EC-Council Computer Hacking Forensic Investigator v9

  • Home
  • Services
  • EC-Council Computer Hacking Forensic Investigator v9


EC-Council Computer Hacking Forensic Investigator v9

Computer Hacking Forensic Investigator Course Overview

Computer Hacking Forensic Investigation (CHFI) is an all-encompassing certification training course devised by EC-council that helps security professionals stay ahead of the curve with extensive know-how of detecting and investigating the cyber-attacks and exploiting all crucial evidences to support the investigation reports. This certification also focuses to explain all vital components to perform security audits ensuring prevention from such attacks in the future. CHFI certification authenticates the expertise of security professionals in overall computer forensics including reporting the incidents of cyber-attacks and hacking attempts in the courts of law.

Computer Hacking Forensic Investigator (CHFI V9) is a vendor-neutral training certification that imbibes extensive understanding of diverse cyber forensic techniques, ultra-moderns forensic tools, footprints collection, and other essential components to conduct far-reaching hacking forensic investigations with hands-on exposure. This training has been exclusively designed to expertly train the professionals intending to advance their career as Forensic Investigators and execute their security roles with more proficiency. It focuses to practically explain miscellaneous foolproof methodologies to address digital forensics concerns in the organization, that constitute core fundamentals of security incidents including security infrastructure analysis tools and techniques to identify and capture legal evidence against the hackers and intruders. CHFI V9 certification enables the cyber investigators to detect incidents such as compromising of the confidential data, trade secret thefts, exploitation of the intellectual property, and digital frauds.

Why take CHFI?

Digital forensics is a key component in Cyber Security. Many people hear the term forensics, or computer forensics, or digital forensics and instantly think that’s just for law enforcement, but the truth is, digital forensics has a key place on every cyber security team. In fact, without it, chances are your organization’s security posture and maturity will fail to see its full potential. Computer forensics is an evolving field that is always moving to match the changes in devices and how they are used for identifying, preserving, analyzing, and recovering data from computers and various digital media storage. Digital data are subjected to legal practices and guidelines when intended to serve as evidence in civil proceedings.

A CHFI certified professional will be equipped to be gainfully employed as a Computer Forensics or a Digital Forensics professional. They will be able to:

Perform incident response and computer forensics Identify data, images and/or activity which may be the target of an internal investigation
Perform electronic evidence collections Establish threat intelligence and key learning points to support pro-active profiling and scenario modelling
Perform digital forensic acquisitions as an analyst Search file slack space where PC type technologies are employed
Perform bit-stream Imaging/acquiring of the digital media seized during the process of investigation. File MAC times (Modified, Accessed, and Create dates and times) as evidence of access and event sequences
Examine and analyze text, graphics, multimedia, and digital images Examine file type and file header information
Conduct thorough examinations of computer hard disk drives, and other electronic data storage media Review e-mail communications including web mail and Internet Instant Messaging programs
Recover information and electronic data from computer hard drives and other data storage devices Examine the Internet browsing history
Follow strict data and evidence handling procedures Generate reports which detail the approach, and an audit trail which documents actions taken to support the integrity of the internal investigation process
Maintain audit trail (i.e., chain of custody) and evidence integrity
Work on technical examination, analysis, and reporting of computer-based evidence Recover active, system and hidden files with date/time stamp information
Prepare and maintain case files Crack (or attempt to crack) password protected files
Utilize forensic tools and investigative methods to find electronic data, including Perform anti-forensics detection
Internet use history, word processing documents, images, and other files Maintain awareness and follow laboratory evidence handling, evidence examination, laboratory safety, and laboratory security policy and procedures
Gather volatile and non-volatile information from Windows, MAC, and Linux Play a role of the first responder by securing and evaluating a cybercrime scene, conducting preliminary interviews, documenting a crime scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence, reporting of the crime scene
Recover deleted files and partitions in Windows, Mac OS X, and Linux Perform post-intrusion analysis of electronic and digital media to determine the who, where, what, when, and how the intrusion occurred
Perform keyword searches including using target words or phrases Apply advanced forensic tools and techniques for attack reconstruction
Investigate events for evidence of insider threats or attacks Perform fundamental forensic activities and form a base for advanced digital forensics
Support the generation of incident reports and other collateral Identify and check the possible source/incident origin
Investigate and analyze all response activities related to cyber incidents Perform event co-relation
Plan, coordinate and direct recovery activities and incident analysis tasks Extract and analyze logs from various devices such as proxies, firewalls, IPSs, IDSes, Desktops, laptops, servers, SIM tools, routers, switches, AD servers, DHCP servers, Access Control Systems, etc.
Examine all available information and supporting evidence or artifacts related to an incident or event Ensure that reported incident or suspected weaknesses, malfunctions and deviations are handled with confidentiality
Collect data using forensic technology methods in accordance with evidence handling procedures, including a collection of hard copy and electronic documents Assist in the preparation of search and seizure warrants, court orders, and subpoenas
Conduct reverse engineering for known and suspected malware files Provide expert witness testimony in support of forensic examinations conducted by the examiner
Perform detailed evaluation of the data and any evidence of activity in order to analyze the full circumstances and implications of the event  
Who would benefit from the CHFI Certification Course?

The CHFI V9 training and certification course have been developed to equip the security professionals accountable for various executing roles pertaining to the computer forensics, incident response, and information system security. It helps the workforce in the roles of:

Target Audience
Digital Forensic Examiner
Computer Crime Investigator
Computer Forensic Analyst
Network Forensic Examiner
Computer Network Defense (CND) Forensic Analyst
Forensic Analyst and technician
Special Agent
Police and other law enforcement personnel
Defense and Military personnel
e-Business Security professionals
Systems administrators
Legal professionals
Banking, Insurance and other professionals
Government agencies
Course Pre-Requisite
  • Basic understanding of IT, cybersecurity, computer forensics, and incident response
  • CEH training and certification recommended
Overview Course Outline About the exam

Learning Objectives for CHFI v9 Training Course

The boundless use of enormous devices worldwide to exchange the information and execute businesses has drastically raised a serious concern to protect and identify the cyber-attacks well-in time. Due to the digital transformation of the businesses, identifying potential threats, preventing cyber-attacks, and investigating the malicious attacks and hacking incidents has become the most challenging task for the organizations.

CHFI V9 certification is a rigorous exam from the EC-Council that focuses on assessing capabilities of the computer forensics professionals in cyber threats, attack detection, forensic investigation, evidence collection, and reporting along with the data recovery to recover compromised, encrypted, or lost data. The primary focus of the certification training from InfoSec Train constitute:

  • In-depth understanding of cyber laws to investigate the cyber-crimes
  • Digital evidence analysis following best practices and evidence rules adhering to specific crime categories
  • Technical know-how of the first responder role, toolkit, preserving and evaluating the digital crime scenes, conducting preliminary interviews, collecting and safeguarding electronic evidence, documenting and reporting the crime incidents aligned to the collected evidence
  • Configuring and deploying computer forensics labs
  • Acquaintance with the image forensics, Steganography, and Steganalysis
  • Test environments to carry out real-like investigations to validate your gained skills
  • Comprehensive theory and practical implementation sessions conducted by the dedicated security professionals from the industry

The Computer Hacking Forensic Investigator (CHFI) course delivers the security discipline of digital forensics from a vendor-neutral perspective. CHFI is a comprehensive course covering major forensic investigation scenarios and enabling students to acquire necessary hands-on experience with various forensic investigation techniques and standard forensic tools necessary to successfully carry out a computer forensic investigation leading to the prosecution of perpetrators.

Module 01: Computer Forensics in Today's World - In this module, we will cover the process need for acquisition, inspection, and reporting of information stored across computers and networks related to the civil or criminal incident.

Module 02: Computer Forensics Investigation Process - This module describes the different stages involved in the complete computer investigation process.

Module 03: Understanding Hard Disks and File Systems - This module describes how the hard disk is an important source of information for the investigator, as well as, understanding the importance of the file system and how data is stored and distributed on the hard disk.

Module 04: Data Acquisition and Duplication - In this module we discuss the initial steps in the forensic investigation process regarding data acquisition and data duplication.

Module 05: Defeating Anti-forensics Techniques - This module covers anti-forensics and the set of techniques that attackers or perpetrators use in order to avert or sidetrack the forensic investigation process.

Module 06: Operating System Forensics (Windows, Mac, Linux) - In this module we cover the process of finding, extracting and analyzing evidences present in the operating system of any computerized device used by the victim, or suspected computer system involved in any security incident.

Module 07: Network Forensics - This module covers how network data flows become visible, and how to enable monitors to track insider misuse and advanced threats.

Module 08: Investigating Web Attacks - his module discusses numerous types of attacks on web servers and applications. Also, it explains the usage of different tools to identify and investigate such web attacks. 

Module 09: Database Forensics - This module discusses the file systems of MSSQL and MySQL servers. Furthermore, it explains the usage of various tools to examine the log files and find the fraudulent transactions.

Module 10: Cloud Forensics - This module starts with an overview of cloud computing concepts. It provides an insight into cloud computing threats and cloud computing attacks. Later, it discusses cloud computing security and the necessary tools. The module ends with an overview of pen-testing steps an ethical hacker should follow to perform a security assessment of the cloud environment. 

Module 11: Malware Forensics - This module will elaborately discuss the different types of malware, their propagation methods, ways to detect them, etc. 

Module 12: Investigating Email Crimes - This module intends to make you familiar with a subject that is currently a prime concern: email crime. This module focuses on how to investigate email crime.

Module 13: Mobile Forensics - This module highlights the precautions that a forensic analyst must take when collection, preserving, and acquiring mobile devices such as smartphones, PDAs, digital cameras, Internet of Things, etc. 

Module 14: Forensics Report Writing and Presentation - This module provides guidelines for an investigator to implement the best practices in the investigations and prepare an effective report.

Exam Codes 312-49 (ECC EXAM)
Number of Questions 150 questions per exam
Type of Questions Multiple choice
Length of Test 4 Hours / 240 Minutes
Testing Provider ECC EXAM PORTAL
Passing Score In order to maintain the high integrity of our certifications exams, EC-Council Exams are provided in multiple forms (I.e. different question banks). Each form is carefully analyzed through beta testing with an appropriate sample group under the purview of a committee of subject matter experts that ensure that each of our exams not only has academic rigor but also has “real world” applicability. We also have a process to determine the difficulty rating of each question. The individual rating then contributes to an overall “Cut Score” for each exam form. To ensure each form has equal assessment standards, cut scores are set on a “per exam form” basis. Depending on which exam form is challenged, cut scores can range from 60% to 78%.

Course Highlights

EC-Council Authorized Partner
96% passing rate
Get certified at an affordable price
Blended learning delivery model
CEI Certified Trainers


  • Unit 15B Penthouse Atherton Place, Tomas Morato, Corner Don A. Roces Ave, Quezon City, 1103 Metro Manila
  • +(632) 7905 8718


View our Course Documents below with the current Curriculum and Pricing presented in an easy to read guide for the course offered.


I have only one matter to highlight after taking the CEH and CHFI papers, "I have no regrets venturing with EC-Council.



After completion of this training and exam, I strongly suggest all IT Professionals to do CHFI for their cybersecurity skills and careers.



Cyber forensic is like finding needle in the haystack but if you burn down the haystack and try to find the needle with a magnet in the stack of ash it becomes a lot easier. EC-Council's C|HFI provides you the magnet, you need to bring the fuel, after completing C|EH, I started studying for C|HFI and passed it. The courseware delivered by EC-Council was great.



Not only did this experience teach me the proper techniques of ethical hacking and the proper process of penetration testing as promised, but it also taught me how to learn independently, how to stick with a problem and find ways of solving it, and perhaps most significantly, the experience taught me the skills that will enable me to continue to develop my security knowledge beyond this certification.



CHFI is highly recommended for professionals in cyber crime investigations. Procedures, methods, processes and tools for investigations are described in detail in this magnificent course. I believe that knowledges in CHFI program can be useful to a wide range of professionals. The cyber world is changing, we must be ready for this.



At vero eos et accusamus et iusto odio digni goikussimos ducimus qui to bonfo blanditiis praese. Ntium voluum deleniti atque.

Melbourne, Australia
(Sat - Thursday)
(10am - 05 pm)

No products in the cart.

Subscribe to our newsletter

Sign up to receive latest news, updates, promotions, and special offers delivered directly to your inbox.
No, thanks