CHFI: Computer Hacking Forensic Investigator

Course Information

Course Name

CHFI: Computer Hacking Forensic Investigator

Exam code

312-49

Duration

5 Days

Certification

Computer Hacking Forensic Investigator (CHFI)

Overview

EC-Council’s CHFI program prepares cybersecurity professionals with the knowledge and skills to perform effective digital forensics investigations and bring their organization into a state of forensic readiness. This includes establishing the forensics process, lab and evidence handling procedures, as well as the investigation procedures required to validate/triage incidents and point the incident response teams in the right direction. Forensic readiness is crucial as it can differentiate between a minor incident and a major cyber-attack that brings a company to its knees.

This intense hands-on digital forensics program immerses students in over 68 forensic labs, enabling them to work on crafted evidence files and utilize the tools employed by the world’s top digital forensics professionals. Students will go beyond traditional hardware and memory forensics and learn current topics such as cloud forensics, mobile and lot, investigating web application attacks, and malware forensics. CIHFI presents a methodological approach to computer forensics, including searching and seizing, chain-of-custody, acquisition, preservation, analysis, and reporting of digital evidence.

Students learn how to acquire and manage evidence through various operating environments, as well as the chain of custody and legal procedures required to preserve evidence and ensure it is admissible in court. This knowledge will help them prosecute cybercriminals and limit liability for target organizations.

The program provides credible professional knowledge with a globally recognized certification required for a successful digital forensics and DFIR careers, thus increasing your employability.

Key Features and Critical Components of the CHFI Program

·       Master a methodological forensics framework approach for performing digital forensics investigation:

1.     Documenting the Crime Scene

2.     Search and Seizure

3.     Evidence Preservation

4.     Data Acquisition

5.     Data Examination

6.     Reporting

·       15 modules covering core domains of digital forensics

·       2100+ pages of the comprehensive student manual

·       1550+ pages of lab manual covering detailed lab scenarios and instructions

·       600+ digital forensics tools

·       100% compliance with NICE Special Publication 800-181 cybersecurity workforce framework

·       70+ GB of crafted evidence files for investigation purposes

·       68 hands-on labs

·       40% of training time is dedicated to labs

·       Approved by the US Department of Defense (DoD) under Directive 8570/8140

·       Accredited under ISO/IEC 17024 standards.

·       Covers relevant knowledge bases and skills to meet regulatory compliance standards such as ISO 27001, PCI DSS, SOX, HIPPA, etc.

Why CHFI v11?

·       EC-Council is one of the few ANSI 17024 accredited institutions globally that specializes in Information Security. The Computer Hacking Forensic Investigator (CHFI) credential is an ANSI 17024 accredited certification.

·       The CHFI v11 program has been redesigned and updated after a thorough investigation into current market requirements, job tasks analysis, and the recent industry focuses on forensic skills.

·       It is designed and developed by experienced subject matter experts and digital forensics practitioners.

o   CHFI v11 program includes extensive coverage of Malware Forensics processes, along with new modules such as Dark Web Forensics and IoT Forensics.

o   It also covers detailed forensic methodologies for public cloud infrastructure, including Amazon AWS and Azure.

o   The program is developed with an in-depth focus on Volatile data acquisition and examination processes (RAM Forensics, Tor Forensics, etc.).

·       CHFI v11 is a complete vendor-neutral course covering all major forensics investigation technologies and solutions.

·       CHFI has detailed labs for a hands-on learning experience. On average, 50% of training time is dedicated to labs, loaded on EC-Council’s CyberQ (Cyber Ranges). It covers all the relevant knowledge bases and skills to meet regulatory compliance standards such as ISO 27001, PCI DSS, SOX, HIPPA, etc.

·       It comes with an extensive number of white papers for additional reading.

·       The program presents a repeatable forensics investigation methodology from a versatile digital forensic professional, increasing employability.

·       The courseware is packed with forensics investigation templates for evidence collection, the chain of custody, final investigation reports, etc.

·       The program comes with cloud-based virtual labs, loaded on advanced Cyber Ranges, enabling students to practice various investigation techniques in real-time and realistically simulated environments.

Audience Profile

CIHFI captures all the essentials of digital forensics analysis and evaluation required for the modern world – tested and approved by veterans and top practitioners in the cyber forensics industry. From identifying the footprints of a breach to collecting evidence for prosecution, CIHFI guides students through every step of the process with experiential learning. Industry practitioners have engineered CIHFI for professionals to delve into 30+ lucrative job roles.

• Digital Forensics Analyst

• Computer Forensic Analyst/Practitioner/

• Examiner/Specialist/Technician/Criminal Investigator/Lab Project

• Manager

• Cybercrime Investigator

• Computer Crime Investigator

• Cyber Defense Forensics Analyst

• Law Enforcement/Counterintelligence Forensics Analyst

• Data Forensic Investigator

• Digital Crime Specialist

• Computer Security Forensic Investigator

• Network/Technology Forensic Analyst/Specialist

• Digital Forensics and Incident Response Engineer

• Forensic Imaging Specialist

• Forensics and eDiscovery Analyst

• Computer Forensics and Intrusion Analyst

• Intrusions Forensics Lead

• Security Engineer – Forensics

• Malware Analyst

• Mobile Forensic Analyst/Expert

• Mobile Exploitation Analyst

• Information Systems Security Professional/Analyst

• Information Technology Auditor

• Cryptanalyst

• Cryptographer

• Disaster Recovery Expert

• Intelligence Technology Analyst

• Cybersecurity Incident Response and Attack Analyst

• Cloud Security Analyst

• Forensics SME

• Forensic Accountant

• IT Security Forensic Analyst

• Cybersecurity/Defense Forensics Analyst

Prerequisites

Recommended Prerequisites for C❘HFI:

IT/Forensics professionals with basic knowledge of IT/cybersecurity, computer forensics, incident response, and threat vectors.

At Course Completion

·       Computer forensics fundamentals, different types of cybercrimes and their investigation procedures, along with regulations and standards that influence computer forensics investigation

·       Various phases involved in the computer forensics investigation process

·       Different types of disk drives and their characteristics, booting process and file systems in Windows, Linux, and Mac operating systems, file system examination tools, RAID and NAS/SAN storage systems, various encoding standards, and file format analysis

·       Data acquisition fundamentals and methodology, eDiscovery, and how to prepare image files for forensics examination

·       Various anti-forensics techniques used by attackers, different ways to detect them and related tools, and countermeasures

·       Volatile and non-volatile data acquisition in Windows-based operating systems, Windows memory and registry analysis, electron application analysis, Web browser forensics, and examination of Windows files, ShellBags, LNK files, and Jump Lists, and Windows event logs

·       Volatile and non-volatile data acquisition and memory forensics in Linux and Mac operating systems

·       Network forensics fundamentals, event correlation concepts, Indicators of Compromise (IOCs) and ways to identify them from network logs, techniques and tools related to network traffic investigation, incident detection and examination, and wireless attack detection and investigation

·       Malware forensics concepts, static and dynamic malware analysis, system and network behavior analysis, and ransomware analysis

·       Web application forensics and challenges, web application threats and attacks, web application logs (IIS logs, Apache web server logs, etc.), and how to detect and investigate various web application attacks

·       Tor browser working methodology and steps involved in the Tor browser forensics process

·       Cloud computing concepts, cloud forensics, and challenges, fundamentals of AWS, Microsoft Azure, and Google Cloud and their investigation processes

·       Components in email communication, steps involved in email crime investigation, and social media forensics

·       Architectural layers and boot processes of Android and iOS devices, mobile forensics process, various cellular networks, SIM file system, and logical and physical acquisition of Android and iOS devices

·       Different types of lot threats, security problems, vulnerabilities and attack surfaces areas, and loT forensics processes and challenges

Course Outline

Module 1: Computer Forensics in Today’s World

·       Fundamentals of Computer Forensics

·       Cybercrimes and their Investigation Procedures Digital Evidence and eDiscovery

·       Forensic Readiness

·       Role of Various Processes and Technologies in Computer

·       Forensics

·       Roles and Responsibilities of a Forensic Investigator

·       Challenges Faced in Investigating Cybercrimes

·       Standards and Best Practices Related to Computer Forensics • Laws and Legal Compliance in Computer Forensics

Module 2: Computer Forensics Investigation Process

·       Forensic Investigation Process and its Importance

·       First Response

·       Pre-Investigation Phase

·       Investigation Phase

·       Post-Investigation Phase

Module 3: Understanding Hard Disks and File Systems

·       Disk Drives and their Characteristics

·       Logical Structure of a Disk

·       Booting Process of Windows, Linux, and macOS Operating Systems

·       File Systems of Windows, Linux, and macOS Operating Systems

·       File System Analysis

·       Storage Systems

·       Encoding Standards and Hex Editors

·       Analyze Popular File Formats

Module 4: Data Acquisition and Duplication

·       Data Acquisition

·       eDiscovery

·       Data Acquisition Methodology

·       Preparing an Image File for Examination

Module 5: Defeating Anti-Forensics Techniques

·       Anti-Forensics Techniques

·       Data Deletion and Recycle Bin Forensics

·       File Carving Techniques and Ways to Recover Evidence from Deleted Partitions

·       Password Cracking/Bypassing Techniques

·       Steganography, Hidden Data in File System Structures, Trail Obfuscation, and File Extension

·       Mismatch

·       Techniques of Artifact Wiping, Overwritten Data/Metadata Detection, and Encryption

·       Program Packers and Footprint Minimizing Techniques

Module 6: Windows Forensics

·       Windows Forensics

·       Collect Volatile Information

·       Collect Non-volatile Information

·       Windows Memory Analysis

·       Windows Registry Analysis

·       Electron Application Analysis

·       Web Browser Forensics

·       Examine Windows Files and Metadata

·       ShellBags, LNK Files, and Jump Lists

·       Text-based Logs and Windows Event Logs

Module 7: Linux and Mac Forensics

·       Collect Volatile Information in Linux

·       Collect Non-Volatile Information in Linux

·       Linux Memory Forensics

·       Mac Forensics

·       Collect Volatile Information in Mac

·       Collect Non-Volatile Information in Mac

·       Mac Memory Forensics and Mac Forensics Tools

Module 8: Network Forensics

·       Network Forensics

·       Event Correlation

·       Indicators of Compromise (loCs) from Network Logs

·       Investigate Network Traffic

·       Incident Detection and Examination

·       Wireless Network Forensics

·       Detect and Investigate Wireless Network Attacks

Module 9: Malware Forensics

·       Malware

·       Malware Forensics

·       Static Malware Analysis

·       Analyze Suspicious Documents

·       System Behavior Analysis

·       Network Behavior Analysis

·       Ransomware Analysis

Module 10: Investigating Web Attacks

·       Web Application Forensics

·       Internet Information Services (IIS) Logs

·       Apache Web Server Logs

·       Detect and Investigate Various Attacks on Web Applications

Module 11: Dark Web Forensics

·       Dark Web and Dark Web Forensics

·       Identify the Traces of Tor Browser during Investigation

·       Tor Browser Forensics

Module 12: Cloud Forensics

·       Cloud Computing

·       Cloud Forensics

·       Amazon Web Services (AWS) Fundamentals

·       AWS Forensics

·       Microsoft Azure Fundamentals

·       Microsoft Azure Forensics

·       Google Cloud Fundamentals

·       Google Cloud Forensics

Module 13: Email and Social Media Forensics

·       Email Basics

·       Email Crime Investigation and its Steps

·       S. Laws Against Email Crime

·       Social Media Forensics

Module 14: Mobile Forensics

·       Mobile Device Forensics

·       Android and iOS Architecture and Boot Process

·       Mobile Forensics Process

·       Investigate Cellular Network Data

·       File System Acquisition

·       Phone Locks, Rooting, and Jailbreaking of Mobile Devices

·       Logical Acquisition on Mobile Devices

·       Physical Acquisition of Mobile Devices

·       Android and iOS Forensic Analysis

Module 15: IoT Forensics

·       loT Concepts

·       loT Devices Forensics

About the exam.

·       The CHFI certification is awarded after successfully passing exam EC0 312-49. CHFI EC0 312-49 exams are available at ECC exam centers around the world.

CHFI Exam Details

·       Number of Questions: 150

·       Test Duration: 4 hours

·       Test Format: Multiple choice

·       Test Delivery: ECC exam portal

·       Passing Score: In order to maintain the high integrity of our certification exams, EC-Council Exams are provided in multiple forms (i.e., different question banks). Each form is carefully analyzed through beta testing with an appropriate sample group under the purview of a committee of subject matter experts, ensuring that each of our exams is not only academically sound but also has “real world” applicability. We apply an internal process to determine the difficulty rating of each question. The individual rating then contributes to an overall “Cut Score” for each exam form. To ensure each form has equal assessment standards, cut scores are set on a “per exam form” basis. Depending on which exam form is challenged, cut scores can range from 60% to 78%.

 All EC-Council certification courses are conducted by certified trainers from Iverson.

Digital Methods acts as the official training partner and assists with program consultation, registration, coordination, scheduling, and administrative arrangements to ensure a smooth and professionally managed training experience.