Cart 0
Ec-council | Learning
Cybersecurity training | Digital Criminalistics
The CHFI course offers comprehensive training in digital forensics, teaching investigation, analysis and evidence management to prosecute perpetrators.
About Investigator's course in Computer Criminalism
Description
CHFI covers all the essential elements of the analysis and evaluation of digital forensics needed for the modern world — tested and approved by senior veterans and practitioners in the cyber forensics industry. From identifying the traces of a violation to collecting evidence for a prosecution, the CHFI accompanies students at each stage of the process through experiential learning. The ICF is designed by industry practitioners for professionals including forensic analysts, cybercrime investigators, cyber defence forensic analysts, incident responders, information technology auditors, malware analysts, security consultants, security officials and aspiring candidates.
Benefits of the CHFI Course
- Inclusion of critical modules in Darkweb forensics and IoT forensics
- Significant coverage of criminological methodologies for public cloud infrastructure, including Amazon AWS and Microsoft Azure
- Massive updates on all CHFI modules
- Inclusion of the latest forensic tools, including Splunk, DNSQuerySniffer, etc.
- Added new techniques such as Counter Anti-Criminalistic Techniques, Windows ShellBags, including analysis of LNK files and Jump Lists
- Widespread coverage of the Criminalistic Malwares (last samples of malware such as Emotet and EternalBlue)
- Now more than 50 GB of evidence files developed for investigation purposes
- More than 50% of new advanced criminal laboratories
- In-depth focus on the process of acquisition and review of volatile and non-volatile data (Criminalistic RAM, Criminalistic Tor, etc.)
- Accepted and recognized by cybersecurity practitioners in Fortune 500 companies worldwide
Course outline
Course outline:
- Computer Criminalistics in Today's World
- Criminalistics Investigation Process
- Understanding Hard Drives and File Systems
- Acquisition and Duplication of Data
- Anti-Criminalistic Techniques
- Windows Criminalism
- Linux and Mac Criminalism
- Criminalism Network
- Web Attack Survey
- Criminalistic Dark Web
- Criminalistic database
- Criminalism in the Cloud
- Survey of Electronic Crimes
- Criminalistic Malware
- Criminalistic Mobile
- Criminalistics of the Internet of Things (IoT)
Objectives of the course
- Establish intelligence of key threats and learning points to support proactive profiling and scenario modelling.
- Detect anti-criminalistic methods.
- Conduct a post-intrusion analysis of electronic and digital media to determine who, where, what, when and how the intrusion occurred.
- Extract and analyze logs from various devices such as proxy, firewall, IPS, IDS, desktop computers, laptops, servers, SIM tools, routers, firewalls, switches, AD servers, DHCP logs, access control logs, and draw conclusions as part of the investigation process.
- Identify and verify the possible source/source of the incident.
- Recover deleted files and partitions on Windows, Mac OS X and Linux.
- Perform reverse engineering for known and suspected malware files.
- Collect data using criminal technology methods in accordance with evidence management procedures, including the collection of paper and electronic records.
Review
Success Score
In order to maintain the high integrity of our certification examinations, EC-Council examinations are provided in several forms (i.e. different question banks). Each form is carefully analysed through beta tests with an appropriate sample group under the supervision of a committee of experts in the field who ensure that each of our examinations has not only academic rigour, but also applicability in the "real world". We also have a process to determine the difficulty rating of each question. The individual rating then contributes to a global "Cut Score" for each form of examination. To ensure that each form has fair evaluation standards, cutting scores are set on a "by examination" basis. Depending on the form of examination presented, cutting scores can range from 60% to 78%.
- Number of Questions: 150
- Duration of the Review: 4 Hours
- Review Format: Multiple Choices
- Method of transition: ECC Review Portal
Roles
- Cyber Threat Analyst Level 2
- Cyber Threats Analyst
- Intermediate Level Intrusion Tester
- Cyberspace II Analyst
- Cybersecurity Engineer II Red Team
- Criminalist Analyst, Senior
- Cybersecurity Analyst Advisor
- Cybersecurity Analyst
- Applications Security Analyst
- Senior Cyber Security Analyst
- Digital Criminalistic Analyst - Junior level
- Security Architect
- Cybersecurity Auditor
- Senior Security Engineer Network
- Information Security Engineer
- Head of Information Security Management
- Senior Cybersecurity Engineer
- Responsible for the Information Security Risk Program
- Cyber Security Systems Engineer
- Specialist in Insurance/Information Security
- Cyber Main Operator
- Cyber Risk Defense Analyst in Information Security
- Senior Forensic Analyst
- Director of Information Technology Security
- Cyber Security Analyst
- Intrusion Tester
- Senior Information Insurance Analyst
- Cyber Security Project Engineer
- Cybernetics Threat Analyst II
- Intrusion Analyst
- Cyber Systems Administrator
- Specialist in Information Security and Risk Assessment
- Criminalist Analyst, Senior
- Professor of Cyber Security and Networking - Cloud computing
- Cybersecurity Analyst Level 2
- Specialist in Security Engineering Senior Network
- Security Controls Evaluator 2
- Security Operations Engineer / Team Leader
- Cyber Main Operator
- Head of Cyber Security and Incident Response Operations
- Head of IT Security
- Senior Security Engineer Network
- Senior IT Security Manager - Cloud & Digital
- Senior Senior, Digital Criminalistics
- Senior Consultant in Network Security Engineering
- Senior Cyber Threat Intelligence Analyst
- Cybersecurity Partner Level 3
- Level I Intrusion Analyst
- Senior Investigative Analyst
- Senior Cyber Security Consultant
