

Courses > CHFI
Certified Hacking Forensic Investigator
(CHFI)Version 9
Contact
87677 66325
70459 27979
-
80% Practicals , 20 % Theory
-
Every crime leaves a trail of evidence, become a CHFI
-
Secure Networks with Forensic Science and make it a part of Incident Handling Procedure

This course includes

40 hours Instructor led Classroom training

One preparatory session for non-IT as well as IT students

6 Months access to EC Council iLabs

Quality study material from iLabs

Mock tests till candidate clears his exam






Intended Participants
Law Enforecement Agents/ Police
Detectives / Investigators
System / Network Administrators
Lawyers / Legal Consultant
Cyber Forensic Professionals
Defense / Military

Incident Response Team

Security Analyst / Architect

Auditors / Consultants

Anyone who is interested in Cyber Forensics
CHFI - Course Outline

A CHFI certified professional will be able to:
-
Perform incident response and forensics
-
Perform electronic evidence collections
-
Perform digital forensic acquisitions
-
Perform bit-stream Imaging/acquiring of the digital media seized during the process of investigation.
-
Examine and analyze text, graphics, multimedia, and digital images
-
Conduct thorough examinations of computer hard disk drives, and other electronic data storage media
-
Recover information and electronic data from computer hard drives and other data storage devices
-
Follow strict data and evidence handling procedures
-
Maintain audit trail (i.e., chain of custody) and evidence integrity
-
Work on technical examination, analysis and reporting of computer-based evidence
-
Prepare and maintain case files
-
Utilize forensic tools and investigative methods to find electronic data, including Internet use history, word processing documents, images and other files
-
Gather volatile and non-volatile information from Windows, MAC and Linux
-
Recover deleted files and partitions in Windows, Mac OS X, and Linux
-
Perform keyword searches including using target words or phrases
-
Investigate events for evidence of insider threats or attacks
-
Support the generation of incident reports and other collateral
-
Investigate and analyze all response activities related to cyber incidents
-
Plan, coordinate and direct recovery activities and incident analysis tasks
-
Examine all available information and supporting evidence or artefacts related to an incident or event
-
Collect data using forensic technology methods in accordance with evidence handling procedures, including collection of hard copy and electronic documents
-
Conduct reverse engineering for known and suspected malware files
-
Perform detailed evaluation of the data and any evidence of activity in order to analyze the full circumstances and implications of the event
-
Identify data, images and/or activity which may be the target of an internal investigation
-
Establish threat intelligence and key learning points to support pro-active profiling and scenario modelling
-
Search file slack space where PC type technologies are employed
-
File MAC times (Modified, Accessed, and Create dates and times) as evidence of access and event sequences
-
Examine file type and file header information
-
Review e-mail communications including web mail and Internet Instant Messaging programs
-
Examine the Internet browsing history
-
Generate reports which detail the approach, and an audit trail which documents actions taken to support the integrity of the internal investigation process
-
Recover active, system and hidden files with date/time stamp information
-
Crack (or attempt to crack) password protected files
-
Perform anti-forensics detection
-
Maintain awareness and follow laboratory evidence handling, evidence examination, laboratory safety, and laboratory security policy and procedures
-
Play a role of first responder by securing and evaluating a cybercrime scene, conducting preliminary interviews, documenting crime scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence, reporting of the crime scene
-
Perform post-intrusion analysis of electronic and digital media to determine the who, where, what, when, and how the intrusion occurred
-
Apply advanced forensic tools and techniques for attack reconstruction
-
Perform fundamental forensic activities and form a base for advanced forensics
-
Identify and check the possible source/incident origin
-
Perform event co-relation
-
Extract and analyze logs from various devices such as proxies, firewalls, IPSes, IDSes, Desktops, laptops, servers, SIM tools, routers, switches, AD servers, DHCP servers, Access Control Systems, etc.
-
Ensure that reported incident or suspected weaknesses, malfunctions and deviations are handled with confidentiality
-
Assist in the preparation of search and seizure warrants, court orders, and subpoenas
-
Provide expert witness testimony in support of forensic examinations conducted by the examiner
CHFI v9 Recognition / Endorsement / Mapping
