The Computer Hacking Forensic Investigator (CHFI) course delivers the
security discipline of digital forensics from a vendor-neutral perspective.
CHFI is a comprehensive course covering major forensic investigation
scenarios and enabling students to acquire necessary hands-on experience
with various forensic investigation techniques and standard forensic tools
necessary to successfully carry out a computer forensic investigation
leading to the prosecution of perpetrators.
The CHFI certification gives participants (Law enforcement personnel, system
administrators, security officers, defense and military personnel, legal
professionals, bankers, security professionals, and anyone who is concerned
about the integrity of the network infrastructure.) the necessary skills to
perform an effective digital forensics investigation.
CHFI presents a methodological approach to computer forensics including
searching and seizing, chain-of-custody, acquisition, preservation, analysis
and reporting of digital evidence.
What will you learn?
By the end of this course you will be able to:
-
Establish threat intelligence and key learning points to support
pro-active profiling and scenario modeling
-
Perform anti-forensic methods detection
-
Perform post-intrusion analysis of electronic and digital media to
determine the who, where, what, when, and how the intrusion occurred
-
Extract and analyze of logs from various devices like proxy, firewall,
IPS, IDS, Desktop, laptop, servers, SIM tool, router, firewall, switches
AD server, DHCP logs, Access Control Logs & conclude as part of
investigation process.
-
Identify & check the possible source / incident origin.
-
Recover deleted files and partitions in Windows, Mac OS X, and Linux
-
Conduct reverse engineering for known and suspected malware files
-
Collect data using forensic technology methods in accordance with
evidence handling procedures, including collection of hard copy and
electronic documents
What does it take to earn this
certification?
In order to maintain the high integrity of our certification exams,
EC-Council Exams are provided in multiple forms (I.e. different question
banks). Each form is carefully analysed through beta testing with an
appropriate sample group under the purview of a committee of subject matter
experts that ensure that each of our exams not only has academic rigour but
also has “real world” applicability. We also have a process to determine the
difficulty rating of each question. The individual rating then contributes
to an overall “Cut Score” for each exam form. To ensure each form has equal
assessment standards, cut scores are set on a “per exam form” basis.
Depending on which exam form is challenged, cut scores can range from 60% to
78%.