Computer Hacking Forensic Investigator V9

EC Council
USD 1418
Computer Hacking Forensic Investigator V9

Computer hacking forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks.

Course Overview

DURATION - 5 Day (s)
TRAINING METHOD  - Advanced Ethical Hacking In Class

Computer hacking forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks.

Computer crime in today’s cyber world is on the rise. Computer Investigation techniques are being used by police, government, and corporate entities globally and many of them turn to EC-Council for our Computer Hacking Forensic Investigator CHFI Certification Program.

Computer Security and Computer investigations are changing terms. More tools are invented daily for conducting Computer Investigations, be it computer crime, digital forensics, computer investigations, or even standard computer data recovery. The tools and techniques covered in EC-Council’s CHFI program will prepare the student to conduct computer investigations using groundbreaking digital forensics technologies.

Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crimes or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. CHFI investigators can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information known as computer data recovery. 


• IT/forensics professionals with basic knowledge on
IT/cybersecurity, computer forensics, and incident
• Prior completion of CEH training would be an

• Anyone interested in cyber forensics/investigations
• Incident response team members
• Information security managers
• Network defenders
• IT professionals, IT directors/managers
• System/network engineers
• Security analyst/ architect/auditors/ consultants

At course completion
Upon completing this course, the learner will be able to understand:
• Perform incident response and forensics
• Perform electronic evidence collections
• Perform digital forensic acquisitions
• Perform bit-stream Imaging/acquiring of the digital media
seized during the process of investigation.
• Examine and analyze text, graphics, multimedia, and digital images
• Conduct thorough examinations of computer hard disk
drives, and other electronic data storage media
• Recover information and electronic data from computer hard drives and other data storage devices
• Follow strict data and evidence handling procedures
• Maintain audit trail (i.e., chain of custody) and evidence integrity
• Work on technical examination, analysis, and reporting of computer-based evidence
• Prepare and maintain case files
• Utilize forensic tools and investigative methods to find electronic data, including Internet use history, word processing documents, images, and other files
• Gather volatile and non-volatile information from Windows, MAC, and Linux
• Recover deleted files and partitions in Windows, Mac OS X, and Linux
• Perform keyword searches including using target words or phrases
• Investigate events for evidence of insider threats or attacks
• Support the generation of incident reports and other collateral
• Investigate and analyze all response activities related to cyber incidents
• Plan, coordinate and direct recovery activities and incident analysis tasks
• Examine all available information and supporting
evidence or artifacts related to an incident or event
• Collect data using forensic technology methods in accordance with evidence handling procedures,
including a collection of hard copy and electronic documents
• Conduct reverse engineering for known and suspected malware files
• Identify data, images, and/or activity that may be the target of an internal investigation
• Perform detailed evaluation of the data and any evidence of activity in order to analyze the full circumstances and implications of the event
• Establish threat intelligence and key learning points to support pro-active profiling and scenario modeling
• Search file slack space where PC type technologies are employed
• File MAC times (Modified, Accessed, and Create dates and times) as evidence of access and event sequences
• Examine file type and file header information
• Review e-mail communications including webmail
and Internet Instant Messaging programs
• Examine the Internet browsing history
• Generate reports which detail the approach, and an audit trail which documents actions taken to support the integrity of the internal investigation process
• Recover active, system, and hidden files with
date/time stamp information
• Crack (or attempt to crack) password protected files

Module 1:  Computer Forensics in Today’s World
Module 2:  Computer Forensics Investigation Process
Module 3:  Understanding hard disks and file systems
Module 4:  Data acquisition and duplication
Module 5:  Defeating anti-forensics techniques
Module 6:  Operating System Forensics
Module 7:  Network Forensics
Module 8:  Investigating web attacks
Module 9:  Database Forensics
Module 10:  Cloud Forensics
Module 11:  Malware Forensics
Module 12:  Investigating email crimes
Module 13:  Mobile Forensics
Module 14:  Forensics report writing and presentation 



register for this course