The Certified Hacking Forensic Investigator (C|HFI) credential is the most trusted digital forensics certification valued by employers worldwide. The comprehensive curriculum aligns with all crucial global digital forensic job roles. It covers a detailed and methodological approach to digital forensics and evidence analysis, including areas such as Dark Web, IoT, and Cloud Forensics. Upon achieving the C|HFI certification, you will be empowered with the skills and expertise needed to conduct digital investigations using groundbreaking technologies.
WHAT’S NEW IN CHFI V9?
- Updated information as per the latest developments with a proper flow.
- New investigation techniques and updated forensic investigation tools.
- Classroom-friendly with a graphical representation of concepts and attacks.
- Exclusive section for best practices to follow during a forensic investigation.
- Exclusive section for disk acquisition tools requirements to carry out the successful investigation.
- New and rich presentation style with engaging graphics.
- Latest OS covered and a patched testing environment.
- Well tested, result-oriented, descriptive, and analytical lab manual to evaluate the presented concepts.
- Sample evidence files (~6GB) are provided that assist participant to carry out an analysis.
- CHFIv9 is accompanied by iLabs.
- Forensic challenges based real-time scenarios are provided in the Lab manual to practice.
WHY CHFI?
- The program is developed after a thorough job tasks analysis and market research.
- It is designed and developed by experienced SMEs and digital forensic practitioners.
- CHFI is a vendor neutral course covering all major forensics investigations technologies and solutions.
- Detailed labs for hands-on learning experience; approximately 40% of training time is dedicated to labs.
- It covers all the relevant knowledge-bases and skills to meet with regulatory compliance standards such as ISO 27001, PCI DSS, SOX, HIPPA, etc.
- More than 40 GB of digital forensics and evidence analysis tools.
- Student kit which contains large number of white papers for additional reading.
- The program presents a repeatable forensics investigation methodology required from a versatile digital forensic professional which increases your employability.
- The student kit contains a large number of forensics investigation templates for evidence collection, chain-of-custody, final investigation reports, etc.
- The program comes with cloud-based virtual labs enabling participants to practice various investigation techniques in a real-time and simulated environment.
Course Outline
Lesson 1: Computer Forensics in Today’s World
- Fundamentals of Computer Forensics
- Cybercrimes and Their Investigation Procedures
- Digital Evidence and eDiscovery
- Forensic Readiness
- Roles of Various Processes and Technologies in Computer Forensics
- Roles and Responsibilities of a Forensic Investigator
- Challenges Faced in Investigating Cybercrimes
- Standards and Best Practices in Computer Forensics
- Laws and Legal Compliance in Computer Forensics
Lesson 2: Computer Forensics Investigation Process
- Forensic Investigation Process and Its Importance
- First Response
- Pre-Investigation Phase
- Investigation Phase
- Post-Investigation Phase
Labs:
- Create a hard disk image file for forensic investigation and recover the data
Lesson 3: Understanding Hard Disks and File Systems
- Disk Drives and Their Characteristics
- Logical Structure of a Disk
- Booting Process of Windows, Linux, and macOS Operating Systems
- File Systems of Windows, Linux, and macOS Operating Systems
- File System Analysis
- Storage Systems
- Encoding Standards and Hex Editors
- Analyzing Popular File Formats
Labs:
- Analyze the file systems of Linux and Windows evidence images and recover deleted files
- Analyze file formats
Lesson 4: Data Acquisition and Duplication
- Data Acquisition
- eDiscovery
- Data Acquisition Methodology
- Preparing an Image File for Examination
Labs:
- Create a forensic image for examination and convert it into various supported formats for data acquisition.
Lesson 5: Defeating Anti-Forensic Techniques
- Anti-Forensics Techniques
- Data Deletion and Recycle Bin Forensics
- File Carving Techniques and Methods for Recovering Evidence from Deleted Partitions
- Password Cracking/Bypassing Techniques
- Steganography, Hidden Data in File System Structures, Trail Obfuscation, and File Extension
- Mismatches
- Techniques for Artifact Wiping, Overwritten Data/Metadata Detection, and Encryption
- Program Packers and Footprint Minimization Techniques
Labs:
- Perform solid-state drive (SSD) file carving on.
- Windows and Linux file systems.
- Recover lost or deleted partitions and their contents.
- Crack passwords of various applications.
- Detect hidden data streams and unpack program packers.
Lesson 6: Operating Systems Forensics
- Windows Forensics
- Collect Volatile Information
- Collect Non-Volatile Information
- Windows Memory Analysis
- Windows Registry Analysis
- Electron Application Analysis
- Web Browser Forensics
- Examine Windows Files and Metadata
- ShellBags, LNK Files, and Jump Lists
- Text-Based Logs and Windows Event Logs
Labs:
- Acquire and investigate RAM and Windows registry contents.
- Examine forensic artifacts from web browsers.
- Identify and extract forensic evidence from computers.
Lesson 7: Network Forensics
- Collect Volatile Information in Linux
- Collect Non-Volatile Information in Linux
- Linux Memory Forensics
- Mac Forensics
- Collect Volatile Information in Mac
- Collect Non-Volatile Information in Mac
- Mac Memory Forensics and Mac Forensics Tools
Labs:
- Perform volatile and non-volatile data acquisition on Linux and Mac computers.
- Perform memory forensics on a Linux machine.
Lesson 8: Investigating Web Attacks
- Network Forensics
- Event Correlation
- Indicators of Compromise (IoCs) from Network Logs
- Investigate Network Traffic
- Incident Detection and Examination
- Wireless Network Forensics
- Detect and Investigate Wireless Network Attacks
Labs:
- Identify and investigate network attacks.
- Analyze network traffic for artifacts.
Lesson 9: Database Forensics
- Malware
- Malware Forensics
- Static Malware Analysis
- Analyze Suspicious Documents
- System Behavior Analysis
- Network Behavior Analysis
- Ransomware Analysis
Labs:
- Perform static malware analysis.
- Analyze a suspicious PDF file and Microsoft Office document.
- Emotet malware analysis
Lesson 10: Cloud Forensics
- Web Application Forensics
- Internet Information Services (IIS) Logs
- Apache Web Server Logs
- Detect and Investigate Various Attacks on Web Applications
Labs:
- Identify and investigate web application attacks
Lesson 11: Malware Forensics
- Dark Web and Dark Web Forensics
- Identify the Traces of Tor Browser during Investigation
- Tor Browser Forensics
Labs:
- Detect Top Browser Activity and examine RAM dumps to discover Tor Browser artifacts
Lesson 12: Investigating Email Crimes
- Cloud Computing
- Cloud Forensics
- Amazon Web Services (AWS) Fundamentals
- AWS Forensics
- Microsoft Azure Fundamentals
- Microsoft Azure Forensics
- Google Cloud Fundamentals
- Google Cloud Forensics
Labs:
- Forensic acquisition and examination of an Amazon EC2 Instance, Azure VM, and GCP VM
Lesson 13: Mobile Forensics
- Email Basics
- Email Crime Investigation and its Steps
- U.S. Laws Against Email Crime
- Social Media Forensics
Labs:
- Investigate a suspicious email to extract forensic evidence
Lesson 14: Forensic Report Writing and Presentation
- Mobile Device Forensics
- Android and iOS Architecture and Boot Process
- Mobile Forensics Process
- Investigating Cellular Network Data
- File System Acquisition
- Phone Locks, Rooting, and Jailbreaking of Mobile Devices
- Logical Acquisition of Mobile Devices
- Physical Acquisition of Mobile Devices
- Android and iOS Forensic Analysis
Labs:
- Examine an Android image file and carve deleted files
Lesson 15: IoT Forensics
- IoT Concepts
- IoT Device Forensics