EC-Council, Cyber Security

Computer Hacking Forensic Investigator v10 (incl. Exam Voucher)

CH-CHFI

Type

Virtual

Classroom ILT

Skill Level

EC-Council: Intermediate

Available dates

May 27, 2024

June 24, 2024

July 15, 2024

August 26, 2024

Learning Path

Cybersecurity

Virtual

Duration

5 Days

1 Day

TYPE

Virtual

Classroom ILT

LEARNING PATH

Cybersecurity

SKILL LEVEL

EC-Council: Intermediate

DURATION

5 Days

AVAILABLE DATES

May 27, 2024

June 24, 2024

July 15, 2024

August 26, 2024

Choose date

From: R24 400,00

Price excluding VAT

Introduction

Digital forensic practices stem from forensic science, the science of collecting and examining evidence or materials. Digital or computer forensics focuses on the digital domain including computer forensics, network forensics, and mobile forensics. As the cyber security profession evolves, organisations are learning the importance of employing digital forensic practices into their everyday activities. Computer forensic practices can help investigate attacks, system anomalies, or even help System administrators detect a problem by defining what is normal functional specifications and validating system information for irregular behaviours.

In the event of a cyber-attack or incident, it is critical investigations be carried out in a manner that is forensically sound to preserve evidence in the event of a breach of the law. Far too many cyber-attacks are occurring across the globe where laws are clearly broken and due to improper or non-existent forensic investigations, the cyber criminals go either unidentified, undetected, or are simply not prosecuted.

Cyber Security professionals who acquire a firm grasp on the principles of digital forensics can become invaluable members of Incident Handling and Incident response teams. The Computer Hacking Forensic Investigator course provides a strong baseline knowledge of key concepts and practices in the digital forensic domains relevant to today’s organisations. CHFI provides its attendees a firm grasp on the domains of digital forensics.

Audience profile

Anyone interested in cyber forensics/investigations
Incident response team members
Information security managers
Network defenders
IT professionals, IT directors/managers
System/network engineers
Security analyst/ architect/auditors/ consultants

Pre-requisites

IT/forensics professionals with basic knowledge on IT/cyber security, computer forensics, and incident response
Prior completion of CEH training would be an advantage

Course objectives

Upon completing this course, the learner will be able to understand:

Perform incident response and forensics
Perform electronic evidence collections
Perform digital forensic acquisitions
Perform bit-stream Imaging/acquiring of the digital media seized during the process of investigation
Examine and analyse text, graphics, multimedia, and digital images
Conduct thorough examinations of computer hard disk drives, and other electronic data storage media
Recover information and electronic data from computer hard drives and other data storage devices
Follow strict data and evidence handling procedures
Maintain audit trail (i.e., chain of custody) and evidence integrity
Work on technical examination, analysis and reporting of computer-based evidence
Prepare and maintain case files
Utilize forensic tools and investigative methods to find electronic data, including Internet use history, word processing documents, images and other files
Gather volatile and non-volatile information from Windows, MAC and Linux
Recover deleted files and partitions in Windows, Mac OS X, and Linux
Perform keyword searches including using target words or phrases
Investigate events for evidence of insider threats or attacks
Support the generation of incident reports and other collateral
Investigate and analyse all response activities related to cyber incidents
Plan, coordinate and direct recovery activities and incident analysis tasks
Examine all available information and supporting evidence or artefacts related to an incident or event
Collect data using forensic technology methods in accordance with evidence handling procedures, including collection of hard copy and electronic documents
Conduct reverse engineering for known and suspected malware files
Identify data, images and/or activity which may be the target of an internal investigation
Perform detailed evaluation of the data and any evidence of activity to analyse the full circumstances and implications of the event
Establish threat intelligence and key learning points to support pro-active profiling and scenario modelling
Search file slack space where PC type technologies are employed
File MAC times (Modified, Accessed, and Create dates and times) as evidence of access and event sequences
Examine file type and file header information
Review e-mail communications including web mail and Internet Instant Messaging programs
Examine the Internet browsing history
Generate reports which detail the approach, and an audit trail which documents actions taken to support the integrity of the internal investigation process
Recover active, system and hidden files with date/time stamp information
Crack (or attempt to crack) password protected files
Perform anti-forensics detection
Maintain awareness and follow laboratory evidence handling, evidence examination, laboratory safety, and laboratory security policy and procedures
Play a role of first responder by securing and evaluating a cybercrime scene, conducting preliminary interviews, documenting crime scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence, reporting of the crime scene
Perform post-intrusion analysis of electronic and digital media to determine the who, where, what, when, and how the intrusion occurred
Apply advanced forensic tools and techniques for attack reconstruction
Perform fundamental forensic activities and form a base for advanced forensics
Identify and check the possible source/incident origin
Perform event co-relation
Extract and analyse logs from various devices such as proxies, firewalls, IPSes, IDSes, Desktops, laptops, servers, SIM tools, routers, switches, AD servers, DHCP servers, Access Control Systems, etc.
Ensure that reported incident or suspected weaknesses, malfunctions and deviations are handled with confidentiality
Assist in the preparation of search and seizure warrants, court orders, and subpoenas
Provide expert witness testimony in support of forensic examinations conducted by the examiner

Course content

Module 01: Computer Forensic in Today’s World
Understand the Fundamentals of Computer Forensics	Understand the Challenges Faced in Investigating Cybercrimes
Understand Cybercrimes and their Investigation Procedures	Understand Legal Compliance in Computer Forensics
Understand Digital Evidence	Understand Forensic Readiness, Incident Response and the Role of SOC (Security Operations Center) in Computer Forensics
Identify the Roles and Responsibilities of a Forensic Investigator
Module 02: Computer Forensics Investigation Process
Understand the Forensic Investigation Process and its Importance	Understand the Investigation Phase
Understand the Pre-investigation Phase	Understand the Post-investigation Phase
Understand First Response
Module 03: Understanding Hard Disk and File Systems
Describe Different Types of Disk Drives and their Characteristics	Understand Storage Systems
Explain the Logical Structure of a Disk	Understand Encoding Standards and Hex Editors
Understand Booting Process of Windows, Linux and Mac Operating Systems	Analyse Popular File Formats Using Hex Editor
Understand Various File Systems of Windows, Linux and Mac Operating Systems	Examine File System Using Autopsy and The Sleuth Kit Tools
Module 04: Data Acquisition and Duplication
Understand Data Acquisition Fundamentals	Understand Data Acquisition Methodology
Prepare an Image File for Examination
Module 05: Defeating Anti-forensics Techniques
Understand Anti-forensics Techniques	Understand Techniques of Artifact Wiping, Overwritten Data/Metadata Detection, and Encryption
Discuss Data Deletion and Recycle Bin Forensics	Detect Program Packers and Footprint Minimizing Techniques
Illustrate File Carving Techniques and Ways to Recover Evidence from Deleted Partitions	Understand Anti-forensics Countermeasures
Explore Password Cracking/Bypassing Techniques	Detect Steganography, Hidden Data in File System Structures, Trail Obfuscation, and File Extension Mismatch
Module 06: Windows Forensics
Collect Volatile and Non-volatile Information	Understand Text-based Logs and Windows Event Logs
Perform Windows Memory and Registry Analysis	Examine Windows Files and Metadata
Examine the Cache, Cookie and History Recorded in Web Browsers	Understand ShellBags, LNK Files, and Jump Lists
Module 07: Linux and Mac Forensics
Understand Volatile and Non-volatile Data in Linux	Demonstrate Memory Forensics Using Volatility & PhotoRec
Analyse Filesystem Images Using the Sleuth Kit	Understand Mac Forensics
Module 08: Network Forensics
Understand Network Forensics	Monitor and Detect Wireless Network Attacks
Explain Logging Fundamentals and Network Forensic Readiness	Investigate Network Traffic
Summarize Event Correlation Concepts	Perform Incident Detection and Examination with SIEM Tools
Identify Indicators of Compromise (IoCs) from Network Logs
Module 09: Investigating Web Attacks
Understand Web Application Forensics	Investigate Web Attacks on Windows-based Servers
Understand Internet Information Services (IIS) Logs	Detect and Investigate Various Attacks on Web Applications
Understand Apache Web Server Logs	Social Engineering Countermeasures
Understand the Functionality of Intrusion Detection System (IDS)	Understand the Functionality of Web Application Firewall (WAF)
Module 10: Dark Web Forensics
Understand the Dark Web	Perform Tor Browser Forensics
Determine How to Identify the Traces of Tor Browser during Investigation
Module 11: Database Forensics
Understand Database Forensics and its Importance	Understand Information Schema and List MySQL Utilities for Performing Forensic Analysis
Determine Data Storage and Database Evidence Repositories in MSSQL Server	Perform MySQL Forensics on WordPress Web Application Database
Collect Evidence Files on MSSQL Server	Understand Internal Architecture of MySQL and Structure of Data Directory
Perform MSSQL Forensics
Module 12: Cloud Forensics
Understand the Basic Cloud Computing Concepts	Determine How to Investigate Security Incidents in Azure
Understand Cloud Forensics	Understand Forensic Methodologies for Containers and Microservices
Understand the Fundamentals of Amazon Web Services (AWS)	Understand the Fundamentals of Microsoft Azure
Determine How to Investigate Security Incidents in AWS
Module 13: Investigating Email Crimes
Understand Email Basics	U.S. Laws Against Email Crime
Understand Email Crime Investigation and its Steps
Module 14: Malware Forensics
Define Malware and Identify the Common Techniques Attackers Use to Spread Malware	Analyse Malware Behaviour on System Properties in Real-time
Understand Malware Forensics Fundamentals and Recognize Types of Malware Analysis	Analyse Malware Behaviour on Network in Real-time
Understand and Perform Static Analysis of Malware	Describe Fileless Malware Attacks and How they Happen
Analyse Suspicious Word and PDF Documents	Perform Fileless Malware Analysis – Emotet
Understand Dynamic Malware Analysis Fundamentals and Approaches
Module 15: Mobile Forensics
Understand the Importance of Mobile Device Forensics	Illustrate Phone Locks and Discuss Rooting of Android and Jailbreaking of iOS Devices
Illustrate Architectural Layers and Boot Processes of Android and iOS Devices	Perform Logical Acquisition on Android and iOS Devices
Explain the Steps Involved in Mobile Forensics Process	Perform Physical Acquisition on Android and iOS Devices
Investigate Cellular Network Data	Discuss Mobile Forensics Challenges and Prepare Investigation Report
Understand SIM File System and its Data Acquisition Method
Module 16: IoT Forensics
Understand IoT and IoT Security Problems	Understand IoT Forensics
Recognize Different Types of IoT Threats	Perform Forensics in IoT Devices

Associated certifications and exam

CHFI Program certifies individuals in the specific security discipline of computer forensics from a vendor-neutral perspective. The CHFI certification will fortify the application knowledge of anyone who is concerned about the integrity of the network infrastructure. This course prepares you for the CHFI 312-49 exam*.

Exam Details	Computer Hacking Forensic Investigator (CHFI exam)
Exam Title	CHFI
Number of Questions/Practical Challenges	150
Test Duration	4 Hours
Test Format	Multiple Choice Questions
Test Delivery	ECC EXAM, VUE portal
Availability	ECC EXAM, VUE
Exam Prefix	312-49(ECC EXAM) 312-49(VUE)
Passing Score	70%

On successful completion of this course students will receive a Torque IT attendance certificate.

Note:

When you attend any authorised EC Council training course at Torque IT you will receive the associated examination voucher as part of your course material. Your certification examination voucher can be used to book and pay for your certification examination at an Authorised EC Council Testing Center (ETC) only. If you are not able to sit your certification examination at Torque IT, and you have no other ETC locally available, you do have the ability to convert your examination voucher into a Pearson VUE examination voucher (Remote Procuring Services), at an additional cost.

EC-Council Overview

To beat a hacker, you need to think like one…

Ethical Hacking is the process of proactively penetrating systems, to which one has official permission to do so, with a view to determining whether vulnerabilities exist and then to undertake the necessary preventive, corrective, and protective countermeasures before an actual compromise to the systems can occur.

Torque IT’s authorised EC-Council training, and associated certification, solutions empower you to identify vulnerabilities and to assess the security posture of target systems. EC-Council certifications are universally recognised as demonstrating a high level of expertise and credibility for individuals and the organisations that employ them.

Torque IT being an EC-Council Accredited Training Center (ATC) has been the recipient of EC-Council’s most prestigious ATC of the year awards for 2016, 2014 and EC-Council’s Circle of Excellence Awards for 2015.

These achievements reflect our commitment to providing you with quality skills development, enablement, training, and certification solutions that demonstrate exceptional quality, depth and breadth.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Computer Hacking Forensic Investigator v10 (incl. Exam Voucher)

Type

Skill Level

Available dates

Learning Path

Duration

TYPE

Virtual

Classroom ILT

LEARNING PATH

SKILL LEVEL

DURATION

AVAILABLE DATES

Price excluding VAT

EC-Council Overview

contact

Vendor
Authorised

Details

Menu

newsletter

Computer Hacking Forensic Investigator v10 (incl. Exam Voucher)

Type

Skill Level

Available dates

Learning Path

Duration

TYPE

Virtual

Classroom ILT

LEARNING PATH

SKILL LEVEL

DURATION

AVAILABLE DATES

Price excluding VAT

EC-Council Overview

contact

Vendor Authorised

Details

Menu

newsletter

Vendor
Authorised