uCertify

CHFI v8 - Computer Hacking Forensic Investigator

(312-49-v8)
Lessons
AI Tutor (Add-on)
194 Reviews
Get A Free Trial

Skills You’ll Get

The EC-Council Computer Hacking Forensic Investigator certification is targeted at law enforcement personnel, system administrators, security officers, defense and military personnel, legal professionals, bankers, security professionals, and anyone who is concerned about the integrity of the network infrastructure. CHFI specialists can design different strategies for determining potential legitimate proof data that remains in a computer system and recovering erased, encoded, or corrupted file data which is known as Computer Data Recovery by the utilization of computer investigation and investigation techniques also called Computer Forensics. The exam covers computer forensics, digital evidence, rules of evidence, digital evidence examination process, password cracking concepts, and log capturing techniques. The purpose of the CHFI certification is to validate the candidate's abilities to recognize an intruder s footprints and to legitimately assemble the essential evidence to prosecute.
Download Course Outline

1

Computer Forensics in Today's World

  • Define computer forensics
  • Discuss the evolution of computer forensics
  • Explain the objectives and benefits of computer forensics
  • Discuss forensic readiness planning in detail
  • Explain cybercrimes
  • Examine various computer crimes
  • What is cybercrime investigation?
  • Explain the key steps and rules in a forensic investigation
  • What is the role of a forensic investigator?
  • How to access computer forensics resources
  • Describe the role of digital evidence in forensic investigation
  • Understanding Corporate Investigations
  • Explain the key concepts of Enterprise Theory of Investigation (ETI)
  • Discuss various legal issues and reports related to computer forensic investigations
2

Computer Forensics Investigation Process

  • Provide an overview of the computer crime investigation process
  • Describe computer forensics investigation methodology
  • Summarize the steps to prepare for a computer forensics investigation
  • How to obtain a search warrant
  • How to evaluate and secure a scene
  • How to collect and secure the evidence in a forensically sound manner
  • Explain the different techniques to acquire and analyze the data
  • Summarize the importance of evidence and case assessment
  • How to prepare the final investigation report
  • Testify in the Court as an Expert Witness
  • Explain about Computer Forensic Service Providers
3

Searching and Seizing Computers

  • How to search and seize computers without a warrant
  • Discuss the Fourth Amendment's Reasonable Expectation of Privacy
  • What is consent and discuss the scope of consent
  • Summarize the steps involved in searching and seizing computers with a warrant
  • Examine the basic strategies for executing computer searches
  • Discuss the Privacy Protection Act
  • Describe drafting the warrant and affidavit
  • Explain the post-seizure issues
  • Describe the Electronic Communications Privacy Act
  • What is voluntary disclosure?
  • Electronic Surveillance in Communications Networks
  • Discuss how content is different from addressing information
  • Provide an overview of evidence and authentication
4

Digital Evidence

  • Define digital evidence and explain its role in case of a computer security incident
  • Discuss the characteristics of digital evidence
  • What are the various types of digital data?
  • What is best evidence rule?
  • Discuss federal rules of evidence
  • Summarize the international principles for computer evidence
  • Discuss about the Scientific Working Group on Digital Evidence (SWGDE)
  • What are the considerations for collecting digital evidence from electronic crime scenes?
  • Provide an overview of digital evidence examination process and steps involved
  • Explain electronic crime and digital evidence consideration by crime category
5

First Responder Procedures

  • Define electronic evidence
  • Who is first responder?
  • Provide an overview on how to collect and store electronic evidence
  • Describe first responder tool kit and how to create it
  • How to get first response from laboratory forensic staff
  • Provide an overview on how to collect and secure electronic evidence at the crime scene
  • Explain how to conduct preliminary interviews
  • How to document electronic crime scene
  • Explain how to collect and preserve electronic evidence
  • Explain how to package and transport electronic evidence in a forensically sound manner
  • How to prepare a report on the crime scene
  • Provide a checklist for the first responders
  • Discuss the first responder's common mistakes
6

Computer Forensics Lab

  • How to set up a computer forensics lab
  • Discuss the investigative services in computer forensics
  • What are the basic hardware requirements in a forensics lab?
  • List and summarize various hardware forensic
  • Discuss the basic software requirements in a forensics lab
  • Summarize various software forensic tools
7

Understanding Hard Disks and File Systems

  • What is a hard disk drive?
  • Explain solid-state drive (SSD)
  • Provide an overview of physical and logical structure of a hard disk
  • Describe the various types of hard disk interfaces
  • Examine the components of a hard disk
  • What are disk partitions?
  • Explain Windows and Macintosh boot process
  • What are file systems?
  • Explain various types of file systems
  • Provide an overview of Windows, Linux, Mac OS X, and Sun Solaris 10 file systems
  • Discuss about CD-ROM/DVD File System
  • Explain about RAID storage system and RAID levels
  • Explain file system analysis using the sleuth
8

Windows Forensics

  • What is volatile information?
  • Explain what is network and process information
  • Define non-volatile information
  • Describe memory dump
  • Parsing Process Memory
  • Describe the different techniques for collecting non-volatile information
  • Explain various processes involved in forensic investigation of a Windows system
  • Provide an overview of IIS, FTP, and system firewall logs
  • Discuss the importance of audit events and event logs in Windows forensics
  • Explain the static and dynamic event log analysis techniques
  • Discuss different Windows password security issues such as password cracking
  • How to analyze restore point registry settings
  • Provide an overview of cache, cookie, and history analysis
  • How to evaluate account management events
  • How to search with Event Viewer
  • Discuss various forensics tools
9

Data Acquisition and Duplication

  • Define data acquisition and explain various types of data acquisition systems
  • Explain various data acquisition formats and methods
  • How to determine a best acquisition method?
  • What is contingency planning for image acquisitions?
  • Describe static and live data acquisition
  • Provide an overview of volatile data collection methodology
  • Explain various types of volatile information
  • What are the requirements of the disk imaging tool?
  • How to validate data acquisitions
  • Discuss Linux and Windows validation methods
  • How to acquire RAID Disks
  • Examine the best practices of acquisition
  • List various data acquisition software and hardware tools
10

Recovering Deleted Files and Deleted Partitions

  • Explain how to recover files in Windows, MAC, Linux, for Windows
  • Discuss file recovery tools for Windows, MAC, and Linux
  • How to identify creation date, last accessed date of a file, and deleted sub-directories
  • Steps to recover the deleted partitions and list partition recovery tools
11

Forensics Investigation Using AccessData FTK

  • What is Forensic Toolkit (FTK) and discuss its various features
  • Explain FTK installation steps
  • Discuss about FTK Case Manager
  • How to restore an image to a disk?
  • Explain the FTK examiner user interface
  • How to verify drive image integrity
  • Discuss how to mount an image to a drive
  • Summarize the steps involved in creating a case
  • Discuss the functions of FTK interface tabs
  • Explain the steps involved in adding evidence to a case
  • How to acquire local live evidence
  • Explain the steps involved in acquiring data remotely using remote device management system (RDMS)
  • Discuss the steps involved in imaging drives
  • How to mount and unmount a device
  • Explain the steps involved in conducting an index search and live search
  • How to decrypt EFS Files and Folders
12

Forensic Investigation Using EnCase

  • Provide an overview of EnCase forensic
  • Discuss EnCase, its uses, and functionality
  • Discuss about EnCase forensic modules
  • How to install EnCase forensic
  • Explain how to configure EnCase
  • Provide an overview of case structure
  • What is case management?
  • How to add a Device to a Case and how to acquire a Device
  • Explain the verification process of evidence files
  • What is a source processor?
  • Discuss how to analyze and search files
  • Describe how to view file content
  • Provide an overview on bookmarks
  • How to create various types of bookmark?
  • Explain how to create a report using the Report tab
  • How to export a Report
13

Steganography and Image File Forensics

  • Summarize steganography and its types
  • List the application of steganography
  • Discuss various digital steganography techniques
  • What is Steganalysis?
  • How to detect steganography
  • List various steganography detection tools
  • Discuss about image file formats
  • How to compress data
  • How to process forensic image using MATLAB
  • Explain how to locate and recover image files
  • How to identify unknown file formats
  • List picture viewer tools and image file forensic tools
14

Application Password Crackers

  • What are the terminologies used?
  • Explain the functionality of password crackers
  • Summarize various types of passwords
  • What is a password cracker?
  • How does a password cracker work?
  • Discuss various password cracking techniques
  • List various types of password attacks
  • List various system and application software password cracking
  • What are default passwords?
  • Discuss various password cracking tools
15

Log Capturing and Event Correlation

  • What are computer security logs?
  • Discuss about logon events in Windows
  • What are IIS logs?
  • How to view the DHCP logs
  • What is ODBC logging?
  • Explain the legality of using logs
  • Explain log management
  • Discuss various challenges in log management
  • Centralized logging
  • Discuss about syslog
  • Why Synchronize Computer Times
  • What is NTP?
  • List various NIST time servers
  • Discuss various event correlation approaches
  • List various log capturing and analysis tools
16

Network Forensics, Investigating Logs, and Investigating Network Traffic

  • Summarize network forensics concepts
  • Explain the network forensics analysis mechanism
  • What are intrusion detection systems (IDS)?
  • Define the terms firewall and honeypot
  • Discuss various network vulnerabilities
  • Explain various types of network attacks
  • Explain the new line injection attack and the timestamp injection attack
  • Where to look for evidence
  • How to handle logs as evidence
  • Explain how to condense a log file
  • Why to Investigate Network Traffic
  • How to acquire traffic using DNS poisoning techniques
  • Explain how to gather from the ARP table
  • List various traffic capturing and analysis tools
17

Investigating wireless attacks

  • Discuss the advantages and disadvantages of wireless networks
  • List different components of wireless networks
  • What are the various types of wireless networks?
  • List various types of wireless standards
  • What is MAC filtering?
  • What is a Service Set Identifier (SSID)?
  • Discuss various types of wireless encryption
  • List various types of wireless attacks
  • How to investigate wireless attacks
  • What are the requirements of a tool design and summarize the best practices for wireless forensics
  • List various wireless forensics tools
18

Investigating Web Attacks

  • What are Web applications?
  • Explain Web application architecture
  • Why Web servers are compromised
  • Provide an overview of Web logs
  • What are Internet Information Services (IIS) and Apache Web server Logs?
  • Discuss various types of Web attacks
  • How to investigate Web attacks?
  • Explain the investigation process of Web attacks in Windows-based servers
  • Describe how to investigate IIS and Apache logs
  • When does Web page defacement occur?
  • Discuss various security strategies to Web applications
  • List various Web attack detection tools
  • Discuss about various tools for locating an IP address
19

Tracking E-mails and Investigating E-mail Crimes

  • Explain the terms E-mail system, E-mail client, E-mail server, and E-mail message
  • Discuss the importance of electronic records management
  • Discuss various types of E-mail crimes
  • Provide examples of E-mail header
  • List Common Headers
  • Why to Investigate E-mails
  • Discuss the steps involved in investigation of E-mail crimes
  • List various E-mail forensics tools
  • What are the different laws and acts against E-mail crimes?
20

Mobile Forensics

  • List different mobile devices
  • What are the hardware and software characteristics of mobile devices?
  • What is a cellular network?
  • Provide an overview of mobile operating systems
  • Discuss various types of mobile operating systems
  • What a criminal can do with mobiles phones
  • Describe various mobile forensic challenges
  • Discuss various memory considerations in mobiles
  • What are the different precautions to be taken before an investigation?
  • Explain the process involved in mobile forensics
  • List various mobile forensic hardware and software tools
21

Investigative Reports

  • Explain the importance of reports and need of an investigative report
  • Discuss the salient features of a good report
  • Provide computer forensic report template
  • How is a report classified
  • Provide layout of an investigative report
  • What are the guidelines for writing a report?
  • Provide an overview of an investigative report format
  • How to document a case report
  • What are the best practices for investigators?
  • How to write a report using FTK and ProDiscover
22

Becoming an Expert Witness

  • What is an Expert witness?
  • Explain the role of an expert witness
  • Describe various types of expert witnesses
  • What is the scope of expert witness testimony?
  • Explain the differences between Technical Witness and Expert Witness
  • What are the various steps involved in evidence processing?
  • How to prepare a report
  • List the rules pertaining to an expert witness' qualification
  • How to testify in court
  • What are the general ethics while testifying?
  • How to testify during direct and cross-examination
  • How to find a computer forensic expert

Any questions?
Check out the FAQs

Still have unanswered questions and need to get in touch?

Contact Us Now

ECC Testing Center and Pearson-VUE

The exam consists of multiple choice questions.

Two years of work experience in the Information Security domain.

The exam contains 150 questions.

240 minutes

Here are the retake poilicy:

  • If a candidate does not successfully pass an EC-Council exam, he/she can purchase ECC Exam center voucher to retake the exam at a discounted price.
  • If a candidate is not able to pass the exam on the first attempt, no cooling or waiting period is required to attempt the exam for the second time (1st retake).
  • If a candidate is not able to pass the second attempt (1st retake), a waiting period of 14 days is required prior to attempting the exam for the third time (2nd retake).
  • If a candidate is not able to pass the third attempt (2nd retake), a waiting period of 14 days is required prior to attempting the exam for the fourth time (3rd retake).
  • If a candidate is not able to pass the fourth attempt (3rd retake), a waiting period of 14 days is required prior to attempting the exam for the fifth time (4th retake).
  • A candidate is not allowed to take a given exam more than five times in a 12 month (1 year) period and a waiting period of 12 months will be imposed before being allowed to attempt the exam for the sixth time (5th retake).
  • Candidates who pass the exam are not allowed to attempt the same version of the exam for the second time.

Know more about the 312-49

Related Courses

All Courses
We use cookies for improving site experience and analytics. Learn More