Skip to content
CHFI-Computer Hacking Forensic Investigator Training and Certification

CHFI-Computer Hacking Forensic Investigator Training and Certification

$2,995.00 Per Enrollment

Price Includes:

Courseware, Exam Voucher, ‘Price & Quality Guarantee’. If you fail your first attempt at the exam, TrainACE will pay for a second attempt.


Want to be a Cyber-Detective? Our Computer Hacking Forensic Investigator (CHFI) training course will put you on the path to an exciting career. CHFI training will teach you how to apply concepts and practices of computer investigation and analysis to determine potential on-line criminal activity and develop legal evidence.

TrainACE’s Computer Hacking Forensic Investigator course uses hands-on lab work to help students comprehend the processes of detecting hacker attacks and gathering evidence to report the online crime and potentially take the criminal down for their offense.



Got Questions?

For more information about your specific needs, call us at (301) 220 2802 or complete the form below:

No classes currently scheduled, please call for more information.


Days & Times


Learn More About CHFI


Jump To:

    Class Schedule

    • Greenbelt & Live-Online

      08/05/24 - 08/09/24

       Mon-Fri (8:30am-5pm)

    • Greenbelt & Live-Online

      10/21/24 - 10/25/24

       Mon-Fri (8:30am-5pm)

    Get your CHFI-Computer Hacking Forensic Investigator Training and Certification training in our convenient IT training centers in Maryland or Virginia.


    This CHFI course near Washington DC is part of the Operate and Maintain, Investigate, and Analyze NICE Cybersecurity Workforce categories. It will help prepare you to work in the systems administration, systems analysis, digital forensics, or threat analysis NICE Cybersecurity Workforce Framework specialty area.

    Why Take CHFI Training?


    Computer forensics involves applying concepts and practices of computer investigation and analysis to determine potential on-line criminal activity and develop legal evidence. TrainACE’s Computer Hacking Forensic Investigator version 9 is an industry leading, internationally awarded computer forensics training course that will apply hands-on lab work to help students comprehend the processes of detecting hacker attacks and to gather the evidence required to be able to report the on-line crime and potentially take the criminal down for their attack. The CHFI certification class also conducts activities to help secure a network and prevent against network intrusion.

    CHFI v9 covers a detailed methodological approach to computer forensic and evidence analysis. It provides the necessary skill set for identification of intruder’s footprints and gathering the necessary evidence for its prosecution. All major tools and theories used by cyber
    forensic industry are covered in the curriculum.

    The certification can fortify the applied knowledge level of law enforcement personnel,
    system administrators, security officers, defense and military personnel, legal professionals, bankers, computer and network security professionals, and anyone who is concerned about the integrity of the network and digital investigations.

    Delivery Style: 75% Hands-On, 25% Lecture

    Topics & Concepts Covered in CHFI Version 9 Training Include:

    • - Establish and maintain a physical “chain of custody”
    • - Create and verify forensically sterile examination media
    • - Create forensic boot diskettes
    • - Find and recover deleted, formatted, hidden, and lost data
    • - Access e-mail, cache, and other internet related files
    • - Unlock passwords


    What you need to know before taking CHFI training


    The Certified CHFI training course will benefit Police and other law enforcement personnel, Department of Defense and Military personnel, e-Business Security professionals, Systems administrators, Network admins, Legal professionals, Banking, Insurance professionals, Government agencies, IT managers and more.

    Attendees of computer hacking forensic investigator training should be familiar with Windows-based computers. Attendees can be anyone involved in the security of information assets: information security officers and managers, IT administrators, consultants, systems and data security analysts, even lawyers and HR managers.

    Exam and Certification Requirements:


    This course helps you prepare for EC-Council’s CHFI v9 certification exam.

    Exam Details:

    • - Number of Questions: 150
    • - Passing Score: 70%
    • - Test Duration: 4 hours
    • - Test Format: MCQ
    • - Test Delivery: ECC exam portal


    Who needs CHFI Certification?


    Related Careers:

    • - IT Systems Administrator
    • - Forensic Analyst
    • - Information Assurance/Security Specialist
    • - Security Operations Manager


    Skills and Concepts:

    Module 01: Computer Forensics in Today’s World

    • Understanding Computer Forensics
    • Why and When Do You Use Computer Forensics?
    • Cyber Crime (Types of Computer Crimes)
    • Case Study
    • Challenges Cyber Crimes Present For Investigators
    • Cyber Crime Investigation
    • Rules of Forensics Investigation
    • Understanding Digital Evidence
    • Types of Digital Evidence
    • Characteristics of Digital Evidence
    • Role of Digital Evidence
    • Sources of Potential Evidence
    • Rules of Evidence
    • Forensics Readiness
    • Computer Forensics as part of an Incident Response Plan
    • Need for Forensic Investigator
    • Roles and Responsibilities of Forensics Investigator
    • What makes a Good Computer Forensics Investigator?
    • Investigative Challenges
    • Legal and Privacy Issues
    • Code of Ethics
    • Accessing Computer Forensics Resources

    Module 02: Computer Forensics Investigation Process

    • Importance of Computer Forensics Process
    • Phases Involved in the Computer Forensics Investigation Process
    • Pre-investigation Phase
    • Planning and Budgeting
    • Physical Location and Structural Design Considerations
    • Work Area Considerations
    • Physical Security Recommendations
    • Fire-Suppression Systems
    • Evidence Locker Recommendations
    • Auditing the Security of a Forensics Lab
    • Human Resource Considerations
    • Build a Forensics Workstation
    • Basic Workstation Requirements in a Forensics Lab
    • Build a Computer Forensics Toolkit
    • Forensics Hardware
    • Forensics Software (Cont’d)
    • Forensic Practitioner Certification and Licensing
    • Forensics Laws
    • Quality Assurance Practices in Digital Forensics
    • General Quality Assurance in the Digital Forensic Process
    • Quality Assurance Practices: Laboratory Software and Hardware
    • Laboratory Accreditation Programs
    • Risk Assessment Matrix
    • Investigation Phase
    • Questions to Ask When a Client Calls the Forensic Investigator
    • Checklist to Prepare for a Computer Forensics Investigation
    • Notify Decision Makers and Acquire Authorization
    • First Responder
    • First Response Basics
    • Incident Response: Different Situations
    • First Responder Common Mistakes
    • Documenting the Electronic Crime Scene
    • Consent
    • Conducting Preliminary Interviews
    • Planning the Search and Seizure
    • Initial Search of the Scene
    • Warrant for Search and Seizure
    • Searches Without a Warrant
    • Health and Safety Issues
    • Securing and Evaluating Electronic Crime Scene: A Checklist
    • Collect Physical Evidence
    • Collecting and Preserving Electronic Evidence
    • Dealing with Powered On Computers
    • Dealing with Powered Off Computers
    • Dealing with Networked Computer
    • Dealing with Open Files and Startup Files
    • Operating System Shutdown Procedure
    • Computers and Servers
    • Preserving Electronic Evidence
    • Seizing Portable Computers
    • Dealing with Switched On Portable Computers
    • Evidence Management
    • Chain of Custody
    • Packaging and Transporting Electronic Evidence
    • Transporting Electronic Evidence
    • Storing Electronic Evidence
    • Guidelines for Acquiring Evidence
    • Duplicate the Data (Imaging)
    • Verify Image Integrity
    • Recover Lost or Deleted Data
    • Data Analysis
    • Post-investigation Phase
    • Evidence Assessment
    • Case Assessment
    • Processing Location Assessment
    • Collecting Evidence from Social Networks
    • Best Practices on how to Behave as an Investigator on Social Media
    • Best Practices to Assess the Evidence
    • Documentation in Each Phase
    • Gather and Organize Information
    • Writing the Investigation Report
    • Expert Witness
    • Testifying in the Court Room
    • Closing the Case
    • Maintaining Professional Conduct

    Module 03: Understanding Hard Disks and File Systems

    • Hard Disk Drive Overview
    • Disk Partitions and Boot Process
    • Understanding File Systems
    • Metadata Files Stored in the MFT
    • Setting the Compression State of a Volume
    • Components of EFS
    • EFS Attribute
    • RAID Storage System
    • File System Analysis

    Module 04: Data Acquisition and Duplication

    • Data Acquisition and Duplication Concepts
    • Static Acquisition
    • Validate Data Acquisitions
    • Acquisition Best Practices

    Module 05: Defeating Anti-forensics Techniques

    • What is Anti-Forensics?
    • Anti-Forensics techniques
    • CmosPwd
    • DaveGrohl

    Module 06: Operating System Forensics (Windows, Mac, Linux)

    • Introduction to OS Forensics
    • Windows Forensics
    • Collecting Volatile Information
    • Collecting Non-Volatile Information
    • Other Non-Volatile Information
    • Analyze the Windows thumbcaches
    • Windows Memory Analysis
    • Windows Registry Analysis
    • Windows File Analysis
    • Metadata Investigation
    • Text Based Logs
    • Other Audit Events
    • Windows Forensics Tools
    Linux Forensics
    • Shell Commands
    • Linux Log files
    • Collecting Volatile Data
    • Collecting Non-Volatile Data

    MAC Forensics

    • Introduction to MAC Forensics
    • MAC Forensics Data
    • MAC Log Files
    • MAC Directories
    • MAC Forensics Tools

    Module 07: Network Forensics

    • Introduction to Network Forensics
    • Fundamental Logging Concepts
    • Event Correlation Concepts
    • Network Forensic Readiness
    • Network Forensics Steps
    • Network Traffic Investigation
    • Documenting the Evidence
    • Evidence Reconstruction 

    Module 08: Investigating Web Attacks

    • Introduction to Web Application Forensics
    • Web Attack Investigation
    • Investigating Web Server Logs
    • Web Attack Detection Tools
    • Tools for Locating IP Address
    • WHOIS Lookup Tools
    • WHOIS Lookup Tools

    Module 09: Database Forensics

    • Database Forensics and Its Importance
    • MSSQL Forensics
    • MySQL Forensics

    Module 10: Cloud Forensics

    • Introduction to Cloud Computing
    • Cloud Forensics

    Module 11: Malware Forensics

    • Introduction to Malware
    • Introduction to Malware Forensics

    Module 12: Investigating Email Crimes

    • Email System
    • Email Crimes (Email Spamming, Mail Bombing/Mail Storm, Phishing, Email Spoofing, Crime via Chat Room, Identity Fraud/Chain Letter)
    • Email Message
    • Steps to Investigate Email Crimes and Violation
    • Email Forensics Tools
    • Laws and Acts against Email Crimes

    Module 14: Forensics Report Writing and Presentation

    • Expert Witness Testimony