COURSE OVERVIEW

EC-Council's CHFI program equips cybersecurity professionals with the knowledge and skills to conduct effective digital forensics investigations and support forensic readiness. Learn a structured forensics methodology, including evidence handling procedures, chain of custody, acquisition, preservation, analysis, and reporting of digital evidence, along with the legal considerations required to help ensure admissibility in court. Build capabilities beyond traditional hardware and memory forensics, including cloud, mobile, and loT forensics, web application attack investigations, and malware forensics. CHFI also prepares you to validate and triage incidents and support incident response teams.

·      Build job-ready skills through 68 immersive forensics labs

·      Earn a globally recognized credential valued by employers

·      Flexible learning options that fit around your current job

The Computer Hacking Forensics Investigator (CHFI) is a globally recognized certification with flexible learning options tailored to your schedule and goals. It equips you with the skills to build a rewarding career in digital forensics and DFIR, and to become a valuable member of a blue team.

Duration: 5 days / 40 hours

Delivery Method: Classroom-based, Virtual Instructor Led Training

COURSE OUTLINE

Module 01: Computer Forensics in Today's World

o  Fundamentals of Computer Forensics

o  Cybercrimes and their Investigation Procedures

o  Digital Evidence and eDiscovery

o  Forensic Readiness

o  Role of Various Processes and Technologies in Computer Forensics

o  Roles and Responsibilities of a Forensic Investigator

o  Challenges Faced in Investigating Cybercrimes

o  Standards and Best Practices Related to Computer Forensics

o  Laws and Legal Compliance in Computer Forensics

o  Key topics covered:

§ Scope of Computer Forensics

§ Types of Cybercrimes

§ Cyber Attribution

§ Cybercrime Investigation

§ Types and Role of Digital Evidence

§ Sources of Potential Evidence

§ Federal Rules of Evidence (United States)

§ Forensic Readiness and Business Continuity

§ Incident Response Process Flow

§ Role of Artificial Intelligence in Computer Forensics

§ Forensics Automation and Orchestration

§ Roles and Responsibilities of a Forensics Investigator

§ Code of Ethics

§ Challenges Cybercrimes Pose to Investigators

§ ISO Standards

§ Computer Forensics and Legal Compliance.

Module 02: Computer Forensics Investigation Process

o  Forensic Investigation Process and its Importance

o  First Response

o  Pre-Investigation Phase

o  Investigation Phase

o  Post-Investigation Phase

o  Labs:

§ Create a hard disk image file for forensics investigation and recover the data.

o  Key topics covered:

§ Phases Involved in the Computer Forensics Investigation Process

§ First Response

§ Roles of First Responder

§ First Response: Different Situations

§ Setting Up a Computer Forensics Lab

§ Understanding Hardware and Software Requirements of a Forensics Lab

§ Building Security Content

§ Scripts

§ Tools

§ Methods to Enhance Forensic Processes

§ Documenting the Electronic Crime Scene

§ Search and Seizure

§ Evidence Preservation

§ Data Acquisition

§ Case Analysis

§ Reporting

§ Testifying as an Expert Witness

·      Module 03: Understanding Hard Disks and File Systems

o  Logical Structure of a Disk

o  Booting Process of Windows, Linux, and macOS Operating Systems

o  File Systems of Windows, Linux, and macOS Operating Systems

o  File System Analysis

o  Storage Systems

o  Encoding Standards and Hex Editors

o  Analyze Popular File Formats

o  Labs:

§ Analyze file system of Linux and Windows evidence images and recover the deleted files.

§ Analyze file formats.

o  Key topics covered:

§ Hard Disk Drive

§ Solid-State Drive (SSD)

§ Disk Interfaces

§ Logical Structure of Disks

§ Windows Boot Process

§ macOS Boot Process

§ Linux Boot Process

§ Windows File Systems

§ Linux File Systems

§ macOS File Systems

§ File System Analysis

§ File System Timeline Creation, and Analysis

§ RAID Storage System

§ Differences between NAS and SAN

§ Character Encoding Standards

§ Hex Editors

§ PDF File Analysis

§ Word File Analysis

§ PowerPoint File Analysis

§ Excel File Analysis

Module 04: Data Acquisition and Duplication

o  Data Acquisition

o  eDiscovery

o  Data Acquisition Methodology

o  Preparing an Image File for Examination

o  Labs:

§ Create a forensics image for examination and convert it into various supportive formats for data acquisition.

o  Key topics covered:

§ Live Acquisition

§ Dead Acquisition

§ Data Acquisition Format

§ eDiscovery Collection Methodologies

§ eDiscovery Tools

§ Determine the Data Acquisition Method

§ Select Data Acquisition Tool

§ Sanitize Target Media

§ Acquire Volatile Data

§ Enable Write Protection on the Evidence Media

§ Acquire Non-Volatile Data

§ Plan for Contingency

§ Validate Data Acquisition

§ Preparing an Image for Examination and Digital Forensic Imaging Tools

Module 05: Defeating Anti-Forensics Techniques

o  Anti-Forensics Techniques

o  Data Deletion and Recycle Bin Forensics

o  File Carving Techniques and Ways to Recover Evidence from Deleted Partitions

o  Password Cracking/Bypassing Techniques

o  Steganography, Hidden Data in File System Structures, Trail Obfuscation, and File Extension

o  Mismatch

o  Techniques of Artifact Wiping, Overwritten Data/Metadata Detection, and Encryption

o  Program Packers and Footprint Minimizing Techniques

o  Labs:

§ Perform Solid-state drive (SSD) file carving on Windows and Linux file systems.

§ Recover lost/deleted partitions and their contents.

§ Crack passwords of various applications.

§ Detect hidden data streams and unpack program packers.

o  Key topics covered:

§ Challenges to Forensics from Anti-Forensics

§ Anti-Forensics Techniques

§ Data/File Deletion

§ Recycle Bin in Windows

§ File Carving

§ Recovering Deleted Partitions

§ Password Cracking Tools

§ Bypassing Windows User Password

§ Steganography

§ Alternate Data Streams

§ Trail Obfuscation

§ Overwriting Data/Metadata

§ Encryption

§ Program Packers

§ Anti-Forensics Techniques that Minimize Footprint.

Module 06: Windows Forensics

o  Collect Volatile Information

o  Collect Non-volatile Information

o  Windows Memory Analysis

o  Windows Registry Analysis

o  Electron Application Analysis

o  Web Browser Forensics

o  Examine Windows Files and Metadata

o  ShellBags, LNK Files, and Jump Lists

o  Text-based Logs and Windows Event Logs

o  Labs:

§ Acquire and investigate RAM and Windows registry contents.

§ Examine forensic artifacts from web browsers.

§ Identify and extract forensic evidence from computers.

o  Key topics covered:

§ Windows Forensics Methodology

§ Collecting Volatile Information

§ Collecting Non-volatile Information

§ Collecting Windows Domain Information

§ Examining Compressed Files

§ Windows Memory Analysis

§ Memory Forensics

§ Windows Registry Analysis

§ Electron Application Forensics

§ Web Browser Forensics

§ Carving SQLite Database Files

§ Windows File Analysis

§ Metadata Investigation

§ Windows ShellBags

§ Analyzing LNK Files

§ Analyzing Jump Lists

§ Windows 11 Event Logs

§ Windows Forensics Tools.

Module 07: Linux and Mac Forensics

o  Collect Volatile Information in Linux

o  Collect Non-Volatile Information in Linux

o  Linux Memory Forensics

o  Mac Forensics

o  Collect Volatile Information in Mac

o  Collect Non-Volatile Information in Mac

o  Mac Memory Forensics and Mac Forensics Tools

o  Labs:

§ Perform volatile and non-volatile data acquisition on Linux and Mac computers.

§ Perform memory forensics on a Linux machine.

o  Key topics covered:

§ Collecting Volatile Information

§ Collecting Non-Volatile Information

§ Linux Memory Forensics

§ Mac Forensics Data

§ Mac Log Files

§ Mac Directories

§ Mac Memory Forensics

§ PFS Analysis

§ Parsing Metadata on Spotlight

§ Mac Forensics Tools