Class Schedule

GreenbeltMon - Fri05/20/201905/24/20198:30am - 5pm
GreenbeltMon - Fri06/17/201906/21/20198:30am - 5pm
GreenbeltMon - Fri08/19/201908/23/20198:30am - 5pm

Why You Should Take CHFI Training:

Computer forensics involves applying concepts and practices of computer investigation and analysis to determine potential on-line criminal activity and develop legal evidence. TrainACE’s Computer Hacking Forensic Investigator version 9 is an industry leading, internationally awarded computer forensics training course that will apply hands-on lab work to help students comprehend the processes of detecting hacker attacks and to gather the evidence required to be able to report the on-line crime and potentially take the criminal down for their attack. The CHFI certification class also conducts activities to help secure a network and prevent against network intrusion.

HFI v9 covers detailed methodological approach to computer forensic and evidence analysis. It provides the necessary skill set for identification of intruder’s footprints and gathering necessary evidence for its prosecution. All major tools and theories used by cyber
forensic industry are covered in the curriculum.

The certification can fortify the applied knowledge level of law enforcement personnel,
system administrators, security officers, defense and military personnel, legal professionals, bankers, computer and network security professionals, and anyone who is concerned about the integrity of the network and digital investigations.

Delivery Style: 75% Hands-On, 25% Lecture

Topics & Concepts Covered in CHFI Version 9 Training Include:

  • Establish and maintain a physical “chain of custody”
  • Create and verify forensically sterile examination media
  • Create forensic boot diskettes
  • Find and recover deleted, formatted, hidden, and lost data
  • Access e-mail, cache, and other internet related files
  • Unlock passwords

Recommended CHFI v9 Audience and Prerequisites

The Certified CHFI training course will benefit Police and other law enforcement personnel, Department of Defense and Military personnel, e-Business Security professionals, Systems administrators, Network admins, Legal professionals, Banking, Insurance professionals, Government agencies, IT managers and more.

Attendees of computer hacking forensic investigator training should be familiar with Windows-based computers. Attendees can be anyone involved in the security of information assets: information security officers and managers, IT administrators, consultants, systems and data security analysts, even lawyers and HR managers.

CHFI Certification Requirements

This course helps you prepare for EC-Council’s CHFI v9 certification exam.

Exam Details:

  • Number of Questions: 150
  • Passing Score: 70%
  • Test Duration: 4 hours
  • Test Format: MCQ
  • Test Delivery: ECC exam portal

Related Careers:

  • IT Systems Administrator
  • Forensic Analyst
  • Information Assurance/Security Specialist
  • Security Operations Manager

Skills and Concepts:

Module 01: Computer Forensics in Today’s World

  • Understanding Computer Forensics
  • Why and When Do You Use Computer Forensics?
  • Cyber Crime (Types of Computer Crimes)
  • Case Study
  • Challenges Cyber Crimes Present For Investigators
  • Cyber Crime Investigation
  • Rules of Forensics Investigation
  • Understanding Digital Evidence
  • Types of Digital Evidence
  • Characteristics of Digital Evidence
  • Role of Digital Evidence
  • Sources of Potential Evidence
  • Rules of Evidence
  • Forensics Readiness
  • Computer Forensics as part of an Incident Response Plan
  • Need for Forensic Investigator
  • Roles and Responsibilities of Forensics Investigator
  • What makes a Good Computer Forensics Investigator?
  • Investigative Challenges
  • Legal and Privacy Issues
  • Code of Ethics
  • Accessing Computer Forensics Resources

Module 02: Computer Forensics Investigation Process

  • Importance of Computer Forensics Process
  • Phases Involved in the Computer Forensics Investigation Process
  • Pre-investigation Phase
  • Planning and Budgeting
  • Physical Location and Structural Design Considerations
  • Work Area Considerations
  • Physical Security Recommendations
  • Fire-Suppression Systems
  • Evidence Locker Recommendations
  • Auditing the Security of a Forensics Lab
  • Human Resource Considerations
  • Build a Forensics Workstation
  • Basic Workstation Requirements in a Forensics Lab
  • Build a Computer Forensics Toolkit
  • Forensics Hardware
  • Forensics Software (Cont’d)
  • Forensic Practitioner Certification and Licensing
  • Forensics Laws
  • Quality Assurance Practices in Digital Forensics
  • General Quality Assurance in the Digital Forensic Process
  • Quality Assurance Practices: Laboratory Software and Hardware
  • Laboratory Accreditation Programs
  • Risk Assessment Matrix
  • Investigation Phase
  • Questions to Ask When a Client Calls the Forensic Investigator
  • Checklist to Prepare for a Computer Forensics Investigation
  • Notify Decision Makers and Acquire Authorization
  • First Responder
  • First Response Basics
  • Incident Response: Different Situations
  • First Responder Common Mistakes
  • Documenting the Electronic Crime Scene
  • Consent
  • Conducting Preliminary Interviews
  • Planning the Search and Seizure
  • Initial Search of the Scene
  • Warrant for Search and Seizure
  • Searches Without a Warrant
  • Health and Safety Issues
  • Securing and Evaluating Electronic Crime Scene: A Checklist
  • Collect Physical Evidence
  • Collecting and Preserving Electronic Evidence
  • Dealing with Powered On Computers
  • Dealing with Powered Off Computers
  • Dealing with Networked Computer
  • Dealing with Open Files and Startup Files
  • Operating System Shutdown Procedure
  • Computers and Servers
  • Preserving Electronic Evidence
  • Seizing Portable Computers
  • Dealing with Switched On Portable Computers
  • Evidence Management
  • Chain of Custody
  • Packaging and Transporting Electronic Evidence
  • Transporting Electronic Evidence
  • Storing Electronic Evidence
  • Guidelines for Acquiring Evidence
  • Duplicate the Data (Imaging)
  • Verify Image Integrity
  • Recover Lost or Deleted Data
  • Data Analysis
  • Post-investigation Phase
  • Evidence Assessment
  • Case Assessment
  • Processing Location Assessment
  • Collecting Evidence from Social Networks
  • Best Practices on how to Behave as an Investigator on Social Media
  • Best Practices to Assess the Evidence
  • Documentation in Each Phase
  • Gather and Organize Information
  • Writing the Investigation Report
  • Expert Witness
  • Testifying in the Court Room
  • Closing the Case
  • Maintaining Professional Conduct

Module 03: Understanding Hard Disks and File Systems

  • Hard Disk Drive Overview
  • Disk Partitions and Boot Process
  • Understanding File Systems
  • Metadata Files Stored in the MFT
  • Setting the Compression State of a Volume
  • Components of EFS
  • EFS Attribute
  • RAID Storage System
  • File System Analysis

Module 04: Data Acquisition and Duplication

  • Data Acquisition and Duplication Concepts
  • Static Acquisition
  • Validate Data Acquisitions
  • Acquisition Best Practices

Module 05: Defeating Anti-forensics Techniques

  • What is Anti-Forensics?
  • Anti-Forensics techniques
  • CmosPwd
  • DaveGrohl

Module 06: Operating System Forensics (Windows, Mac, Linux)

  • Introduction to OS Forensics
  • Windows Forensics
  • Collecting Volatile Information
  • Collecting Non-Volatile Information
  • Other Non-Volatile Information
  • Analyze the Windows thumbcaches
  • Windows Memory Analysis
  • Windows Registry Analysis
  • Windows File Analysis
  • Metadata Investigation
  • Text Based Logs
  • Other Audit Events
  • Windows Forensics Tools
Linux Forensics
  • Shell Commands
  • Linux Log files
  • Collecting Volatile Data
  • Collecting Non-Volatile Data

MAC Forensics

  • Introduction to MAC Forensics
  • MAC Forensics Data
  • MAC Log Files
  • MAC Directories
  • MAC Forensics Tools

Module 07: Network Forensics

  • Introduction to Network Forensics
  • Fundamental Logging Concepts
  • Event Correlation Concepts
  • Network Forensic Readiness
  • Network Forensics Steps
  • Network Traffic Investigation
  • Documenting the Evidence
  • Evidence Reconstruction 

Module 08: Investigating Web Attacks

  • Introduction to Web Application Forensics
  • Web Attack Investigation
  • Investigating Web Server Logs
  • Web Attack Detection Tools
  • Tools for Locating IP Address
  • WHOIS Lookup Tools
  • WHOIS Lookup Tools

Module 09: Database Forensics

  • Database Forensics and Its Importance
  • MSSQL Forensics
  • MySQL Forensics

Module 10: Cloud Forensics

  • Introduction to Cloud Computing
  • Cloud Forensics

Module 11: Malware Forensics

  • Introduction to Malware
  • Introduction to Malware Forensics

Module 12: Investigating Email Crimes

  • Email System
  • Email Crimes (Email Spamming, Mail Bombing/Mail Storm, Phishing, Email Spoofing, Crime via Chat Room, Identity Fraud/Chain Letter)
  • Email Message
  • Steps to Investigate Email Crimes and Violation
  • Email Forensics Tools
  • Laws and Acts against Email Crimes

Module 14: Forensics Report Writing and Presentation

  • Expert Witness Testimony



Sold Out