Computer Hacking Forensic Investigator (CHFI)
Overview
The Computer Hacking Forensic Investigator (CHFI) course delivers the security discipline of digital forensics from a vendor-neutral perspective. CHFI is a comprehensive course covering major forensic investigation scenarios and enabling students to acquire necessary hands-on experience with various forensic investigation techniques and standard forensic tools necessary to successfully carry out a computer forensic investigation leading to the prosecution of perpetrators.
CHFI presents a methodological approach to computer forensics including searching and seizing, chain-of-custody, acquisition, preservation, analysis and reporting of digital evidence.
Objectives
- Establish threat intelligence and key learning points to support pro-active profiling and scenario modeling.
- Perform anti-forensic methods detection.
- Perform post-intrusion analysis of electronic and digital media to determine the who, where, what, when, and how the intrusion occurred.
- Extract and analyze of logs from various devices like proxy, firewall, IPS, IDS, Desktop, laptop, servers, SIM tool, router, firewall, switches AD server, DHCP logs, Access Control Logs & conclude as part of investigation process.
- Identify & check the possible source / incident origin.
- Recover deleted files and partitions in Windows, Mac OS X, and Linux.
- Conduct reverse engineering for known and suspected malware files.
- Collect data using forensic technology methods in accordance with evidence handling procedures, including collection of hard copy and electronic documents.
Audience
- Police and other law enforcement personnel.
- Defense and Security personnel.
- e-Business Security professionals.
- Legal professionals.
- Banking, Insurance, and other professionals.
- Government agencies.
- IT managers.
- Digital Forensics Service Providers.
Outline
- Understand the Fundamentals of Computer Forensics.
- Understand Cybercrimes and their Investigation Procedures.
- Understand Digital Evidence and eDiscovery.
- Understand Forensic Readines
- Understand the Role of Various Processes and Technologies in Computer Forensics
- Identify the Roles and Responsibilities of a Forensic Investigator.
- Understand the Challenges Faced in Investigating Cybercrimes.
- Understand Various Standards and Best Practices Related to Computer Forensics
- Understand Laws and Legal Compliance in Computer Forensics.
- Understand the Forensic Investigation Process and its Importance.
- Understand First Response
- Understand the Pre-investigation Phase.
- Understand First Response.
- Understand the Investigation Phase.
- Understand the Post-investigation Phase.
- Describe Different Types of Disk Drives and their Characteristics.
- Explain the Logical Structure of a Disk.
- Understand Booting Process of Windows, Linux and Mac Operating Systems.
- Understand Various File Systems of Windows, Linux and Mac Operating Systems.
- Understand File System Analysis
- Understand Storage Systems.
- Understand Encoding Standards and Hex Editors.
- Analyze Popular File Formats Using Hex Editor
- Understand Data Acquisition Fundamentals.
- Understand eDiscovery
- Understand Data Acquisition Methodology.
- Prepare an Image File for Examination.
- Understand Anti-forensics Techniques.
- Discuss Data Deletion and Recycle Bin Forensics.
- Illustrate File Carving Techniques and Ways to Recover Evidence from Deleted Partitions.
- Explore Password Cracking/Bypassing Techniques.
- Detect Steganography, Hidden Data in File System Structures, Trail Obfuscation, and File Extension Mismatch.
- Understand Techniques of Artifact Wiping, Overwritten Data/Metadata Detection, and Encryption.
- Detect Program Packers and Footprint Minimizing Techniques.
- Understand Anti-forensics Countermeasures.
- Understand Windows Forensics
- Collect Volatile Information
- Collect Non-volatile Information
- Perform Windows Memory Analysis
- Perform Windows Registry Analysis
- Perform Electron Application Analysis
- Perform Web Browser Forensics
- Examine Windows Files and Metadata.
- Understand ShellBags, LNK Files, and Jump Lists.
- Understand Text-based Logs and Windows Event Logs.
- Collect Volatile Information in Linux
- Collect Non-volatile Information in Linux
- Understand Mac Forensics
- Collect Volatile Information in Mac
- Collect Non-volatile Information in Mac
- Understand Mac Memory Forensics and Mac Forensics Tools
- Understand Network Forensics.
- Summarize Event Correlation Concepts.
- Identify Indicators of Compromise (IoCs) from Network Logs.
- Investigate Network Traffic.
- Incident Detection and Examination with SIEM Tools.
- Understand Wireless Network Forensics
- Detect and Investigating Wireless Network Attacks
- Understand Malware Concepts
- Understand Malware Forensics
- Perform Static Malware Analysis
- Perform Network Behavior Analysis
- Perform Ransomware Analysis
- Understand Web Application Forensics
- Understand Internet Information Services (IIS) Logs
- Understand Apache Web Server Logs
- Detect and Investigate Various Attacks on Web Applications
- Understand the Dark Web and Dark Web Forensics
- Determine How to Identify the Traces of Tor Browser during Investigation
- Perform Tor Browser Forensics
- Understand the Basic Cloud Computing Concepts
- Understand Cloud Forensics
- Understand Amazon Web Services (AWS) Fundamentals
- Perform AWS Forensics
- Understand Microsoft Azure Fundamentals
- Perform Microsoft Azure Forensics
- Understand Google Cloud Fundamentals
- Perform Google Cloud Forensics
- Understand Email Basics
- Understand Email Crime Investigation and its Steps
- U.S. Laws Against Email Crime
- Understand Mobile Device Forensics
- Understand Android and iOS Architecture and Boot Process
- Understand Mobile Forensics Process
- Investigate Cellular Network Data.
- Perform File System Acquisition
- Understand Phone Locks, Rooting, and Jailbreaking of Mobile Devices
- Perform Logical Acquisition on Mobile Devices
- Perform Physical Acquisition on Mobile Devices
- Understand IoT Concepts
- Perform Forensics on IoT Devices
Exam Facts
| Delivery | Online (Web based) |
| Format | Multiple choice |
| Proctoring | Live |
| Duration | 4 hours |
| # of questions | 150 |
| Pass grade | Depending on which exam form is challenged, cut scores can range from 60% to 78% |
Related Certification
- Computer Hacking Forensic Investigator (CHFI 312-49)
