Computer Hacking Forensic Investigator (CHFI)

View cart
Computer Hacking Forensic Investigator (CHFI)

Computer Hacking Forensic Investigator (CHFI)

Preparation Training – EC-Council

Credential to be awarded: Certificate Completion

Total Hours: 40


ALL Included: Fees, Itemized: Course book $650; Optional EC-Council Certification Voucher $600

Total tuition & fees: $5300.00

Course Description

This certification preparation program for the CHFI program is designed for all IT professionals involved with information system security, computer forensics, and incident response. CHFI presents a detailed methodological approach to computer forensics and evidence analysis. It is a comprehensive course covering

major forensic investigation scenarios that enable students to acquire hands-on experience on various forensic investigation techniques and standard tools necessary to successfully carry-out a computer forensic investigation.

Day 1: Computer Forensics in Today’s World, Computer Forensics Investigation Process, Searching and Seizing Computers, and Digital Evidence 

  • Topic A: Computer Forensics
  • Topic B: Forensics Readiness
  • Topic C: Cyber Crime
  • Topic D: Cyber Crime Investigation
  • Topic E: Reporting a Cyber Crime
  • Topic F: Investigating Computer Crime
  • Topic G: Steps to Prepare for a Computer Forensics Investigation
  • Topic H: Computer Forensics Investigation Methodology
  • Topic I: Searching and Seizing Computers without a Warrant
  • Topic J: Searching and Seizing Computers with a Warrant
  • Topic K: The Electronic Communications Privacy Act
  • Topic L: Electronic Surveillance in Communications Networks
  • Topic M: Digital Data
  • Topic N: Types of Digital Data
  • Topic O: Rules of Evidence
  • Topic P: Electronic Devices: Types and Collecting Potential Evidence
  • Topic Q: Digital Evidence Examination Process
  • Topic R: Electronic Crime and Digital Evidence Consideration by Crime Category

Day 2: First Responder Procedures, Computer Forensics Lab, Understanding Hard Disks and File Systems, and Windows Forensics 

  • Topic A: Roles of First Responder
  • Topic B: Electronic Devices: Types and Collecting Potential Evidence
  • Topic C: First Response Basics
  • Topic D: Securing and Evaluating Electronic Crime Scene
  • Topic E: Documenting Electronic Crime Scene
  • Topic F: Collecting and Preserving Electronic Evidence
  • Topic G: Packaging and Transporting Electronic Evidence
  • Topic H: Reporting the Crime Scene
  • Topic I: First Responder Common Mistakes
  • Topic J: Setting a Computer Forensics Lab
  • Topic K: Investigative Services in Computer Forensics
  • Topic L: Computer Forensics Hardware
  • Topic M: Computer Forensics Software
  • Topic N: Hard Disk Drive Overview
  • Topic O: Disk Partitions and Boot Process
  • Topic P: Understanding File Systems
  • Topic Q: RAID Storage System
  • Topic R: File System Analysis Using The Sleuth Kit (TSK)
  • Topic S: Collecting Volatile Information
  • Topic T: Collecting Non-volatile Information
  • Topic U: Windows Memory Analysis
  • Topic V: Windows Registry Analysis
  • Topic W: Cache, Cookie, and History Analysis
  • Topic X: MD5 Calculation
  • Topic Y: Windows File Analysis
  • Topic Z: Metadata Investigation
  • Topic AA: Text Based Logs
  • Topic AB: Forensic Analysis of Event Logs
  • Topic AC: Forensic Tools

Day 3: Data Acquisition and Duplication, Recovering Deleted Files and Deleted Partitions, Forensics Investigation using Access Data FTK, Forensics Investigation Using EnCase, and Steganography and Image File Forensics 

  • Topic A: Data Acquisition and Duplication Concepts
  • Topic B: Data Acquisition Types
  • Topic C: Disk Acquisition Tool Requirements
  • Topic D: Validation Methods
  • Topic E: RAID Data Acquisition
  • Topic F: Acquisition Best Practices
  • Topic G: Data Acquisition Software Tools
  • Topic H: Data Acquisition Hardware Tools
  • Topic I: Recovering the Deleted Files
  • Topic J: File Recovery Tools for Windows
  • Topic K: File Recovery Tools for MAC
  • Topic L: File Recovery Tools for Linux
  • Topic M: Recovering the Deleted Partitions
  • Topic N: Partition Recovery Tools
  • Topic O: Overview and Installation of FTK
  • Topic P: FTK Case Manager User Interface
  • Topic Q: Starting with FTK
  • Topic R: Adding and Processing Static, Live, and Remote Evidence
  • Topic S: Using Index Search and Live Search
  • Topic T: Decrypting EFS and other Encrypted Files
  • Topic U: Overview of EnCase Forensic
  • Topic V: Installing EnCase Forensic
  • Topic W: EnCase Interface
  • Topic X: Case Management
  • Topic Y: Working with Evidence
  • Topic Z: Source Processor
  • Topic AA: Analyzing and Searching Files
  • Topic AB: Viewing File Content
  • Topic AC: Reporting
  • Topic AD: Steganography
  • Topic AE: Steganography Techniques
  • Topic AF: Steganalysis
  • Topic AG: Image Files
  • Topic AH: Data Compression
  • Topic AI: Locating and Recovering Image Files
  • Topic AJ: Image File Forensics Tools

Day 4: Application Password Crackers, Log Capturing and Event Correlation, Network Forensics, Investigating Logs and Investigating Network Traffic, Investigating Wireless Attacks, and Investigating Web Attacks 

  • Topic A: Password Cracking Concepts
  • Topic B: Types of Password Attacks
  • Topic C: Classification of Cracking Software
  • Topic D: Systems Software vs. Applications Software
  • Topic E: System Software Password Cracking
  • Topic F: Application Software Password Cracking
  • Topic G: Password Cracking Tools
  • Topic H: Computer Security Logs
  • Topic I: Logs and Legal Issues
  • Topic J: Log Management
  • Topic K: Centralized Logging and Syslogs
  • Topic L: Time Synchronization
  • Topic M: Event Correlation
  • Topic N: Log Capturing and Analysis Tools
  • Topic O: Network Forensics
  • Topic P: Network Attacks
  • Topic Q: Log Injection Attacks
  • Topic R: Investigating and Analyzing Logs
  • Topic S: Investigating Network Traffic
  • Topic T: Traffic Capturing and Analysis Tools
  • Topic U: Documenting the Evidence Gathered on a Network
  • Topic V: Wireless Technologies
  • Topic W: Wireless Attacks
  • Topic X: Investigating Wireless Attacks
  • Topic Y: Wireless Forensics Tools
  • Topic Z: Introduction to Web Applications and Webservers
  • Topic AA: Web Logs
  • Topic AB: Web Attacks
  • Topic AC: Web Attack Investigation
  • Topic AD: Web Attack Detection Tools
  • Topic AE: Tools for Locating IP Address

Day 5: Tracking Emails and investigating Email Crimes, Mobile Forensics, Investigative Reports, and Becoming an Expert Witness 

  • Topic A: Email System Basics
  • Topic B: Email Crimes
  • Topic C: Email Headers
  • Topic D: Steps to Investigate
  • Topic E: Email Forensics Tools
  • Topic F: Laws and Acts against Email Crimes
  • Topic G: Mobile Phone
  • Topic H: Mobile Operating Systems
  • Topic I: Mobile Forensics
  • Topic J: Mobile Forensic Process
  • Topic K: Mobile Forensics Software Tools
  • Topic L: Mobile Forensics Hardware Tools
  • Topic M: Computer Forensics Report
  • Topic N: Computer Forensics Report Template
  • Topic O: Investigative Report Writing
  • Topic P: Sample Forensics Report
  • Topic Q: Report Writing Using Tools
  • Topic R: Expert Witness
  • Topic S: Types of Expert Witnesses
  • Topic T: Scope of Expert Witness Testimony
  • Topic U: Evidence Processing
  • Topic V: Rules for Expert Witness
  • Topic W: General Ethics While Testifying

Recommendations and Prerequisites

EC-Council Organization
Certification Recommendations/
To be eligible to apply for the CHFI exam, students must attend an official training class (from an Authorized Training Provider) OR have at least two years of information security related experience. It is strongly recommended that you attend the CEH certification preparation program before enrolling into CHFI program.


Students who complete an Advanced Business Learning EC-Council program are automatically eligible to sit for the certification exam due to their Authorized Training Provider status.


EC-Council Organization

Certification Exam Requirements

To be certified, students must complete the certification exam with a minimum passing score of 70% or higher during the allotted 4-hour timeframe for the 150-question exam.

Course Features

  • Lectures 0
  • Quizzes 0
  • Duration 40 hours
  • Skill level Advanced Level
  • Language English
  • Students 10
  • Assessments Self
Curriculum is empty
View cart