EC-Council Computer Hacking Forensic Investigator v9
Computer Hacking Forensic Investigator Course Overview
Computer Hacking Forensic Investigation (CHFI) is an all-encompassing certification training course devised by EC-council that helps security professionals stay ahead of the curve with extensive know-how of detecting and investigating the cyber-attacks and exploiting all crucial evidences to support the investigation reports. This certification also focuses to explain all vital components to perform security audits ensuring prevention from such attacks in the future. CHFI certification authenticates the expertise of security professionals in overall computer forensics including reporting the incidents of cyber-attacks and hacking attempts in the courts of law.
Computer Hacking Forensic Investigator (CHFI V9) is a vendor-neutral training certification that imbibes extensive understanding of diverse cyber forensic techniques, ultra-moderns forensic tools, footprints collection, and other essential components to conduct far-reaching hacking forensic investigations with hands-on exposure. This training has been exclusively designed to expertly train the professionals intending to advance their career as Forensic Investigators and execute their security roles with more proficiency. It focuses to practically explain miscellaneous foolproof methodologies to address digital forensics concerns in the organization, that constitute core fundamentals of security incidents including security infrastructure analysis tools and techniques to identify and capture legal evidence against the hackers and intruders. CHFI V9 certification enables the cyber investigators to detect incidents such as compromising of the confidential data, trade secret thefts, exploitation of the intellectual property, and digital frauds.
Why take CHFI?
Digital forensics is a key component in Cyber Security. Many people hear the term forensics, or computer forensics, or digital forensics and instantly think that’s just for law enforcement, but the truth is, digital forensics has a key place on every cyber security team. In fact, without it, chances are your organization’s security posture and maturity will fail to see its full potential. Computer forensics is an evolving field that is always moving to match the changes in devices and how they are used for identifying, preserving, analyzing, and recovering data from computers and various digital media storage. Digital data are subjected to legal practices and guidelines when intended to serve as evidence in civil proceedings.
A CHFI certified professional will be equipped to be gainfully employed as a Computer Forensics or a Digital Forensics professional. They will be able to:
|Perform incident response and computer forensics||Identify data, images and/or activity which may be the target of an internal investigation|
|Perform electronic evidence collections||Establish threat intelligence and key learning points to support pro-active profiling and scenario modelling|
|Perform digital forensic acquisitions as an analyst||Search file slack space where PC type technologies are employed|
|Perform bit-stream Imaging/acquiring of the digital media seized during the process of investigation.||File MAC times (Modified, Accessed, and Create dates and times) as evidence of access and event sequences|
|Examine and analyze text, graphics, multimedia, and digital images||Examine file type and file header information|
|Conduct thorough examinations of computer hard disk drives, and other electronic data storage media||Review e-mail communications including web mail and Internet Instant Messaging programs|
|Recover information and electronic data from computer hard drives and other data storage devices||Examine the Internet browsing history|
|Follow strict data and evidence handling procedures||Generate reports which detail the approach, and an audit trail which documents actions taken to support the integrity of the internal investigation process|
|Maintain audit trail (i.e., chain of custody) and evidence integrity|
|Work on technical examination, analysis, and reporting of computer-based evidence||Recover active, system and hidden files with date/time stamp information|
|Prepare and maintain case files||Crack (or attempt to crack) password protected files|
|Utilize forensic tools and investigative methods to find electronic data, including||Perform anti-forensics detection|
|Internet use history, word processing documents, images, and other files||Maintain awareness and follow laboratory evidence handling, evidence examination, laboratory safety, and laboratory security policy and procedures|
|Gather volatile and non-volatile information from Windows, MAC, and Linux||Play a role of the first responder by securing and evaluating a cybercrime scene, conducting preliminary interviews, documenting a crime scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence, reporting of the crime scene|
|Recover deleted files and partitions in Windows, Mac OS X, and Linux||Perform post-intrusion analysis of electronic and digital media to determine the who, where, what, when, and how the intrusion occurred|
|Perform keyword searches including using target words or phrases||Apply advanced forensic tools and techniques for attack reconstruction|
|Investigate events for evidence of insider threats or attacks||Perform fundamental forensic activities and form a base for advanced digital forensics|
|Support the generation of incident reports and other collateral||Identify and check the possible source/incident origin|
|Investigate and analyze all response activities related to cyber incidents||Perform event co-relation|
|Plan, coordinate and direct recovery activities and incident analysis tasks||Extract and analyze logs from various devices such as proxies, firewalls, IPSs, IDSes, Desktops, laptops, servers, SIM tools, routers, switches, AD servers, DHCP servers, Access Control Systems, etc.|
|Examine all available information and supporting evidence or artifacts related to an incident or event||Ensure that reported incident or suspected weaknesses, malfunctions and deviations are handled with confidentiality|
|Collect data using forensic technology methods in accordance with evidence handling procedures, including a collection of hard copy and electronic documents||Assist in the preparation of search and seizure warrants, court orders, and subpoenas|
|Conduct reverse engineering for known and suspected malware files||Provide expert witness testimony in support of forensic examinations conducted by the examiner|
|Perform detailed evaluation of the data and any evidence of activity in order to analyze the full circumstances and implications of the event|
Who would benefit from the CHFI Certification Course?
The CHFI V9 training and certification course have been developed to equip the security professionals accountable for various executing roles pertaining to the computer forensics, incident response, and information system security. It helps the workforce in the roles of:
- Basic understanding of IT, cybersecurity, computer forensics, and incident response
- CEH training and certification recommended
Learning Objectives for CHFI v9 Training Course
The boundless use of enormous devices worldwide to exchange the information and execute businesses has drastically raised a serious concern to protect and identify the cyber-attacks well-in time. Due to the digital transformation of the businesses, identifying potential threats, preventing cyber-attacks, and investigating the malicious attacks and hacking incidents has become the most challenging task for the organizations.
CHFI V9 certification is a rigorous exam from the EC-Council that focuses on assessing capabilities of the computer forensics professionals in cyber threats, attack detection, forensic investigation, evidence collection, and reporting along with the data recovery to recover compromised, encrypted, or lost data. The primary focus of the certification training from InfoSec Train constitute:
- In-depth understanding of cyber laws to investigate the cyber-crimes
- Digital evidence analysis following best practices and evidence rules adhering to specific crime categories
- Technical know-how of the first responder role, toolkit, preserving and evaluating the digital crime scenes, conducting preliminary interviews, collecting and safeguarding electronic evidence, documenting and reporting the crime incidents aligned to the collected evidence
- Configuring and deploying computer forensics labs
- Acquaintance with the image forensics, Steganography, and Steganalysis
- Test environments to carry out real-like investigations to validate your gained skills
- Comprehensive theory and practical implementation sessions conducted by the dedicated security professionals from the industry
The Computer Hacking Forensic Investigator (CHFI) course delivers the security discipline of digital forensics from a vendor-neutral perspective. CHFI is a comprehensive course covering major forensic investigation scenarios and enabling students to acquire necessary hands-on experience with various forensic investigation techniques and standard forensic tools necessary to successfully carry out a computer forensic investigation leading to the prosecution of perpetrators.
Module 01: Computer Forensics in Today's World - In this module, we will cover the process need for acquisition, inspection, and reporting of information stored across computers and networks related to the civil or criminal incident.
Module 02: Computer Forensics Investigation Process - This module describes the different stages involved in the complete computer investigation process.
Module 03: Understanding Hard Disks and File Systems - This module describes how the hard disk is an important source of information for the investigator, as well as, understanding the importance of the file system and how data is stored and distributed on the hard disk.
Module 04: Data Acquisition and Duplication - In this module we discuss the initial steps in the forensic investigation process regarding data acquisition and data duplication.
Module 05: Defeating Anti-forensics Techniques - This module covers anti-forensics and the set of techniques that attackers or perpetrators use in order to avert or sidetrack the forensic investigation process.
Module 06: Operating System Forensics (Windows, Mac, Linux) - In this module we cover the process of finding, extracting and analyzing evidences present in the operating system of any computerized device used by the victim, or suspected computer system involved in any security incident.
Module 07: Network Forensics - This module covers how network data flows become visible, and how to enable monitors to track insider misuse and advanced threats.
Module 08: Investigating Web Attacks - his module discusses numerous types of attacks on web servers and applications. Also, it explains the usage of different tools to identify and investigate such web attacks.
Module 09: Database Forensics - This module discusses the file systems of MSSQL and MySQL servers. Furthermore, it explains the usage of various tools to examine the log files and find the fraudulent transactions.
Module 10: Cloud Forensics - This module starts with an overview of cloud computing concepts. It provides an insight into cloud computing threats and cloud computing attacks. Later, it discusses cloud computing security and the necessary tools. The module ends with an overview of pen-testing steps an ethical hacker should follow to perform a security assessment of the cloud environment.
Module 11: Malware Forensics - This module will elaborately discuss the different types of malware, their propagation methods, ways to detect them, etc.
Module 12: Investigating Email Crimes - This module intends to make you familiar with a subject that is currently a prime concern: email crime. This module focuses on how to investigate email crime.
Module 13: Mobile Forensics - This module highlights the precautions that a forensic analyst must take when collection, preserving, and acquiring mobile devices such as smartphones, PDAs, digital cameras, Internet of Things, etc.
Module 14: Forensics Report Writing and Presentation - This module provides guidelines for an investigator to implement the best practices in the investigations and prepare an effective report.
|Exam Codes||312-49 (ECC EXAM)|
|Number of Questions||150 questions per exam|
|Type of Questions||Multiple choice|
|Length of Test||4 Hours / 240 Minutes|
|Testing Provider||ECC EXAM PORTAL|
|Passing Score||In order to maintain the high integrity of our certifications exams, EC-Council Exams are provided in multiple forms (I.e. different question banks). Each form is carefully analyzed through beta testing with an appropriate sample group under the purview of a committee of subject matter experts that ensure that each of our exams not only has academic rigor but also has “real world” applicability. We also have a process to determine the difficulty rating of each question. The individual rating then contributes to an overall “Cut Score” for each exam form. To ensure each form has equal assessment standards, cut scores are set on a “per exam form” basis. Depending on which exam form is challenged, cut scores can range from 60% to 78%.|
EC-Council Certified Security Specialist v9
EC-Council Certified Encryption Specialist v2
EC-Council Certified Security Analyst v10
EC-Council Disaster Recovery Professional v3
EC-Council Certified Chief Information Security Officer v3
EC-Council Certified Secure Computer User v2
EC-Council Certified Incident Handler v2
EC-Council Certified Threat Intelligence Analyst v1
EC-Council Certified SOC Analyst v1
EC-Council Certified Penetration Testing Professional v1
EC-Council Certified Network Defender v2
EC-Council Certified Ethical Hacker v11
- Unit 15B Penthouse Atherton Place, Tomas Morato, Corner Don A. Roces Ave, Quezon City, 1103 Metro Manila
- +(632) 7905 8718