Course Overview
No cybersecurity team is complete without digital forensics. Digital forensics and investigations are critical to successfully handling a cyber incident when it occurs.
EC-Council’s CHFI program prepares cybersecurity professionals with the knowledge and skills required to perform effective digital forensics investigations and bring their organization into a state of forensic readiness. This includes establishing the forensics process, lab, evidence handling procedures, as well as the investigation procedures required to validate/triage incidents and point the incident response teams in the right direction. Forensic Readiness could be the difference between a minor incident and a major cyber-attack that brings a company to its knees.
This intense hands-on digital forensics program immerses students in over 68 forensic labs, enabling them to work on crafted evidence files and utilize the tools employed by the world’s top digital forensics professionals. Students will go beyond traditional hardware and memory forensics and learn current topics such as cloud forensics, mobile and IoT, investigating web application attacks, and malware forensics. CHFI presents a methodological approach to computer forensics including searching and seizing, chain-of-custody, acquisition, preservation, analysis and reporting of digital evidence Students learn how to acquire and manage evidence through various operating environments, as well as the chain of custody and legal procedures required to preserve evidence and ensure it is admissible in court. This knowledge will help them prosecute cybercriminals and limit liability for target organizations.
This program combines credible professional knowledge with a globally recognized certification that is required for a career in digital forensics, Digital investigations, and DFIR.
Who should attend
- Digital Forensics Analyst
- Computer Forensic Analyst/Practitioner/Examiner/Specialist/Technician/Criminal Investigator/Lab Project Manager
- Cybercrime Investigator
- Computer Crime Investigator
- Cyber Defense Forensics Analyst
- Law Enforcement/Counterintelligence Forensics Analyst
- Data Forensic Investigator
- Digital Crime Specialist
- Computer Security Forensic Investigator
- Network/Technology Forensic Analyst/Specialist
- Digital Forensics and Incident Response Engineer
- Forensic Imaging Specialist
- Forensics and eDiscovery Analyst
- Computer Forensics and Intrusion Analyst
- Intrusions Forensics Lead
- Security Engineer – Forensics
- Malware Analyst
- Mobile Forensic Analyst/Expert
- Mobile Exploitation Analyst
- Information Systems Security Professional/Analyst
- Information Technology Auditor
- Cryptanalyst
- Cryptographer
- Disaster Recovery Expert
- Intelligence Technology Analyst
- Cybersecurity Incident Response and Attack Analyst
- Cloud Security Analyst
- Forensics SME
- Forensic Accountant
- IT Security Forensic Analyst
- Cyber Security/Defense Forensics Analyst
Prerequisites
- IT/forensics professionals with basic knowledge of IT/cybersecurity, computer forensics, and incident response.
- Knowledge of Threat Vectors.
Course Objectives
- Computer forensics fundamentals, different types of cybercrime and their investigation procedures, as well as regulations and standards that influence the computer forensic investigation process.
- Various phases involved in the computer forensics investigation process.
- Different types of disk drives and their characteristics, boot process and file systems in Windows, Linux and Mac operating systems, file system examination tools, RAID and NAS/SAN storage systems, various encoding standards, and file format analysis.
- Data acquisition fundamentals and methodology, eDiscovery, and preparing image files for forensics examination .
- Various anti-forensics techniques used by attackers, different ways to detect them, and related tools and countermeasures.
- Volatile and non-volatile data acquisition in Windows-based operating systems, Windows memory and registry analysis, electron app analysis, Web browser forensics, and examination of Windows files, ShellBags, LNK files, and Jump Lists, and Windows event logs.
- Volatile and non-volatile data acquisition and memory forensics in Linux and Mac operating systems.
- Network forensics fundamentals, event correlation concepts, Indicators of Compromise (IOCs) and ways to differentiate them in network logs, techniques and tools related to network traffic investigation, incident detection and examination, and wireless attack detection and investigation.
- Malware forensics concepts, static and dynamic malware analysis, system and network behavior analysis, and ransomware analysis.
- Web application forensics and challenges, web application threats and attacks, web application logs (IIS logs, Apache web server logs, etc.), and how to detect and investigate various web application attacks.
- Tor browser working methodology and steps involved in the Tor browser forensics process.
- Cloud computing concepts, cloud forensics and challenges, fundamentals of AWS, Microsoft Azure, and Google Cloud and their investigation processes.
- Components in email communication, steps involved in email crime investigation, and social media forensics.
- Architectural layers and boot processes of Android and iOS devices, mobile forensics process, various cellular networks, SIM file system, as well as logical and physical acquisition of Android and iOS devices.
- Different types of IoT threats, security problems, vulnerabilities and attack surfaces areas, IoT forensics process and challenges.
Course Content
- Computer Forensics in Today's World
- Computer Forensics Investigation Process
- Understanding Hard Disks and File Systems
- Data Acquisition and Duplication
- Defeating Anti-forensics Techniques
- Windows Forensics
- Linux and Mac Forensics
- Network Forensics
- Malware Forensics
- Investigating Web Attacks
- Dark Web Forensics
- Cloud Forensics
- Email and Social Media Forensics
- Mobile Forensics
- IoT Forensics
English
German
Germany
Switzerland