Laptop User-small_edited.jpg
EC Council ATC.png

Courses > CHFI

Certified Hacking Forensic Investigator
Version 9


87677 66325

70459 27979

  • 80% Practicals , 20 % Theory

  • Every crime leaves a trail of evidence, become a CHFI

  • Secure Networks with Forensic Science and make it a part of Incident Handling Procedure

CHFI-Certified Hacking Forensic Investig
This course includes 
classroom 3.png

40 hours Instructor led Classroom training


One preparatory session for non-IT as well as IT students 


6 Months access to EC Council iLabs


Quality study material from iLabs


Mock tests till candidate clears his exam

Intended  Participants

Law Enforecement Agents/ Police

Detectives / Investigators

System / Network Administrators

Lawyers / Legal Consultant

Cyber Forensic Professionals

Defense / Military


Incident Response Team


Security Analyst / Architect 


Auditors / Consultants


Anyone who is interested in Cyber Forensics

CHFI - Course Outline
CHFI Curriculum.JPG
Contact Us/  Inquiry

Thanks for submitting!

A CHFI certified professional will be able to:
  • Perform incident response and forensics

  • Perform electronic evidence collections

  • Perform digital forensic acquisitions

  • Perform bit-stream Imaging/acquiring of the digital media seized during the process of investigation.

  • Examine and analyze text, graphics, multimedia, and digital images

  • Conduct thorough examinations of computer hard disk drives, and other electronic data storage media

  • Recover information and electronic data from computer hard drives and other data storage devices

  • Follow strict data and evidence handling procedures

  • Maintain audit trail (i.e., chain of custody) and evidence integrity

  • Work on technical examination, analysis and reporting of computer-based evidence

  • Prepare and maintain case files

  • Utilize forensic tools and investigative methods to find electronic data, including Internet use history, word processing documents, images and other files

  • Gather volatile and non-volatile information from Windows, MAC and Linux

  • Recover deleted files and partitions in Windows, Mac OS X, and Linux

  • Perform keyword searches including using target words or phrases

  • Investigate events for evidence of insider threats or attacks

  • Support the generation of incident reports and other collateral

  • Investigate and analyze all response activities related to cyber incidents

  • Plan, coordinate and direct recovery activities and incident analysis tasks

  • Examine all available information and supporting evidence or artefacts related to an incident or event

  • Collect data using forensic technology methods in accordance with evidence handling procedures, including collection of hard copy and electronic documents

  • Conduct reverse engineering for known and suspected malware files

  • Perform detailed evaluation of the data and any evidence of activity in order to analyze the full circumstances and implications of the event

  • Identify data, images and/or activity which may be the target of an internal investigation

  • Establish threat intelligence and key learning points to support pro-active profiling and scenario modelling

  • Search file slack space where PC type technologies are employed

  • File MAC times (Modified, Accessed, and Create dates and times) as evidence of access and event sequences

  • Examine file type and file header information

  • Review e-mail communications including web mail and Internet Instant Messaging programs

  • Examine the Internet browsing history

  • Generate reports which detail the approach, and an audit trail which documents actions taken to support the integrity of the internal investigation process

  • Recover active, system and hidden files with date/time stamp information

  • Crack (or attempt to crack) password protected files

  • Perform anti-forensics detection

  • Maintain awareness and follow laboratory evidence handling, evidence examination, laboratory safety, and laboratory security policy and procedures

  • Play a role of first responder by securing and evaluating a cybercrime scene, conducting preliminary interviews, documenting crime scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence, reporting of the crime scene

  • Perform post-intrusion analysis of electronic and digital media to determine the who, where, what, when, and how the intrusion occurred

  • Apply advanced forensic tools and techniques for attack reconstruction

  • Perform fundamental forensic activities and form a base for advanced forensics

  • Identify and check the possible source/incident origin

  • Perform event co-relation

  • Extract and analyze logs from various devices such as proxies, firewalls, IPSes, IDSes, Desktops, laptops, servers, SIM tools, routers, switches, AD servers, DHCP servers, Access Control Systems, etc.

  • Ensure that reported incident or suspected weaknesses, malfunctions and deviations are handled with confidentiality

  • Assist in the preparation of search and seizure warrants, court orders, and subpoenas

  • Provide expert witness testimony in support of forensic examinations conducted by the examiner

CHFI  v9 Recognition / Endorsement / Mapping