Home > Vendors > ec-council > chfi

CHFI - Computer Hacking Forensic Investigator

Duration: 5.0 days

EC-Council’s C|HFI program prepares cybersecurity professionals with the knowledge and skills to perform effective digital forensics investigations and bring their organization into a state of forensic readiness. Establishing the forensics process, lab, evidence handling procedures, and investigation techniques are required to validate/triage incidents and point the incident response teams in the right direction. Forensic readiness is crucial as it can differentiate between a minor incident and a major cyber-attack that brings a company to its knees.

This intense hands-on digital forensics program immerses students in over 68 forensic labs, working on crafted evidence files utilizing the tools of the world’s top digital forensics professionals. Students will go beyond traditional hardware and memory forensics, covering current topics in cloud forensics, mobile and IoT, and investigating web application attacks and malware forensics. The C|HFI presents a methodological approach to computer forensics, including searching and seizing, chain-of-custody, acquisition, preservation, analysis, and reporting of digital evidence.

Students learn various forensic investigation techniques and standard forensic tools. As they learn how to acquire and manage evidence through various operating environments, students also learn the chain of custody and legal procedures required to preserve evidence and ensure it is admissible in court, enabling the eventual prosecution of cyber criminals and containing liability on the victim organization.

The program provides credible professional knowledge with globally recognized certification required for a successful digital forensics and DFIR career, thus increasing your employability.

  • Computer forensics fundamentals, different types of cybercrimes and their investigation procedures, and regulations and standards that influence computer forensics investigation
  • Various phases involved in the computer forensics investigation process
  • Different types of disk drives and their characteristics, booting process and file systems in Windows, Linux, and Mac operating systems, file system examination tools, RAID and NAS/SAN storage systems, various encoding standards, and file format analysis
  • Data acquisition fundamentals and methodology, eDiscovery, and how to prepare image files for forensics examination
  • Various anti-forensics techniques used by attackers, different ways to detect them and related tools, and countermeasures
  • Volatile and non-volatile data acquisition in Windows-based operating systems, Windows memory and registry analysis, electron application analysis, Web browser forensics, and examination of Windows files, ShellBags, LNK files, and Jump Lists, and Windows event logs
  • Volatile and non-volatile data acquisition and memory forensics in Linux and Mac operating systems
  • Network forensics fundamentals, event correlation concepts, Indicators of Compromise (IOCs) and ways to identify them from network logs, techniques and tools related to network traffic investigation, incident detection and examination, and wireless attack detection and investigation
  • Malware forensics concepts, static and dynamic malware analysis, system and network behavior analysis, and ransomware analysis
  • Web application forensics and challenges, web application threats and attacks, web application logs (IIS logs, Apache web server logs, etc.), and how to detect and investigate various web application attacks
  • Tor browser working methodology and steps involved in the Tor browser forensics process
  • Cloud computing concepts, cloud forensics, and challenges, fundamentals of AWS, Microsoft Azure, and Google Cloud and their investigation processes
  • Components in email communication, steps involved in email crime investigation, and social media forensics
  • Architectural layers and boot processes of Android and iOS devices, mobile forensics process, various cellular networks, SIM file system, and logical and physical acquisition of Android and iOS devices
  • Different types of IoT threats, security problems, vulnerabilities and attack surfaces areas, and IoT forensics process and challenges

  • Module 1: Computer Forensics in Today's World
  • Module 2: Computer Forensics Investigation Process
  • Module 3: Understanding Hard Disks and File Systems
  • Module 4: Data Acquisition and Duplication
  • Module 5: Defeating Anti-forensics Techniques
  • Module 6: Windows Forensics
  • Module 7: Linux and Mac Forensics
  • Module 8: Network Forensics
  • Module 9: Malware Forensics
  • Module 10: Investigating Web Attacks
  • Module 11: Dark Web Forensics
  • Module 12: Cloud Forensics
  • Module 13: Email and Social Media Forensics
  • Module 14: Mobile Forensics
  • Module 15: IoT Forensics

  • Digital Forensics Analyst
  • Computer Forensic Analyst/Practitioner/Examiner/Specialist/Technician/Criminal Investigator/Lab Project Manager
  • Cybercrime Investigator
  • Computer Crime Investigator
  • Cyber Defense Forensics Analyst
  • Law Enforcement/Counterintelligence Forensics Analyst
  • Data Forensic Investigator
  • Digital Crime Specialist
  • Computer Security Forensic Investigator
  • Network/Technology Forensic Analyst/Specialist
  • Digital Forensics and Incident Response Engineer
  • Forensic Imaging Specialist
  • Forensic and eDiscovery Analyst
  • Computer Forensics and Intrusion Analyst
  • Intrusions Forensics Lead
  • Security Engineer - Forensics
  • Malware Analyst
  • Mobile Forensic Analyst/Expert
  • Mobile Exploitation Analyst
  • Information Systems Security Professional/Analyst
  • Information Technology Auditor
  • Cryptanalyst
  • Cryptographer
  • Disaster Recovery Expert
  • Intelligence Technology Analyst
  • Cybersecurity Incident Response and Attack Analyst
  • Cloud Security Analyst
  • Forensics SME
  • Forensic Accountant
  • IT Security Forensic Analyst
  • Cybersecurity/Defense Forensics Analyst

  • IT/forensics professionals with basic knowledge on IT/cyber security, computer forensics, and incident response and threat vectors.

The CHFI certification is awarded after successfully passing the exam EC0 312-49. CHFI EC0 312-49 exams are available at ECC exam center around the world.

CHFI Exam Details

  • Number of Questions: 150
  • Test Duration: 4 hours
  • Test Format: Multiple choice
  • Test Delivery: ECC exam portal

Enquire Now
By clicking "Submit", I agree to the Terms Of Use and Privacy Policy