EC-Council Computer Hacking Forensics Investigator (CHFI) v11
EC-Council’s C|HFI program prepares cybersecurity professionals with the knowledge and skills to perform effective digital forensics investigations and bring their organization into a state of forensic readiness. Establishing the forensics process, lab, evidence handling procedures, and investigation techniques are required to validate/triage incidents and point the incident response teams in the right direction. Forensic readiness is crucial as it can differentiate between a minor incident and a major cyber-attack that brings a company to its knees.
This intense hands-on digital forensics program immerses students in over 68 forensic labs, working on crafted evidence files utilizing the tools of the world’s top digital forensics professionals. Students will go beyond traditional hardware and memory forensics, covering current topics in cloud forensics, mobile and IoT, and investigating web application attacks and malware forensics. The C|HFI presents a methodological approach to computer forensics, including searching and seizing, chain-of-custody, acquisition, preservation, analysis, and reporting of digital evidence. Students learn various forensic investigation techniques and standard forensic tools. As they learn how to acquire and manage evidence through various operating environments, students also learn the chain of custody and legal procedures required to preserve evidence and ensure it is admissible in court, enabling the eventual prosecution of cyber criminals and containing liability on the victim organization.
By the end of this course, participants will be able to:
-
Understand the fundamentals of computer forensics, digital evidence, and forensic readiness.
-
Establish and operate a forensics lab, including tools, policies, and evidence handling procedures.
-
Apply proper methodologies for acquisition, preservation, analysis, and presentation of digital evidence.
-
Conduct in-depth forensic investigations across multiple platforms:
-
Windows, Linux, and Mac systems
-
Mobile devices and IoT environments
-
Cloud infrastructures and virtual environments
-
Web applications and malware incidents
-
-
Perform data recovery, password cracking, log analysis, and email forensics.
-
Utilize industry-standard forensic tools and techniques to investigate and document incidents.
-
Follow chain-of-custody procedures and legal frameworks to ensure evidence is admissible in court.
-
Support incident response teams by validating, triaging, and escalating cyber incidents.
-
Law enforcement personnel
-
Defense and military personnel
-
e-Business security professionals
-
Legal professionals
-
Banking, insurance, and other professionals
-
Government agencies
-
IT managers
-
Digital Forensics and Cybersecurity professionals
-
Anyone concerned with the integrity of the network infrastructure
IT/forensics professionals with basic knowledge of IT/cybersecurity, computer forensics, incident response, and threat vectors.
-
Computer Forensics in Today’s World
-
Fundamentals of Computer Forensics
-
Cybercrimes and Investigation Procedures
-
Digital Evidence and eDiscovery
-
Forensic Readiness
-
Role of Processes and Technologies in Forensics
-
Roles and Responsibilities of a Forensic Investigator
-
Challenges in Cybercrime Investigations
-
Standards and Best Practices in Computer Forensics
-
Laws and Legal Compliance
-
Forensic Investigation Process and its Importance
-
First Response
-
Pre-investigation Phase
-
Investigation Phase
-
Post-investigation Phase
-
Types of Disk Drives and Characteristics
-
Logical Disk Structure
-
Booting Process of Windows, Linux, and macOS
-
File Systems of Windows, Linux, and macOS
-
File System Analysis
-
Storage Systems
-
Encoding Standards and Hex Editors
-
Analyzing Popular File Formats with Hex Editors
-
Data Acquisition Fundamentals
-
eDiscovery
-
Data Acquisition Methodology
-
Creating and Preparing Image Files for Examination
-
Anti-forensics Techniques
-
Data Deletion and Recycle Bin Forensics
-
File Carving and Recovery from Deleted Partitions
-
Password Cracking/Bypassing Techniques
-
Detecting Steganography, Hidden Data, Obfuscation, and File Extension Mismatch
-
Artifact Wiping, Overwritten Data/Metadata Detection, Encryption
-
Detecting Packers and Footprint Minimization
-
Windows Forensics Fundamentals
-
Collecting Volatile and Non-Volatile Data
-
Windows Memory Analysis
-
Windows Registry Analysis
-
Electron Application Analysis
-
Web Browser Forensics
-
Examining Files and Metadata
-
ShellBags, LNK Files, and Jump Lists
-
Text-based Logs and Event Logs
-
Collecting Volatile and Non-Volatile Data (Linux & Mac)
-
Linux Memory Forensics
-
Mac Forensics and Tools
-
Mac Memory Analysis
-
Network Forensics Fundamentals
-
Event Correlation Concepts
-
Indicators of Compromise (IoCs) from Logs
-
Network Traffic Investigation
-
Incident Detection and SIEM Analysis
-
Wireless Network Forensics
-
Detecting and Investigating Wireless Attacks
-
Malware Concepts and Forensics
-
Static Malware Analysis
-
Suspicious Document Analysis
-
System Behavior Analysis
-
Network Behavior Analysis
-
Ransomware Analysis
-
Web Application Forensics
-
IIS Log Analysis
-
Apache Log Analysis
-
Detecting and Investigating Web Attacks
-
Dark Web Concepts and Forensics
-
Tracing Tor Browser Activities
-
Tor Browser Forensics
-
Cloud Computing Concepts
-
Cloud Forensics Fundamentals
-
AWS Forensics
-
Microsoft Azure Forensics
-
Google Cloud Forensics
-
Email Basics
-
Email Crime Investigation Steps
-
U.S. Laws on Email Crime
-
Social Media Forensics
-
Mobile Device Forensics Fundamentals
-
Android and iOS Architecture, Boot Process, File Systems
-
Mobile Forensics Process
-
Investigating Cellular Network Data
-
File System Acquisition
-
Phone Locks, Rooting, Jailbreaking
-
Logical and Physical Acquisition on Mobile Devices
-
Android and iOS Forensic Analysis
-
IoT Concepts
-
Forensic Techniques for IoT Devices