Computer Hacking Forensic Investigator v10 (CHFI v10)

Overview

EC-Council’s Certified Hacking Forensic Investigator (CHFI) is the only comprehensive ANSI accredited, lab-focused program in the market that gives organizations vendor-neutral training in digital forensics. CHFI provides its attendees with a firm grasp of digital forensics, presenting a detailed and methodological approach to digital forensics and evidence analysis that also pivots around Dark Web, IoT, and Cloud Forensics. The tools and techniques covered in this program will prepare the learner for conducting digital investigations using ground-breaking digital forensics technologies.

The program is designed for IT professionals involved with information system security, computer forensics, and incident response. It will help fortify the application knowledge in digital forensics for forensic analysts, cybercrime investigators, cyber defense forensic analysts, incident responders, information technology auditors, malware analysts, security consultants, and chief security officers.

The program equips candidates with the necessary skills to proactively investigate complex security threats, allowing them to investigate, record, and report cybercrimes to prevent future attacks

Duration

05 days (40 hours)

Objectives
  • CHFI provides necessary skills to perform effective digital forensic investigation.
  • It is a comprehensive course covering major forensic investigation scenarios that enables students to acquire necessary hands-on experience on various forensic investigation techniques and standard forensic tools necessary to successfully carryout computer forensic investigation leading to prosecution of perpetrators.
  • CHFI presents a methodological approach to computer forensic including searching and seizing, chain-of-custody, acquisition, preservation, analysis and reporting of digital evidence.
Intended Audience:

The CHFI program is designed for all IT professionals involved with information system security, computer forensics, and incident response.

  • Police and other law enforcement personnel
  • Defense and Security personnel
  • e-Business Security professionals
  • Legal professionals
  • Banking, Insurance, and other professionals
  • Government agencies
  • IT managers
  • Digital Forensics Service Providers
Prerequisites:
  • IT/forensics professionals with basic knowledge on IT/cyber security, computer forensics, and incident response.
  • Prior completion of CEH training would be an advantage.
Course outlines:

CHFI v10 curriculum is a comprehensive course with 16 training modules covering major forensic investigation scenarios

1. Module 1. Computer forensics in today’s world

  • Understanding Computer Forensics
  • Why and When Do You Use Computer Forensics?
  • Cyber Crime (Types of Computer Crimes)
  • Case Study
  • Challenges Cyber Crimes Present For Investigators
  • Cyber Crime Investigation
  • Rules of Forensics Investigation
  • Understanding Digital Evidence
  • Types of Digital Evidence
  • Characteristics of Digital Evidence
  • Role of Digital Evidence
  • Sources of Potential Evidence
  • Rules of Evidence
  • Forensics Readiness
  • Computer Forensics as part of an Incident Response Plan
  • Need for Forensic Investigator
  • Roles and Responsibilities of Forensics Investigator
  • What makes a Good Computer Forensics Investigator?
  • Investigative Challenges
  • Legal and Privacy Issues
  • Code of Ethics
  • Accessing Computer Forensics Resources

2. Module 2. Computer forensics investigation process

  • Importance of Computer Forensics Process
  • Phases Involved in the Computer Forensics Investigation Process
  • Pre-investigation Phase
  • Investigation Phase
  • Post-investigation Phase

3. Module 3. Understanding hard disks and file systems

  • Hard Disk Drive Overview
  • Disk Partitions and Boot Process
  • Understanding File Systems
  • RAID Storage System
  • File System Analysis

4. Module 4. Data acquisition and duplication

  • Understand Data Acquisition Fundamentals
  • Understand Data Acquisition Methodology
  • Prepare an Image File for Examination
  • Acquisition Best Practices

5. Module 5. Defeating anti-forensics techniques

  • Understand Anti-forensics Techniques
  • Discuss Data Deletion and Recycle Bin Forensics
  • Illustrate File Carving Techniques and Ways to Recover Evidence from Deleted Partitions
  • Explore Password Cracking/Bypassing Techniques
  • Detect Steganography, Hidden Data in File System Structures, Trail Obfuscation, and File Extension Mismatch
  • Understand Techniques of Artifact Wiping, Overwritten Data/Metadata Detection, and Encryption
  • Detect Program Packers and Footprint Minimizing Techniques
  • Understand Anti-forensics Countermeasures

6. Module 6. Windows Forensics

  • Collect Volatile and Non-volatile Information
  • Perform Windows Memory and Registry Analysis
  • Examine the Cache, Cookie and History Recorded in Web Browsers
  • Examine Windows Files and Metadata
  • Understand ShellBags, LNK Files, and Jump Lists
  • Understand Text-based Logs and Windows Event Logs

7.  Module 7. Linux and Mac Forensics

  • Linux and Mac Forensics
  • Analyze Filesystem Images Using The Sleuth Kit
  • Demonstrate Memory Forensics Using Volatility & PhotoRec
  • Understand Mac Forensics

8.  Module 8. Network Forensics

  • Understand Network Forensics
  • Explain Logging Fundamentals and Network Forensic Readiness
  • Explain Logging Fundamentals and Network Forensic Readiness
  • Identify Indicators of Compromise (IoCs) from Network Logs
  • Investigate Network Traffic
  • Perform Incident Detection and Examination with SIEM Tools
  • Monitor and Detect Wireless Network Attacks

9. Module 9. Investigating Web Attacks

  • Understand Web Application Forensics
  • Understand Internet Information Services (IIS) Logs
  • Understand Apache Web Server Logs
  • Understand the Functionality of Intrusion Detection System (IDS)
  • Understand the Functionality of Web Application Firewall (WAF)
  • Investigate Web Attacks on Windows-based Servers
  • Detect and Investigate Various Attacks on Web Applications

10.  Module 10. Dark Web Forensics

  • Understand the Dark Web
  • Determine How to Identify the Traces of Tor Browser during Investigation
  • Perform Tor Browser Forensics

11. Module 11. Database Forensics

  • Understand Internal Architecture of MySQL and Structure of Data Directory
  • Determine Data Storage and Database Evidence Repositories in MSSQL Server
  • Collect Evidence Files on MSSQL Server
  • Perform MSSQL Forensics
  • Understand Internal Architecture of MySQL and Structure of Data Directory
  • Understand Information Schema and List MySQL Utilities for Performing Forensic Analysis
  • Perform MySQL Forensics on WordPress Web Application Database

12. Module 12. Cloud Forensics

  • Understand the Basic Cloud Computing Concepts
  • Understand Cloud Forensics
  • Understand the Fundamentals of Amazon Web Services (AWS)
  • Determine How to Investigate Security Incidents in AWS
  • Understand the Fundamentals of Microsoft Azure
  • Determine How to Investigate Security Incidents in Azure
  • Understand Forensic Methodologies for Containers and Microservices

13.  Module 13. Investigating Email Crimes

  • Understand Email Basics
  • Understand Email Crime Investigation and its Steps
  • Laws Against Email Crime

14. Module 14. Malware Forensics

  • Expert Define Malware and Identify the Common Techniques Attackers Use to Spread Malware
  • Understand Malware Forensics Fundamentals and Recognize Types of Malware Analysis
  • Understand and Perform Static Analysis of Malware
  • Analyze Suspicious Word and PDF Documents
  • Understand Dynamic Malware Analysis Fundamentals and Approaches
  • Analyze Malware Behavior on System Properties in Real-time
  • Analyze Malware Behavior on Network in Real-time
  • Describe Fileless Malware Attacks and How they Happen
  • Perform Fileless Malware Analysis – Emotet

15. Module 15. Mobile Forensics

  • Understand the Importance of Mobile Device Forensics
  • Illustrate Architectural Layers and Boot Processes of Android and iOS Devices
  • Explain the Steps Involved in Mobile Forensics Process
  • Understand SIM File System and its Data Acquisition Method
  • Illustrate Phone Locks and Discuss Rooting of Android and Jailbreaking of iOS Devices
  • Perform Logical Acquisition on Android and iOS Devices
  • Discuss Mobile Forensics Challenges and Prepare Investigation Report

16. Module 16. IoT Forensics

  • Understand IoT and IoT Security Problems
  • Recognize Different Types of IoT Threats
  • Understand IoT Forensics
  • Perform Forensics on IoT Devices
  • Học trực tuyến

  • Ngày khai giảng : 20-12-2021
  • Giờ học : 18h00 - 21h00
  • Ngày học : Thứ 2 - 4 - 6
  • Thời lượng : 40h
  • Học phí : Liên hệ

  • Học tại Hồ Chí Minh

  • Học tại Hà Nội


Các khóa học khác