Computer Hacking
Forensic Investigator CHFI v10
Introduction
EC-CHFI v10 covers detailed methodological approach to computer forensic and evidence analysis. It provides the necessary skillset for identification of intruder’s footprints and gathering necessary evidence for its prosecution.
All major tools and theories used by cyber forensic industry are covered in the curriculum.
The certification can fortify the applied knowledge level of law enforcement personnel, system administrators, security officers, defense and military personnel, legal professionals, bankers, computer and network security professionals, and anyone who is concerned about the integrity of the network and digital investigations.
CHFI provides necessary skills to perform effective digital forensic investigation
It is a comprehensive course covering major forensic investigation scenarios that enables students to acquire necessary hands-on experience on various forensic investigation techniques and standard forensic tools necessary to successfully carryout computer forensic investigation leading to prosecution of perpetrators
CHFI presents a methodological approach to computer forensic including searching and seizing, chain-of-custody, acquisition, preservation, analysis and reporting of digital evidence.
Modules
Module 1: Computer Forensics in Today’s World
- Understanding Computer Forensics
- Why and When Do You Use Computer Forensics?
- Cyber Crime (Types of Computer Crimes)
- Case Study
- Challenges Cyber Crimes Present For Investigators
- Cyber Crime Investigation
- Rules of Forensics Investigation
- Understanding Digital Evidence
- Types of Digital Evidence
- Characteristics of Digital Evidence
- Role of Digital Evidence
- Sources of Potential Evidence
- Rules of Evidence
- Forensics Readiness
- Computer Forensics as part of an Incident Response Plan
- Need for Forensic Investigator
- Roles and Responsibilities of Forensics Investigator
- What makes a Good Computer Forensics Investigator?
- Investigative Challenges
- Legal and Privacy Issues
- Code of Ethics
- Accessing Computer Forensics Resources
Module 2: Computer Forensics Investigation Process
- Importance of Computer Forensics Process
- Phases Involved in the Computer Forensics Investigation Process
- Pre-investigation Phase
- Investigation Phase
- Post-investigation Phase
Module 3: Understanding Hard Disks and File System
- Hard Disk Drive Overview
- Disk Partitions and Boot Process
- Understanding File Systems
- RAID Storage System
- File System Analysis
Module 4: Data Acquisition and Duplication
- Data Acquisition and Duplication Concepts
- Static Acquisition
- Validate Data Acquisitions
- Acquisition Best Practices
Module 5: Defeating Anti-forensics Techniques
- What is Anti-Forensics?
- Anti-Forensics techniques
•Data/File Deletion
•Password Protection
•Steganography
•Data Hiding in File System Structures
•Trail Obfuscation
•Artifact Wiping
•Overwriting Data/Metadata
•Encryption
•Encrypted Network Protocols
•Program Packers
•Rootkits
•Minimize Footprint
•Exploiting Forensic Tools Bugs
•Detecting Forensic Tool Activities
•Anti-Forensics Countermeasures
•Anti-Forensics Challenges
•Anti-forensics Tools
Module 6: Operating System Forensics (Windows, Mac, Linux)
Introduction to OS Forensics
Windows Forensics
- Collecting Volatile Information
- Collecting Non-Volatile Information
- Analyze the Windows thumbcaches
- Windows Memory Analysis
- Windows Registry Analysis
- Cache, Cookie, and History Analysis
- Windows File Analysis
- Metadata Investigation
- Text Based Logs
- Other Audit Events
- Forensic Analysis of Event Logs
- Windows Forensics Tools
Linux Forensics
- Shell Commands
- Linux Log files
- Collecting Volatile Data
- Collecting Non-Volatile Data
MAC Forensics
- Introduction to MAC Forensics
- MAC Forensics Data
- MAC Log Files
- MAC Directories
- MAC Forensics Tools
Module 7: Network Forensics
- Introduction to Network Forensics
- Fundamental Logging Concepts
- Event Correlation Concepts
- Network Forensic Readiness
- Network Forensics Steps
- Network Traffic Investigation
- Documenting the Evidence
- Evidence Reconstruction
Module 8: Investigating Web Attacks
- Introduction to Web Application Forensics
- Web Attack Investigation
- Investigating Web Server Logs
- Web Attack Detection Tools
- Tools for Locating IP Address
- WHOIS Lookup Tools
- WHOIS Lookup Tools
Module 9: Database Forensics
- Database Forensics and Its Importance
- MSSQL Forensics
- MySQL Forensics
Module 10: Cloud Forensics
- Introduction to Cloud Computing
- Cloud Forensics
- Usage of Cloud Forensics
• Cloud Crimes
• Cloud Forensics: Stakeholders and their Roles
• Cloud Forensics Challenges
• Investigating Cloud Storage Services
• Investigating Dropbox Cloud Storage Service
• Investigating Google Drive Cloud Storage Service
• Cloud Forensics Tools: UFED Cloud Analyzer
Module 11: Malware Forensics
- Introduction to Malware Forensics
- Why Analyze Malware
- Identifying and Extracting Malware
- Prominence of Setting up a Controlled Malware Analysis Lab
- Preparing Testbed for Malware Analysis
- Supporting Tools for Malware Analysis
- General Rules for Malware Analysis
- Documentation Before Analysis
- Types of Malware Analysis
• Malware Analysis: Static
• Malware Analysis: Dynamic
• Analysis of Malicious Documents
• Malware Analysis Challenges
Module 12: Investigating Email Crimes
- Email System
- Email Crimes (Email Spamming, Mail Bombing/Mail Storm, Phishing, Email Spoofing, Crime via Chat Room, Identity Fraud/Chain Letter)
- Email Message
- Steps to Investigate Email Crimes and Violation
- Email Forensics Tools
- Laws and Acts against Email Crimes
Module 13: Mobile Phone Forensics
- Mobile Device Forensics
- Why Mobile Forensics?
- Top Threats Targeting Mobile Devices
- Mobile Hardware and Forensics
- Mobile OS and Forensics
- What Should You Do Before the Investigation?
- Mobile Forensics Process
Module 14: Forensics Report Writing and Presentation
- Writing Investigation Reports
- Expert Witness Testimony
Audience Profile
Prerequisites
It IT/forensics professionals with basic knowledge on IT/cyber security, computer forensics, and incident response
Prior completion of CEH training would be an advantage
Outcomes
Related trainings
Certified Ethical Hacker C|EH v.12
Certified Secure Computer User C|SCU
Certified Network Defender C|ND v.2
Training Delivery and Pricing
210,000 LKR
CHFI v10
5 Day – (40 Hours)
Live Interactive Training via Microsoft Teams
Schedule your training
Contact
- No 4, De Vos Avenue, Colombo 4, WP 4 Sri Lanka.
-
077 5 36 67 33
076 9 24 64 94 - info@syscare.lk