EC Council Computer Hacking Forensic Investigator

Provided by

Enquire about this course

Overview

Digital forensic practices stem from forensic science, the science of collecting and examining evidence or materials. Digital or computer forensics focuses on the digital domain including computer forensics, network forensics, and mobile forensics. As the cyber security profession evolves, organizations are learning the importance of employing digital forensic practices into their everyday activities. Computer forensic practices can help investigate attacks, system anomalies, or even help System administrators detect a problem by defining what is normal functional specifications and validating system information for irregular behaviors.

In the event of a cyber-attack or incident, it is critical investigations be carried out in a manner that is forensically sound to preserve evidence in the event of a breach of the law. Far too many cyber-attacks are occurring across the globe where laws are clearly broken and due to improper or non-existent forensic investigations, the cyber criminals go either unidentified, undetected, or are simply not prosecuted.

Cyber Security professionals who acquire a firm grasp on the principles of digital forensics can become invaluable members of Incident Handling and Incident response teams. The Computer Hacking Forensic Investigator course provides a strong baseline knowledge of key concepts and practices in the digital forensic domains relevant to today;s organizations. CHFI provides its attendees a firm grasp on the domains of digital forensics.
Target Audience

The CHFI program is designed for all IT professionals involved with information system security, computer forensics, and incident response.
  • Police and other law enforcement personnel
  • Defense and Military personnel
  • e-Business Security professionals
  • Systems administrators
  • Legal professionals
  • Banking, Insurance and other professionals
  • Government agencies
  • IT managers
'For the most up-to-date and enriched knowledge of digital forensics, I chose Computer Hacking Forensic Investigator (C|HFI), and it certainly paid off well. The training content, video streaming, and the hands-on labs, every learning method incorporated in the program were very interactive. I adored the real-time practice sessions as they left me with impressive technical skills. Getting to learn and practice hundreds of investigation tools was another exciting part of the program.'

Reuben Osilaja, Sr Security Compliance Specialist at Accenture Federal Services

Prerequisites
  • IT/forensics professionals with basic knowledge on IT/cyber security, computer forensics, and incident response
  • Prior completion of CEH training would be an advantage
Course Outline

Module 01: Computer Forensics in Today;s World
  • Understanding Computer Forensics
  • Why and When Do You Use Computer Forensics?
  • Cyber Crime (Types of Computer Crimes)
  • Case Study
  • Challenges Cyber Crimes Present For Investigators
  • Cyber Crime Investigation
    • Civil versus Criminal Investigation
    • Case Study: Criminal Case
    • Case Study: Civil Case
    • Administrative Investigation
    • Case Study: Administrative Case
  • Rules of Forensics Investigation
    • Enterprise Theory of Investigation (ETI)
  • Understanding Digital Evidence
  • Types of Digital Evidence
  • Characteristics of Digital Evidence
  • Role of Digital Evidence
    • Digital Forensics Challenges
  • Sources of Potential Evidence
  • Rules of Evidence
    • Best Evidence Rule
    • "Hearsay" concept
    • Federal Rules of Evidence
      • Scientific Working Group on Digital Evidence (SWGDE)
  • Forensics Readiness
    • Forensics Readiness Planning
  • Computer Forensics as part of an Incident Response Plan
  • Need for Forensic Investigator
  • Roles and Responsibilities of Forensics Investigator
  • What makes a Good Computer Forensics Investigator?
  • Investigative Challenges
    • Computer Forensics: Legal Issues
    • Computer Forensics: Privacy Issues
  • Legal and Privacy Issues
  • Code of Ethics
  • Accessing Computer Forensics Resources
Module 02: Computer Forensics Investigation Process
  • Importance of Computer Forensics Process
  • Phases Involved in the Computer Forensics Investigation Process
  • Pre-investigation Phase
    • Setting Up a Computer Forensics Lab
      • Planning and Budgeting
      • Physical Location and Structural Design Considerations
      • Work Area Considerations
      • Physical Security Recommendations
      • Fire-Suppression Systems
      • Evidence Locker Recommendations
      • Auditing the Security of a Forensics Lab
      • Human Resource Considerations
      • Build a Forensics Workstation
      • Basic Workstation Requirements in a Forensics Lab
      • Build a Computer Forensics Toolkit
      • Forensics Hardware
      • Forensics Software (Cont;d)
    • Build the Investigation Team
      • Forensic Practitioner Certification and Licensing
    • Review Policies and Laws
      • Forensics Laws
    • Establish Quality Assurance Processes
      • Quality Assurance Practices in Digital Forensics
      • General Quality Assurance in the Digital Forensic Process
      • Quality Assurance Practices: Laboratory Software and Hardware
      • Laboratory Accreditation Programs
    • Data Destruction Industry Standards
    • Risk Assessment
      • Risk Assessment Matrix
  • Investigation Phase
    • Investigation Process
      • Questions to Ask When a Client Calls the Forensic Investigator
      • Checklist to Prepare for a Computer Forensics Investigation
      • Notify Decision Makers and Acquire Authorization
    • Computer Forensics Investigation Methodology: First Response
      • First Responder
        • Roles of First Responder
      • First Response Basics
      • Incident Response: Different Situations
        • First Response by System Administrators
        • First Response by Non-Forensic Staff
        • First Response by Laboratory Forensic Staff
      • First Responder Common Mistakes
      • Documenting the Electronic Crime Scene
        • Photographing the Scene
        • Sketching the Scene
        • Note Taking Checklist
    • Computer Forensics Investigation Methodology: Search and Seizure
      • Consent
        • Sample of Consent Search Form
        • Witness Signatures
        • Witness Statement Checklist
      • Conducting Preliminary Interviews
      • Planning the Search and Seizure
        • Initial Search of the Scene
      • Warrant for Search and Seizure
        • Obtain Search Warrant
        • Example of Search Warrant
      • Searches Without a Warrant
      • Health and Safety Issues
      • Securing and Evaluating Electronic Crime Scene: A Checklist
    • Computer Forensics Investigation Methodology: Collect the Evidence
      • Collect Physical Evidence
        • Evidence Collection Form
      • Collecting and Preserving Electronic Evidence
      • Dealing with Powered On Computers
      • Dealing with Powered Off Computers
      • Dealing with Networked Computer
      • Dealing with Open Files and Startup Files
      • Operating System Shutdown Procedure
      • Computers and Servers
      • Preserving Electronic Evidence
      • Seizing Portable Computers
      • Dealing with Switched On Portable Computers
    • Computer Forensics Investigation Methodology: Secure the Evidence
      • Evidence Management
      • Chain of Custody
        • Simple Format of the Chain of Custody Document
        • Chain of Custody Forms
        • Chain of Custody on Property Evidence Envelope/Bag and Sign-out Sheet
      • Packaging and Transporting Electronic Evidence
        • Evidence Bag Contents List
        • Packaging Electronic Evidence
        • Exhibit Numbering
        • Transporting Electronic Evidence
      • Storing Electronic Evidence
    • Computer Forensics Investigation Methodology: Data Acquisition
      • Guidelines for Acquiring Evidence
      • Duplicate the Data (Imaging)
      • Verify Image Integrity
        • MD5 Hash Calculators: HashCalc, MD5 Calculator and HashMyFiles
      • Recover Lost or Deleted Data
        • Data Recovery Software
    • Computer Forensics Investigation Methodology: Data Analysis
      • Data Analysis
  • Post-investigation Phase
    • Computer Forensics Investigation Methodology: Evidence Assessment
      • Evidence Assessment
      • Case Assessment
      • Processing Location Assessment
      • Collecting Evidence from Social Networks
      • Best Practices on how to Behave as an Investigator on Social Media
      • Best Practices to Assess the Evidence
    • Computer Forensics Investigation Methodology: Documentation and Reporting
      • Documentation in Each Phase
      • Gather and Organize Information
      • Writing the Investigation Report
    • Computer Forensics Investigation Methodology: Testify as an Expert Witness
      • Expert Witness
      • Testifying in the Court Room
      • Closing the Case
      • Maintaining Professional Conduct
Module 03: Understanding Hard Disks and File Systems
  • Hard Disk Drive Overview
    • Disk Drive Overview
    • Hard Disk Drive (HDD)
    • Solid-State Drive (SSD)
    • Physical Structure of a Hard Disk
    • Logical Structure of Hard Disk
    • Types of Hard Disk Interfaces
    • Hard Disk Interfaces
      • ATA
      • SCSI
      • IDE/EIDE
      • USB
      • Fibre Channel
    • Tracks
      • Track Numbering
    • Sector
      • Sector Addressing
      • Advanced Format: Sectors
    • Cluster
      • Cluster Size
      • Slack Space
      • Lost Clusters
    • Bad Sectors
    • Understanding Bit, Byte, and Nibble
    • Hard Disk Data Addressing
    • Data Densities on a Hard Disk
    • Disk Capacity Calculation
    • Measuring the Performance of the Hard Disk
  • Disk Partitions and Boot Process
    • Disk Partitions
    • BIOS Parameter Block (BPB)Partitioning utilities
    • Master Boot Record
      • Structure of a Master Boot Record
    • Globally Unique Identifier (GUID)
      • GUID Partition Table (GPT)
    • What is the Booting Process?
    • Essential Windows System Files
    • Windows Boot Process
    • Identifying GUID Partition Table (GPT)
    • Analyzing the GPT Header and Entries
    • GPT Artifacts
    • Macintosh Boot Process
    • Linux Boot Process
  • Understanding File Systems
    • Understanding File Systems
    • Types of File Systems
    • Windows File Systems
      • File Allocation Table (FAT)
        • FAT File System Layout
        • FAT Par

Enquire

Start date Location / delivery
No fixed date United Kingdom Book now
01132207150 01132207150

Related article

QA's practice director of Cyber Security, Richard Beck, rounds up the latest cyber security news.