Computer Hacking Forensics Investigator – ground cyber

Computer Hacking Forensics Investigator

  • Home
  • Computer Hacking Forensics Investigator
Computer Hacking Forensics Investigator

Course Description

Digital forensic practices stem from forensic science, the science of collecting and examining evidence or materials. Digital or computer forensics focuses on the digital domain including computer forensics, network forensics, and mobile forensics. As the cyber security profession evolves, organizations are learning the importance of employing digital forensic practices into their everyday activities. Computer forensic practices can help investigate attacks, system anomalies, or even help System administrators detect a problem by defining what is normal functional specifications and validating system information for irregular behaviors.

In the event of a cyber-attack or incident, it is critical investigations be carried out in a manner that is forensically sound to preserve evidence in the event of a breach of the law. Far too many cyber-attacks are occurring across the globe where laws are clearly broken and due to improper or non-existent forensic investigations, the cyber criminals go either unidentified, undetected, or are simply not prosecuted.

Cyber Security professionals who acquire a firm grasp on the principles of digital forensics can become invaluable members of Incident Handling and Incident response teams. The Computer Hacking Forensic Investigator course provides a strong baseline knowledge of key concepts and practices in the digital forensic domains relevant to today’s organizations. CHFI provides its attendees a firm grasp on the domains of digital forensics.


Training Modules

Computer Forensics in Today’s World
Computer Forensics Investigation Process
Understanding Hard Disks and File Systems
Operating System Forensics
Defeating Anti-Forensics Techniques
Data Acquisition and Duplication
Network Forensics
Investigating Web Attacks
Database Forensics
Cloud Forensics
Malware Forensics
Investigating Email Crimes
Mobile Forensics
Investigative Reports

About the Exam and Certification


The CHFI certification is awarded after successfully passing the exam EC0 312-49. CHFI EC0 312-49 exams are available at ECC exam centre around the world.

CHFI Exam Details
Number of Questions: 150
Test Duration: 4 hours
Test Format: Multiple choice
Test Delivery: ECC exam portal

Passing Score

In order to maintain the high integrity of our certifications exams, EC-Council Exams are provided in multiple forms (I.e. different question banks). Each form is carefully analyzed through beta testing with an appropriate sample group under the purview of a committee of subject matter experts that ensure that each of our exams not only has academic rigor but also has “real world” applicability. We also have a process to determine the difficulty rating of each question. The individual rating then contributes to an overall “Cut Score” for each exam form. To ensure each form has equal assessment standards, cut scores are set on a “per exam form” basis. Depending on which exam form is challenged, cut scores can range from 60% to 78%.

THE CHFI Will Be Able T0:

Perform incident response and forensics
Perform electronic evidence collections
Perform digital forensic acquisitions
Perform bit-stream Imaging/acquiring of the digital media seized during the process of investigation.
Examine and analyze text, graphics, multimedia, and digital images
Conduct thorough examinations of computer hard disk drives, and other electronic data storage media
Recover information and electronic data from computer hard drives and other data storage devices
Follow strict data and evidence handling procedures
Maintain audit trail (i.e., chain of custody) and evidence integrity
Work on technical examination, analysis and reporting of computer-based evidence
Prepare and maintain case files
Utilize forensic tools and investigative methods to find electronic data, including Internet use history, word processing documents, images and other files
Gather volatile and non-volatile information from Windows, MAC and Linux
Recover deleted files and partitions in Windows, Mac OS X, and Linux
Perform keyword searches including using target words or phrases
Investigate events for evidence of insider threats or attacks
Support the generation of incident reports and other collateral
Investigate and analyze all response activities related to cyber incidents
Plan, coordinate and direct recovery activities and incident analysis tasks
Examine all available information and supporting evidence or artefacts related to an incident or event
Collect data using forensic technology methods in accordance with evidence handling procedures, including collection of hard copy and electronic documents
Conduct reverse engineering for known and suspected malware files
Perform detailed evaluation of the data and any evidence of activity in order to analyze the full circumstances and implications of the event
Identify data, images and/or activity which may be the target of an internal investigation
Establish threat intelligence and key learning points to support pro-active profiling and scenario modelling
Search file slack space where PC type technologies are employed
File MAC times (Modified, Accessed, and Create dates and times) as evidence of access and event sequences
Examine file type and file header information
Review e-mail communications including web mail and Internet Instant Messaging programs
Examine the Internet browsing history
Generate reports which detail the approach, and an audit trail which documents actions taken to support the integrity of the internal investigation process
Recover active, system and hidden files with date/time stamp information
Crack (or attempt to crack) password protected files
Perform anti-forensics detection
Maintain awareness and follow laboratory evidence handling, evidence examination, laboratory safety, and laboratory security policy and procedures
Play a role of first responder by securing and evaluating a cybercrime scene, conducting preliminary interviews, documenting crime scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence, reporting of the crime scene
Perform post-intrusion analysis of electronic and digital media to determine the who, where, what, when, and how the intrusion occurred
Apply advanced forensic tools and techniques for attack reconstruction
Perform fundamental forensic activities and form a base for advanced forensics
Identify and check the possible source/incident origin
Perform event co-relation
Extract and analyze logs from various devices such as proxies, firewalls, IPSes, IDSes, Desktops, laptops, servers, SIM tools, routers, switches, AD servers, DHCP servers, Access Control Systems, etc.
Ensure that reported incident or suspected weaknesses, malfunctions and deviations are handled with confidentiality
Assist in the preparation of search and seizure warrants, court orders, and subpoenas
Provide expert witness testimony in support of forensic examinations conducted by the examiner