistance, contact us