Type
Virtual
Classroom ILT
Skill Level
Available dates
Learning Path
Virtual
Duration
1 Day
TYPE
Virtual
Classroom ILT
LEARNING PATH
SKILL LEVEL
DURATION
AVAILABLE DATES
Choose date
R24 400,00
Price excluding VAT
Introduction
Digital forensic practices stem from forensic science, the science of collecting and examining evidence or materials. Digital or computer forensics focuses on the digital domain including computer forensics, network forensics, and mobile forensics. As the cyber security profession evolves, organisations are learning the importance of employing digital forensic practices into their everyday activities. Computer forensic practices can help investigate attacks, system anomalies, or even help System administrators detect a problem by defining what is normal functional specifications and validating system information for irregular behaviours.
In the event of a cyber-attack or incident, it is critical investigations be carried out in a manner that is forensically sound to preserve evidence in the event of a breach of the law. Far too many cyber-attacks are occurring across the globe where laws are clearly broken and due to improper or non-existent forensic investigations, the cyber criminals go either unidentified, undetected, or are simply not prosecuted.
Cyber Security professionals who acquire a firm grasp on the principles of digital forensics can become invaluable members of Incident Handling and Incident response teams. The Computer Hacking Forensic Investigator course provides a strong baseline knowledge of key concepts and practices in the digital forensic domains relevant to today’s organisations. CHFI provides its attendees a firm grasp on the domains of digital forensics.
Audience profile
- Anyone interested in cyber forensics/investigations
- Incident response team members
- Information security managers
- Network defenders
- IT professionals, IT directors/managers
- System/network engineers
- Security analyst/ architect/auditors/ consultants
Pre-requisites
- IT/forensics professionals with basic knowledge on IT/cyber security, computer forensics, and incident response
- Prior completion of CEH training would be an advantage
Course objectives
Upon completing this course, the learner will be able to understand:
- Perform incident response and forensics
- Perform electronic evidence collections
- Perform digital forensic acquisitions
- Perform bit-stream Imaging/acquiring of the digital media seized during the process of investigation
- Examine and analyse text, graphics, multimedia, and digital images
- Conduct thorough examinations of computer hard disk drives, and other electronic data storage media
- Recover information and electronic data from computer hard drives and other data storage devices
- Follow strict data and evidence handling procedures
- Maintain audit trail (i.e., chain of custody) and evidence integrity
- Work on technical examination, analysis and reporting of computer-based evidence
- Prepare and maintain case files
- Utilize forensic tools and investigative methods to find electronic data, including Internet use history, word processing documents, images and other files
- Gather volatile and non-volatile information from Windows, MAC and Linux
- Recover deleted files and partitions in Windows, Mac OS X, and Linux
- Perform keyword searches including using target words or phrases
- Investigate events for evidence of insider threats or attacks
- Support the generation of incident reports and other collateral
- Investigate and analyse all response activities related to cyber incidents
- Plan, coordinate and direct recovery activities and incident analysis tasks
- Examine all available information and supporting evidence or artefacts related to an incident or event
- Collect data using forensic technology methods in accordance with evidence handling procedures, including collection of hard copy and electronic documents
- Conduct reverse engineering for known and suspected malware files
- Identify data, images and/or activity which may be the target of an internal investigation
- Perform detailed evaluation of the data and any evidence of activity to analyse the full circumstances and implications of the event
- Establish threat intelligence and key learning points to support pro-active profiling and scenario modelling
- Search file slack space where PC type technologies are employed
- File MAC times (Modified, Accessed, and Create dates and times) as evidence of access and event sequences
- Examine file type and file header information
- Review e-mail communications including web mail and Internet Instant Messaging programs
- Examine the Internet browsing history
- Generate reports which detail the approach, and an audit trail which documents actions taken to support the integrity of the internal investigation process
- Recover active, system and hidden files with date/time stamp information
- Crack (or attempt to crack) password protected files
- Perform anti-forensics detection
- Maintain awareness and follow laboratory evidence handling, evidence examination, laboratory safety, and laboratory security policy and procedures
- Play a role of first responder by securing and evaluating a cybercrime scene, conducting preliminary interviews, documenting crime scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence, reporting of the crime scene
- Perform post-intrusion analysis of electronic and digital media to determine the who, where, what, when, and how the intrusion occurred
- Apply advanced forensic tools and techniques for attack reconstruction
- Perform fundamental forensic activities and form a base for advanced forensics
- Identify and check the possible source/incident origin
- Perform event co-relation
- Extract and analyse logs from various devices such as proxies, firewalls, IPSes, IDSes, Desktops, laptops, servers, SIM tools, routers, switches, AD servers, DHCP servers, Access Control Systems, etc.
- Ensure that reported incident or suspected weaknesses, malfunctions and deviations are handled with confidentiality
- Assist in the preparation of search and seizure warrants, court orders, and subpoenas
- Provide expert witness testimony in support of forensic examinations conducted by the examiner
Course content
Module 01: Computer Forensic in Today’s World | |
|
|
|
|
|
|
|
|
Module 02: Computer Forensics Investigation Process | |
|
|
|
Understand the Post-investigation Phase |
|
|
Module 03: Understanding Hard Disk and File Systems | |
|
|
|
|
|
|
|
|
Module 04: Data Acquisition and Duplication | |
|
|
|
|
Module 05: Defeating Anti-forensics Techniques | |
|
|
|
|
|
|
|
|
Module 06: Windows Forensics | |
|
|
|
|
|
|
Module 07: Linux and Mac Forensics | |
|
|
|
|
Module 08: Network Forensics | |
|
|
|
|
|
|
|
|
Module 09: Investigating Web Attacks | |
|
|
|
|
|
|
|
|
Module 10: Dark Web Forensics | |
|
|
|
|
Module 11: Database Forensics | |
|
|
|
|
|
|
|
|
Module 12: Cloud Forensics | |
|
|
|
|
|
|
|
|
Module 13: Investigating Email Crimes | |
|
|
|
|
Module 14: Malware Forensics | |
|
|
|
|
|
|
|
|
|
|
Module 15: Mobile Forensics | |
|
|
|
|
|
|
|
|
|
|
Module 16: IoT Forensics | |
|
|
|
|
Associated certifications and exam
CHFI Program certifies individuals in the specific security discipline of computer forensics from a vendor-neutral perspective. The CHFI certification will fortify the application knowledge of anyone who is concerned about the integrity of the network infrastructure. This course prepares you for the CHFI 312-49 exam*.
Exam Details | Computer Hacking Forensic Investigator (CHFI exam) |
Exam Title | CHFI |
Number of Questions/Practical Challenges | 150 |
Test Duration | 4 Hours |
Test Format | Multiple Choice Questions |
Test Delivery | ECC EXAM, VUE portal |
Availability | ECC EXAM, VUE |
Exam Prefix | 312-49(ECC EXAM)
312-49(VUE) |
Passing Score | 70% |
On successful completion of this course students will receive a Torque IT attendance certificate.
Note:
When you attend any authorised EC Council training course at Torque IT you will receive the associated examination voucher as part of your course material. Your certification examination voucher can be used to book and pay for your certification examination at an Authorised EC Council Testing Center (ETC) only. If you are not able to sit your certification examination at Torque IT, and you have no other ETC locally available, you do have the ability to convert your examination voucher into a Pearson VUE examination voucher (Remote Procuring Services), at an additional cost.
EC-Council Overview
To beat a hacker, you need to think like one…
Ethical Hacking is the process of proactively penetrating systems, to which one has official permission to do so, with a view to determining whether vulnerabilities exist and then to undertake the necessary preventive, corrective, and protective countermeasures before an actual compromise to the systems can occur.
Torque IT’s authorised EC-Council training, and associated certification, solutions empower you to identify vulnerabilities and to assess the security posture of target systems. EC-Council certifications are universally recognised as demonstrating a high level of expertise and credibility for individuals and the organisations that employ them.
Torque IT being an EC-Council Accredited Training Center (ATC) has been the recipient of EC-Council’s most prestigious ATC of the year awards for 2016, 2014 and EC-Council’s Circle of Excellence Awards for 2015.
These achievements reflect our commitment to providing you with quality skills development, enablement, training, and certification solutions that demonstrate exceptional quality, depth and breadth.