Computer Hacking Forensic Investigator CHFI v.10

  • Home
  • Services
  • Computer Hacking Forensic Investigator CHFI v.10

Computer Hacking
Forensic Investigator CHFI v10


EC-CHFI v10 covers detailed methodological approach to computer forensic and evidence analysis. It provides the necessary skillset for identification of intruder’s footprints and gathering necessary evidence for its prosecution.

All major tools and theories used by cyber forensic industry are covered in the curriculum.

The certification can fortify the applied knowledge level of law enforcement personnel, system administrators, security officers, defense and military personnel, legal professionals, bankers, computer and network security professionals, and anyone who is concerned about the integrity of the network and digital investigations.

CHFI provides necessary skills to perform effective digital forensic investigation

It is a comprehensive course covering major forensic investigation scenarios that enables students to acquire necessary hands-on experience on various forensic investigation techniques and standard forensic tools necessary to successfully carryout computer forensic investigation leading to prosecution of perpetrators

CHFI presents a methodological approach to computer forensic including searching and seizing, chain-of-custody, acquisition, preservation, analysis and reporting of digital evidence.


  • Understanding Computer Forensics
  • Why and When Do You Use Computer Forensics?
  • Cyber Crime (Types of Computer Crimes)
  • Case Study
  • Challenges Cyber Crimes Present For Investigators
  • Cyber Crime Investigation
  • Rules of Forensics Investigation
  • Understanding Digital Evidence
  • Types of Digital Evidence
  • Characteristics of Digital Evidence
  • Role of Digital Evidence
  • Sources of Potential Evidence
  • Rules of Evidence
  • Forensics Readiness
  • Computer Forensics as part of an Incident Response Plan
  • Need for Forensic Investigator
  • Roles and Responsibilities of Forensics Investigator
  • What makes a Good Computer Forensics Investigator?
  • Investigative Challenges
  • Legal and Privacy Issues
  • Code of Ethics
  • Accessing Computer Forensics Resources
  • Importance of Computer Forensics Process
  • Phases Involved in the Computer Forensics Investigation Process
  • Pre-investigation Phase
  • Investigation Phase
  • Post-investigation Phase
  • Hard Disk Drive Overview
  • Disk Partitions and Boot Process
  • Understanding File Systems
  • RAID Storage System
  • File System Analysis
  • Data Acquisition and Duplication Concepts
  • Static Acquisition
  • Validate Data Acquisitions
  • Acquisition Best Practices
  • What is Anti-Forensics?
  • Anti-Forensics techniques
    •Data/File Deletion
    •Password Protection
    •Data Hiding in File System Structures
    •Trail Obfuscation
    •Artifact Wiping
    •Overwriting Data/Metadata
    •Encrypted Network Protocols
    •Program Packers
    •Minimize Footprint
    •Exploiting Forensic Tools Bugs
    •Detecting Forensic Tool Activities
    •Anti-Forensics Countermeasures
    •Anti-Forensics Challenges
    •Anti-forensics Tools

Introduction to OS Forensics

Windows Forensics

  • Collecting Volatile Information
  • Collecting Non-Volatile Information
  • Analyze the Windows thumbcaches
  • Windows Memory Analysis
  • Windows Registry Analysis
  • Cache, Cookie, and History Analysis
  • Windows File Analysis
  • Metadata Investigation
  • Text Based Logs
  • Other Audit Events
  • Forensic Analysis of Event Logs
  • Windows Forensics Tools


Linux Forensics

  • Shell Commands
  • Linux Log files
  • Collecting Volatile Data
  • Collecting Non-Volatile Data


MAC Forensics

  • Introduction to MAC Forensics
  • MAC Forensics Data
  • MAC Log Files
  • MAC Directories
  • MAC Forensics Tools
  • Introduction to Network Forensics
  • Fundamental Logging Concepts
  • Event Correlation Concepts
  • Network Forensic Readiness
  • Network Forensics Steps
  • Network Traffic Investigation
  • Documenting the Evidence
  • Evidence Reconstruction
  • Introduction to Web Application Forensics
  • Web Attack Investigation
  • Investigating Web Server Logs
  • Web Attack Detection Tools
  • Tools for Locating IP Address
  • WHOIS Lookup Tools
  • WHOIS Lookup Tools
  • Database Forensics and Its Importance
  • MSSQL Forensics
  • MySQL Forensics
  • Introduction to Cloud Computing
  • Cloud Forensics
  • Usage of Cloud Forensics
    • Cloud Crimes
    • Cloud Forensics: Stakeholders and their Roles
    • Cloud Forensics Challenges
    • Investigating Cloud Storage Services
    • Investigating Dropbox Cloud Storage Service
    • Investigating Google Drive Cloud Storage Service
    • Cloud Forensics Tools: UFED Cloud Analyzer
  • Introduction to Malware Forensics
  • Why Analyze Malware
  • Identifying and Extracting Malware
  • Prominence of Setting up a Controlled Malware Analysis Lab
  • Preparing Testbed for Malware Analysis
  • Supporting Tools for Malware Analysis
  • General Rules for Malware Analysis
  • Documentation Before Analysis
  • Types of Malware Analysis
    • Malware Analysis: Static
    • Malware Analysis: Dynamic
    • Analysis of Malicious Documents
    • Malware Analysis Challenges
  • Email System
  • Email Crimes (Email Spamming, Mail Bombing/Mail Storm, Phishing, Email Spoofing, Crime via Chat Room, Identity Fraud/Chain Letter)
  • Email Message
  • Steps to Investigate Email Crimes and Violation
  • Email Forensics Tools
  • Laws and Acts against Email Crimes
  • Mobile Device Forensics
  • Why Mobile Forensics?
  • Top Threats Targeting Mobile Devices
  • Mobile Hardware and Forensics
  • Mobile OS and Forensics
  • What Should You Do Before the Investigation?
  • Mobile Forensics Process
  • Writing Investigation Reports
  • Expert Witness Testimony

Audience Profile

Anyone interested in cyber forensics/investigations
Attorneys, legal consultants, and lawyers
Law enforcement officers
Police officers
Federal / government agents
Defense and military
Detectives / investigators
Incident response team members
Information security managers
Network defenders
IT professionals, IT directors/ managers
System/network engineers
Security analyst/ architect/ auditors/ consultants.


It IT/forensics professionals with basic knowledge on IT/cyber security, computer forensics, and incident response

Prior completion of CEH training would be an advantage


EC-Council is one of the few organizations that specialize in information security (IS) to achieve ANSI 17024 accreditation for its Computer Hacking Forensic Investigator certification
The CHFI v10 program has been redesigned and updated after thorough investigation including current market requirements, job tasks analysis, and recent industry focus on forensic skills
It is designed and developed by experienced subject matter experts and digital forensics practitioners
CHFI is a complete vendor neutral course covering all major forensics investigations technologies and solutions
CHFI has detailed labs for hands-on learning experience. On an average, approximately 40% of training time is dedicated to labs
It covers all the relevant knowledge-bases and skills to meets with regulatory compliance standards such as ISO 27001, PCI DSS, SOX, HIPPA, etc.
The student kit contains large number of white papers for additional reading
The program presents a repeatable forensics investigation methodology required from a versatile
digital forensic professional which increases employability
The student kit contains several forensics investigation templates for evidence collection, chain-of-custody, final investigation reports, etc.
The program comes with cloud-based virtual labs enabling students to practice various investigation techniques in a real-time and simulated environment

Related trainings

Training Delivery and Pricing

CHFI v10

5 Day – (40 Hours)

Live Interactive Training via Microsoft Teams

Schedule your training


  • No 4, De Vos Avenue, Colombo 4, WP 4 Sri Lanka.
  • 077 5 36 67 33
    076 9 24 64 94


Find Us