Computer Hacking Forensic Investigator v9 (CHFI v9)

Overview

CHFI v9 covers detailed methodological approach to computer forensic and evidence analysis. It provides the necessary skillset for identification of intruder’s footprints and gathering necessary evidence for its prosecution. All major tools and theories used by cyber forensic industry are covered in the curriculum.

The certification can fortify the applied knowledge level of law enforcement personnel, system administrators, security officers, defense and military personnel, legal professionals, bankers, computer and network security professionals, and anyone who is concerned about the integrity of the network and digital investigations.

Duration

05 days (40 hours)

Objectives
  • CHFI provides necessary skills to perform effective digital forensic investigation.
  • It is a comprehensive course covering major forensic investigation scenarios that enables students to acquire necessary hands-on experience on various forensic investigation techniques and standard forensic tools necessary to successfully carryout computer forensic investigation leading to prosecution of perpetrators.
  • CHFI presents a methodological approach to computer forensic including searching and seizing, chain-of-custody, acquisition, preservation, analysis and reporting of digital evidence.
Intended Audience:
  • Anyone interested in cyber forensics/investigations.
  • Attorneys, legal consultants, and lawyers.
  • Law enforcement officers.
  • Police officers.
  • Federal/ government agents.
  • Defense and military.
  • Detectives/ investigators Incident response team members.
  • Information security managers.
  • Network defenders.
  • IT professionals, IT directors/managers.
  • System/network engineers.
  • Security analyst/ architect/auditors/ consultants.
Prerequisites:
  • IT/forensics professionals with basic knowledge on IT/cyber security, computer forensics, and incident response.
  • Prior completion of CEH training would be an advantage.
Course outlines:

CHFI v9 curriculum is a comprehensive course with 14 training modules covering major forensic investigation scenarios

1. Module 1. Computer forensics in today’s world

  • Understanding Computer Forensics
  • Why and When Do You Use Computer Forensics?
  • Cyber Crime (Types of Computer Crimes)
  • Case Study
  • Challenges Cyber Crimes Present For Investigators
  • Cyber Crime Investigation
  • Rules of Forensics Investigation
  • Understanding Digital Evidence
  • Types of Digital Evidence
  • Characteristics of Digital Evidence
  • Role of Digital Evidence
  • Sources of Potential Evidence
  • Rules of Evidence
  • Forensics Readiness
  • Computer Forensics as part of an Incident Response Plan
  • Need for Forensic Investigator
  • Roles and Responsibilities of Forensics Investigator
  • What makes a Good Computer Forensics Investigator?
  • Investigative Challenges
  • Legal and Privacy Issues
  • Code of Ethics
  • Accessing Computer Forensics Resources

2. Module 2. Computer forensics investigation process

  • Importance of Computer Forensics Process
  • Phases Involved in the Computer Forensics Investigation Process
  • Pre-investigation Phase
  • Investigation Phase
  • Post-investigation Phase

3. Module 3. Understanding hard disks and file systems

  • Hard Disk Drive Overview
  • Disk Partitions and Boot Process
  • Understanding File Systems
  • RAID Storage System
  • File System Analysis

4. Module 4. Data acquisition and duplication

  • Data Acquisition and Duplication Concepts
  • Static Acquisition
  • Validate Data Acquisitions
  • Acquisition Best Practices

5. Module 5. Defeating anti-forensics techniques

  • What is Anti-Forensics?
  • Anti-Forensics techniques

6. Module 6. Operating system forensics

  • Determining the Best Acquisition Method
  • Planning Data Recovery Contingencies
  • Using MS-DOS Acquisition Tools
  • Understanding How DriveSpy Accesses Sector Ranges
  • Data Preservation Commands
  • Using DriveSpy Data Manipulation Commands
  • Using Windows Acquisition Tools
  • AccessData FTK Explorer
  • Acquiring Data on Linux Computers
  • Using Other Forensics Acquisition Tools
  • Exploring SnapBack DatArrest
  • Exploring SafeBack
  • Exploring EnCase
  • Tool: R-Drive Image
  • Tool: DriveLook
  • Tool: DiskExplorer for NTFS

7.  Module 7. Network forensics

  • Introduction to Network Forensics
  • Fundamental Logging Concepts
  • Event Correlation Concepts
  • Network Forensic Readiness
  • Network Forensics Steps
  • Network Traffic Investigation

8.  Module 8. Investigating web attacks

  • Introduction to Web Application Forensics
  • Web Attack Investigation
  • Investigating Web Server Logs
  • Web Attack Detection Tools
  • Tools for Locating IP Address
  • WHOIS Lookup Tools

9. Module 9. Database forensic

  • Database Forensics and Its Importance
  • MSSQL Forensics
  • MySQL Forensics
  • Module 10: Cloud Forensics
  • Introduction to Cloud Computing
  • Cloud Forensics

10.  Module 10. Cloud forensic

11. Module 11. Malware forensic

  • Introduction to Malware
  • Introduction to Malware Forensics

12. Module 12. Investigating email crimes

  • Email System
  • Email Crimes (Email Spamming, Mail Bombing/Mail Storm, Phishing, Email Spoofing, Crime via Chat Room, Identity Fraud/Chain Letter)
  • Email Message
  • Steps to Investigate Email Crimes and Violation

13.  Module 13. Mobile forensic

  • Mobile Device Forensics

14. Module 14. Investigative Reports

  • Writing Investigation Reports
  • Expert Witness Testimony
  • Online

  • At Ho Chi Minh City

  • At Ha Noi


Other courses