Computer Hacking Forensic Investigator v10 (CHFI)


Seminar - Ziel

The Computer Hacking Forensic Investigator (CHFI) course delivers the security discipline of digital forensics from a vendor-neutral perspective. CHFI is a comprehensive course covering major forensic investigation scenarios and enabling students to acquire necessary hands-on experience with various forensic investigation techniques and standard forensic tools necessary to successfully carry out a computer forensic investigation leading to the prosecution of perpetrators.

The CHFI certification gives participants (Law enforcement personnel, system administrators, security officers, defense and military personnel, legal professionals, bankers, security professionals, and anyone who is concerned about the integrity of the network infrastructure.) the necessary skills to perform an effective digital forensics investigation.

CHFI presents a methodological approach to computer forensics including searching and seizing, chain-of-custody, acquisition, preservation, analysis and reporting of digital evidence.

Teilnehmer - Zielgruppe

  • System and Network Administrators
  • Police/government investigative authorities
  • defense and military personnel
  • E-business security experts
  • system administrators
  • lawyers
  • IT manager

Kurs - Voraussetzungen

  • Network, Linux and Windows basic knowledge
  • Basic security knowledge is an advantage
  • CEH Ethical Hacker course is beneficial


  • 5 Tage
  • 09:00 Uhr bis 17:00 Uhr


  • nach Absprache

Seminar-Inhalt / Agenda

Module 01: Computer Forensics in Today’s World

  • 1.1. Understand the Fundamentals of Computer Forensics
  • 1.2. Understand Cybercrimes and their Investigation Procedures
  • 1.3. Understand Digital Evidence
  • 1.4. Understand Forensic Readiness, Incident Response and the Role of SOC (Security Operations
  • Center) in Computer Forensics
  • 1.5. Identify the Roles and Responsibilities of a Forensic Investigator
  • 1.6. Understand the Challenges Faced in Investigating Cybercrimes
  • 1.7. Understand Legal Compliance in Computer Forensics

Module 02: Computer Forensics Investigation Process

  • 2.1. Understand the Forensic Investigation Process and its Importance
  • 2.2. Understand the Pre-investigation Phase
  • 2.3. Understand First Response
  • 2.4. Understand the Investigation Phase
  • 2.5. Understand the Post-investigation Phase

Module 03: Understanding Hard Disks and File Systems

  • 3.1. Describe Different Types of Disk Drives and their Characteristics
  • 3.2. Explain the Logical Structure of a Disk
  • 3.3. Understand Booting Process of Windows, Linux and Mac Operating Systems
  • 3.4. Understand Various File Systems of Windows, Linux and Mac Operating Systems
  • 3.5. Examine File System Using Autopsy and The Sleuth Kit Tools
  • 3.6. Understand Storage Systems
  • 3.7. Understand Encoding Standards and Hex Editors
  • 3.8. Analyze Popular File Formats Using Hex Editor

Module 04: Data Acquisition and Duplication

  • 4.1. Understand Data Acquisition Fundamentals
  • 4.2. Understand Data Acquisition Methodology
  • 4.3. Prepare an Image File for Examination

Module 05: Defeating Anti-forensics Techniques

  • 5.1. Understand Anti-forensics Techniques
  • 5.2. Discuss Data Deletion and Recycle Bin Forensics
  • 5.3. Illustrate File Carving Techniques and Ways to Recover Evidence from Deleted Partitions
  • 5.4. Explore Password Cracking/Bypassing Techniques
  • 5.5. Detect Steganography, Hidden Data in File System Structures, Trail Obfuscation, and File
  • Extension Mismatch
  • 5.6. Understand Techniques of Artifact Wiping, Overwritten Data/Metadata Detection, and
  • Encryption
  • 5.7. Detect Program Packers and Footprint Minimizing Techniques
  • 5.8. Understand Anti-forensics Countermeasures

Module 06: Windows Forensics

  • 6.1. Collect Volatile and Non-volatile Information
  • 6.2. Perform Windows Memory and Registry Analysis
  • 6.3. Examine the Cache, Cookie and History Recorded in Web Browsers
  • 6.4. Examine Windows Files and Metadata
  • 6.5. Understand ShellBags, LNK Files, and Jump Lists
  • 6.6. Understand Text-based Logs and Windows Event Logs

Module 07: Linux and Mac Forensics

  • 7.1. Understand Volatile and Non-volatile Data in Linux
  • 7.2. Analyze Filesystem Images Using The Sleuth Kit
  • 7.3. Demonstrate Memory Forensics Using Volatility & PhotoRec
  • 7.4. Understand Mac Forensics

Module 08: Network Forensics

  • 8.1. Understand Network Forensics
  • 8.2. Explain Logging Fundamentals and Network Forensic Readiness
  • 8.3. Summarize Event Correlation Concepts
  • 8.4. Identify Indicators of Compromise (IoCs) from Network Logs
  • 8.5. Investigate Network Traffic
  • 8.6. Perform Incident Detection and Examination with SIEM Tools
  • 8.7. Monitor and Detect Wireless Network Attacks

Module 09: Investigating Web Attacks

  • 9.1. Understand Web Application Forensics
  • 9.2. Understand Internet Information Services (IIS) Logs
  • 9.3. Understand Apache Web Server Logs
  • 9.4. Understand the Functionality of Intrusion Detection System (IDS)
  • 9.5. Understand the Functionality of Web Application Firewall (WAF)
  • 9.6. Investigate Web Attacks on Windows-based Servers
  • 9.7. Detect and Investigate Various Attacks on Web Applications

Module 10: Dark Web Forensics

  • 10.1. Understand the Dark Web
  • 10.2. Determine How to Identify the Traces of Tor Browser during Investigation
  • 10.3. Perform Tor Browser Forensics

Module 11: Database Forensics

  • 11.1. Understand Database Forensics and its Importance
  • 11.2. Determine Data Storage and Database Evidence Repositories in MSSQL Server
  • 11.3. Collect Evidence Files on MSSQL Server
  • 11.4. Perform MSSQL Forensics
  • 11.5. Understand Internal Architecture of MySQL and Structure of Data Directory
  • 11.6. Understand Information Schema and List MySQL Utilities for Performing Forensic Analysis
  • 11.7. Perform MySQL Forensics on WordPress Web Application Database

Module 12: Cloud Forensics

  • 12.1. Understand the Basic Cloud Computing Concepts
  • 12.2. Understand Cloud Forensics
  • 12.3. Understand the Fundamentals of Amazon Web Services (AWS)
  • 12.4. Determine How to Investigate Security Incidents in AWS
  • 12.5. Understand the Fundamentals of Microsoft Azure
  • 12.6. Determine How to Investigate Security Incidents in Azure
  • 12.7. Understand Forensic Methodologies for Containers and Microservices

Module 13: Investigating Email Crimes

  • 13.1. Understand Email Basics
  • 13.2. Understand Email Crime Investigation and its Steps
  • 13.3. U.S. Laws Against Email Crime

Module 14: Malware Forensics

  • 14.1. Define Malware and Identify the Common Techniques Attackers Use to Spread Malware
  • 14.2. Understand Malware Forensics Fundamentals and Recognize Types of Malware Analysis
  • 14.3. Understand and Perform Static Analysis of Malware
  • 14.4. Analyze Suspicious Word and PDF Documents
  • 14.5. Understand Dynamic Malware Analysis Fundamentals and Approaches
  • 14.6. Analyze Malware Behavior on System Properties in Real-time
  • 14.7. Analyze Malware Behavior on Network in Real-time
  • 14.8. Describe Fileless Malware Attacks and How they Happen
  • 14.9. Perform Fileless Malware Analysis - Emotet

Module 15: Mobile Forensics

  • 15.1. Understand the Importance of Mobile Device Forensics
  • 15.2. Illustrate Architectural Layers and Boot Processes of Android and iOS Devices
  • 15.3. Explain the Steps Involved in Mobile Forensics Process
  • 15.4. Investigate Cellular Network Data
  • 15.5. Understand SIM File System and its Data Acquisition Method
  • 15.6. Illustrate Phone Locks and Discuss Rooting of Android and Jailbreaking of iOS Devices
  • 15.7. Perform Logical Acquisition on Android and iOS Devices
  • 15.8. Perform Physical Acquisition on Android and iOS Devices
  • 15.9. Discuss Mobile Forensics Challenges and Prepare Investigation Report

Module 16: IoT Forensics

  • 16.1. Understand IoT and IoT Security Problems
  • 16.2. Recognize Different Types of IoT Threats
  • 16.3. Understand IoT Forensics
  • 16.4. Perform Forensics on IoT Devices

Weitere Schulungen zu Thema EC-Council

Certified Incident Handler (ECIH)

- u.a. in Nürnberg, Berlin, Stuttgart, München, Köln

This latest iteration of EC-Council’s Certified Incident Handler (E|CIH) program has been designed and developed in collaboration with cybersecurity and incident handling and response practitioners across the globe. It is a comprehensive specialist-level program that imparts ...

Certified Network Defender (CND)

- u.a. in Nürnberg, Berlin, Stuttgart, München, Köln

Certified Network Defender (CND) is a vendor-neutral, hands-on, instructor-led comprehensive network security certification training program. It is a skills-based, lab intensive program based on the security education framework and work role task analysis presented by the ...

Certified Penetration Testing Professional (CPENT)

- u.a. in Berlin, Frankfurt am Main, Leipzig, Nürnberg, Heidelberg

EC-Council’s Certified Penetration Tester (CPENT) program is all about the pen test and will teach you to perform in an enterprise network environment that must be attacked, exploited, evaded, and defended. If you have only been working in flat networks, CPENT’s live ...

Certified SOC-Analyst (CSA)

- u.a. in Leipzig, Wien, Düsseldorf, Essen, Offenbach

The Certified SOC Analyst (CSA) program is the first step to joining a security operations center (SOC). It is engineered for current and aspiring Tier I and Tier II SOC analysts to achieve proficiency in performing entry-level and intermediate-level operations. CSA is a ...