Certifications > EC-Council Sercurity > EC-Council Computer Hacker Forensic Investigator
EC-Council - Computer Hacker Forensic Investigator (CHFI) v 3.0
EC-Council - Computer Hacker Forensic Investigator (CHFI) v 3.0- 5-Day
Computer Hacking Forensic Investigation (CHFI) is the process of detecting hacking attacks and properly
extracting evidence to report the crime and conduct audits to prevent future attacks. Computer
forensics is simply the application of computer investigation and analysis techniques in the
interests of determining potential legal evidence.
The CHFI course will give participants the necessary skills to identify an intruder's footprints and to properly gather the necessary evidence to prosecute. Many of today's top tools of the forensic trade will be taught during this course, including software, hardware and specialized techniques. The need for businesses to become more efficient and integrated with one another, as well as the home user, has given way to a new type of criminal, the "cyber-criminal." It is no longer a matter of "will your organization be comprised (hacked)?" but, rather, "when?" Today's battles between corporations, governments, and countries are no longer fought only in the typical arenas of boardrooms or battlefields using physical force. Now the battlefield starts in the technical realm, which ties into most every facet of modern day life. If you or your organization requires the knowledge or skills to identify, track, and prosecute the cyber-criminal, then this is the course for you.
The CTCLC Difference
Current Technologies Computer Learning Center uses our own certified instructors that will help guide you to a sucessful completion of your training and certification. Our Instructors are CEH, CHFI, ECSA, LPT, CCIE, and CCSP Qualified. Let our great instructors help you protect your network from Hackers and Viruses. CTCLC has convenient day or night schedules to fit your needs. We can also do onsite classes with our top notch portable labs.
Our instructors are the very best and give 110% to their Students. We Care about every student that we train and we have a free resit policy for all of our courses for the same revision. You will not find a better training experience anywhere.
Current Technologies Computer Learning Center is Microsoft Gold Certified Partner for Learning Solutions (CPLS), Cisco Learning Partner, CompTIA Learning Alliance Member, EC-Council Accredited Training Center, and many others. We offer the highest quality, authorized training that you will find anywhere.
Intended Audience
Police and other law enforcement personnel - Defense and Military personnel
- e-Business Security professionals
- Systems administrators
- Legal professionals
- Banking, Insurance and other professionals
- Government agencies
- IT managers
Duration
- 5 days, Instructor-led classroom training
Prerequisites
Required Prerequisites for this Training Package:
CTCLC Special Discounts
CHFI Computer Hacker Forensic Investigator (CHFI) $2,995.00 List Price $3,295.00 Special Discounted price for 2 or more from the same Company $2,495.00
For More Information About Computer Hacker Forensic Investigator (CHFI) Contact Us
EMail: Sales@ctclc.com
Phone: (219) 764-3800
Course Outline:
Module 01: Computer Forensics in Today’s World
§ Ways of Forensic Data Collection
§ Objectives of Computer Forensics
§ Benefits of Forensic Readiness
§ Categories of Forensics Data
§ Computer Facilitated Crimes
§ Stages of Forensic Investigation in Tracking Cyber Criminals
§ Key Steps in Forensics Investigations
§ Need for Forensic Investigator
§ When An Advocate Contacts The Forensic Investigator, He Specifies How To Approach
§ Enterprise Theory of Investigation (ETI)
§ Where and when do you use Computer Forensics
§ Legal Issues
§ Reporting the Results
Module 02: Law and Computer Forensics
§ Privacy Issues Involved in Investigations
§ Fourth Amendment Definition
§ Interpol- Information Technology Crime Center
§ Internet Laws and Statutes
§ Intellectual Property Rights
§ Cyber Stalking
§ Crime Investigating Organizations
§ The G8 Countries: Principles to Combat High-tech Crime
§ United Kingdom: Police and Justice Act 2006
§ Australia: The Cybercrime Act 2001
§ Belgium
§ European Laws
§ Austrian Laws
§ Brazilian Laws
§ Belgium Laws
§ Canadian Laws
§ France Laws
§ Indian Laws
§ German Laws
§ Italian Laws
§ Greece Laws
§ Denmark Laws
§ Norwegian Laws
§ Netherlands Laws
§ Internet Crime Schemes
Module 03: Computer Investigation Process
§ Securing the Computer Evidence
§ Preparation for Searches
§ Chain-of Evidence Form
§ Accessing the Policy Violation Case: Example
§ 10 Steps to Prepare for a Computer Forensic Investigation
§ Investigation Process
· Case Assessment
· Processing Location Assessment
· Legal Considerations
· Evidence Assessment
· Write Protection
· Acquire the Subject Evidence
· Physical Extraction
· Logical Extraction
· Analysis of Extracted Data
· Timeframe Analysis
· Data Hiding Analysis
· Application and File Analysis
· Ownership and Possession
· What Should be in the Final Report?
§ Maintaining Professional Conduct
Module 04: First Responder Procedure
§ Electronic Evidence
§ The Forensic Process
§ Types of Electronic Devices
§ Evidence Collecting Tools and Equipment
§ First Response Rule
§ Incident Response: Different Situations
§ Securing and Evaluating Electronic Crime Scene
§ Ask These Questions When A Client Calls A Forensic Investigator
§ Health and Safety Issues
§ Consent
§ Planning the Search and Seizure
· Initial Interviews
· Evidence Bag Contents List
· Order of Volatility
· Dealing with Powered OFF Computers at Seizure Time
· Dealing with a Powered ON PC
· Computers and Servers
· Collecting and Preserving Electronic Evidence
· Seizing Portable Computers
· Switched ON Portables
· Packaging Electronic Evidence
· Exhibit Numbering
§ ‘Chain of Custody’
§ Findings of Forensic Examination by Crime Category
Module 05 : CSIRT
§ How to Prevent an Incident?
§ Defining the Relationship between Incident Response, Incident Handling, and Incident Management
§ Incident Response Checklist
§ Incident Management
§ Why don’t Organizations Report Computer Crimes?
§ Estimating Cost of an Incident
§ Vulnerability Resources
§ Category of Incidents
§ CSIRT: Goals and Strategy
· CSIRT Incident Report Form
· CERT(R) Coordination Center: Incident Reporting Form
§ World CERTs http://www.trusted-introducer.nl/teams/country.html
§ http://www.first.org/about/organization/teams/
§ IRTs Around the World
Module 06: Computer Forensic Lab
§ Ambience of a Forensics Lab: Ergonomics
§ Forensic Laboratory Requirements
§ Portable Forensic Systems and Towers: Forensic Air-Lite VI MKII laptop
§ Forensic Write Protection Devices and Kits: Ultimate Forensic Write Protection Kit
§ Power Supplies and Switches
§ DIBS® Mobile Forensic Workstation
§ Forensic Archive and Restore Robotic Devices: Forensic Archive and Restore (FAR Pro)
§ Forensic Workstations
§ Tools: LiveWire Investigator
§ Features of the Laboratory Imaging System
§ Computer Forensic Labs, Inc
§ Data Destruction Industry Standards
Module 07: Understanding File Systems and Hard Disks
§ Types of Hard Disk Interfaces
§ EFS Key
§ FAT vs. NTFS
§ Windows Boot Process (XP/2003)
§ http://www.bootdisk.com
Module 08: Understanding Digital Media Devices
§ Digital Storage Devices
§ Magnetic Tape
§ Floppy Disk
§ Compact Disk
§ CD-ROM
§ DVD
§ Blu-Ray
§ CD Vs DVD Vs Blu-Ray
§ HD-DVD vs. Blu-Ray
§ iPod
§ Zune
§ Flash Memory Cards
§ USB Flash Drives
Module 09: Windows, Linux and Macintosh Boot Processes
§ Terminologies
§ Boot Loader
§ Boot Sector
§ Anatomy of MBR
§ Basic System Boot Process
§ MS-DOS Boot Process
§ Windows XP Boot Process
§ Common Startup Files in UNIX
§ List of Important Directories in UNIX
§ Linux Boot Process
§ Macintosh Forensic Software by BlackBag
§ Carbon Copy Cloner (CCC)
§ MacDrive6
Module 10: Windows Forensics
§ Windows Forensics Tool: Helix
§ MD5 Generator: Chaos MD5
§ Registry Viewer Tool: RegScanner
§ Virtual Memory
§ System Scanner
§ Integrated Windows Forensics Software: X-Ways Forensics
§ Tool: Traces Viewer
§ Investigating ADS Streams
Module 11: Linux Forensics
§ File System Description
§ Mount Command
§ Popular Linux Forensics Tools
· Tools Present in “The Sleuth Kit”
· The Evidence Analysis Techniques in Autopsy
· Tools Included in Penguin Sleuth Kit
· Major Programs Present in Maresware
Module 12: Data Acquisition and Duplication
§ Mount Image Pro
§ Snapshot Tool
§ Snapback DatArrest
§ Hardware Tool: Image MASSter Solo-3 Forensic
§ Save-N-Sync
§ Hardware Tool: ImageMASSter 6007SAS
§ Hardware Tool: Disk Jockey IT
§ SCSIPAK
§ IBM DFSMSdss
§ Tape Duplication System: QuickCopy
Module 13: Computer Forensic Tools
Part I- Software Forensics Tools
§ Visual TimeAnalyzer
§ X-Ways Forensics
§ Evidor
§ Data Recovery Tools: Device Seizure 1.0
§ Permanent Deletion of Files: Darik's Boot and Nuke (DBAN)
§ File Integrity Checker: FileMon
§ Partition Managers: Partimage
§ Linux/Unix Tools: Ltools and Mtools
§ Password Recovery Tool: Decryption Collection Enterprise v2.5
§ Internet History Viewer: CookieView - Cookie Decoder
§ FTK- Forensic Toolkit
§ Email Recovery Tool: E-mail Examiner
§ Case Agent Companion
§ Chat Examiner
§ Forensic Replicator
§ Registry Analyzer
§ SIM Card Seizure
§ Text Searcher
§ Autoruns
§ Autostart Viewer
§ Belkasoft RemovEx
§ HashDig
§ Inforenz Forager
§ KaZAlyser
§ DiamondCS OpenPorts
§ Pasco
§ Patchit
§ PE Explorer
§ Port Explorer
§ PowerGREP
§ Process Explorer
§ PyFLAG
§ Registry Analyzing Tool: Regmon
§ Reverse Engineering Compiler
§ SafeBack
§ TapeCat
§ Vision
Part II- Hardware Forensics Tools
§ List of Hardware Computer Forensic Tools
Module 14: Forensics Investigations Using Encase
§ Evidence File
§ Verifying File Integrity
§ Hashing
§ Acquiring Image
§ Configuring Encase
§ Viewers in Bottom Pane
§ Searching
§ Keywords
§ Starting the Search
§ Bookmarks
§ Recovering Deleted Files/folders in FAT Partition
§ Master Boot Record
§ NTFS Starting Point
§ Viewing Disk Geometry
§ Recovering Deleted Partitions
§ Viewers
§ Signature Analysis
§ Viewing the Results
§ Copying Files Folders
§ E-mail Recovery
§ Reporting
§ Encase Boot Disks
§ IE Cache Images
Module 15: Recovering Deleted Files and Deleted partitions
Part I: Recovering Deleted Files
§ Deleting Files
§ What happens when a File is Deleted in Windows?
§ Storage Locations of Recycle Bin in FAT and NTFS System
§ How The Recycle Bin Works
§ Damaged or Deleted INFO File
§ Damaged Files in Recycled Folder
§ Damaged Recycle Folder
§ Tools to Recover Deleted Files
Part II: Recovering Deleted Partitions
§ Deletion of Partition
§ Deletion of Partition using Windows
§ Deletion of Partition using Command Line
§ Recovery of Deleted Partition
§ Deleted Partition Recovery Tools
Module 16: Image Files Forensics
§ Common Terminologies
§ Understanding Image File Formats
§ How File Compression Works
§ Huffman Coding Algorithm
§ Lempel-Ziv Coding Algorithm
§ Vector Quantization
§ http://www.filext.com
§ Picture Viewer: AD
§ Picture Viewer: Max
§ FastStone Image Viewer
§ XnView
§ Faces – Sketch Software
§ Steganalysis
§ Image File Forensic Tool: GFE Stealth (Graphics File Extractor)
Module 17: Steganography
§ Classification of Steganography
§ Steganography vs. Cryptography
§ Model of Stegosystem
§ Model of Cryptosystem
· Introduction to Stego-Forensics
· Steganography vs. Watermarking
· Mosaic Attack – Javascript code
· 2Mosaic – Watermark breaking Tool
· Steganalysis
· TEMPSET
· Van Eck phreaking
· Printer Forensics
§ Steganography Tools
§ Application of Steganography
§ How to Detect Steganography?
Module: 18: Application Password Crackers
§ Brute Force Attack
§ Dictionary Attack
§ Syllable Attack/Rule-based Attack/Hybrid Attack
§ Password Guessing
§ Rainbow Attack
§ CMOS Level Password Cracking
§ http://www.virus.org/index.php?
§ Pdf Password Crackers
§ Password Cracking Tools
§ Common Recommendations for Improving Password Security
§ Standard Password Advice
Module 19: Network Forensics and Investigating Logs
§ Introduction to Network Forensics
§ Looking for Evidence
§ Log Files as Evidence
§ Records of Regularly Conducted Activity
§ Legality of Using Logs
§ Maintaining Credible IIS Log Files
§ Log File Accuracy
§ Log Everything
§ Keeping Time
§ Use Multiple Logs as Evidence
§ Avoid Missing Logs
§ Log File Authenticity
§ Work with Copies
§ Access Control
§ Chain of Custody
§ Importance of Audit Logs
· How does GFI EventsManager work?
§ Why Synchronize Computer Times?
§ What is NTP Protocol?
§ NIST Time Servers
§ Configuring the Windows Time Service
Module 20: Investigating Network Traffic
§ Network Addressing Schemes
§ Tool: Tcpdump
§ CommView
§ Softperfect Network Sniffer
§ HTTP Sniffer
§ EtherDetect Packet Sniffer
§ OmniPeek
§ Iris Network Traffic Analyzer
§ SmartSniff
§ NetSetMan Tool
§ Evidence Gathering at the Data-link Layer: DHCP database
§ DHCP Log
§ Siemens Monitoring Center
§ Netresident Tool
§ eTrust Network Forensics
§ IDS Policy Manager http://www.activeworx.org
Module 21: Investigating Wireless Attacks
§ Association of Wireless AP and Device
§ Search Warrant for Wireless Networks
§ Key Points to Remember
§ Points You Should Not Overlook while Testing the Wireless Network
§ Methods to Access a Wireless Access Point
· Nmap
· Scanning Wireless Access Points using Nmap
· Rogue Access Point
· Scanning using Airodump
· MAC Address Information
· Airodump: Points to Note
§ Searching for Additional Devices
§ Forcing Associated Devices to Reconnect
§ Check for MAC Filtering
§ Passive Attack
§ Active Attacks on Wireless Networks
§ Investigating Wireless Attacks
Module 22: Investigating Web Attacks
§ Types of Web Attacks
· Investigating Cross-Site Scripting (XSS)
· Anatomy of CSRF Attack
· Pen-testing CSRF Validation Fields
· Investigating Code Injection Attack
· Investigating Cookie Poisoning Attack
· Investigating Buffer Overflow
§ Example of FTP Compromise
§ Acunetix Web Vulnerability Scanner
§ Intrusion Detection
§ CounterStorm-1: Defense against Known, Zero Day and Targeted Attacks
Module 23: Router Forensics
§ Routing Information Protocol
§ Hacking Routers
§ Router Attack Topology
§ Recording your Session
§ Router Logs
§ NETGEAR Router Logs
§ Link Logger
§ Sawmill: Linksys Router Log Analyzer
§ Real Time Forensics
§ Router Audit Tool (RAT)
Module 24: Investigating DoS Attacks
§ DoS Attacks
§ Types of DoS Attacks
§ DDoS Attack
§ DoS Attack Modes
§ Indications of a DoS/DDoS Attack
§ Techniques to Detect DoS Attack
§ Challenges in the Detection of DoS Attack
Module 25: Investigating Internet Crimes
§ Internet Crimes
§ Internet Forensics
§ IP Address
§ Domain Name System (DNS)
§ Email Headers
§ Switch URL Redirection
§ Recovering Information from Web Pages
§ Tool: Grab-a-Site
§ Tool: SurfOffline 1.4
§ Tool: My Offline Browser 1.0 www.newprosoft.com
§ Tool: WayBack Machine
§ HTTP Headers
§ Examining Information in Cookies
§ Tracing Geographical Location of a URL: www.centralops.net
§ NetScanTools Pro
§ Tool: Privoxy http://www.privoxy.org
Module 26: Tracking E-mails and Investigating E-mail Crimes
§ Client and Server in E-mail
§ E-mail Client
§ E-mail Server
§ Real E-mail System
§ Received: Headers
§ Forging Headers
§ List of Common Headers
§ Exchange Message Tracking Center
§ MailDetective Tool
§ U.S. Laws Against Email Crime: CAN-SPAM Act
§ U.S.C. § 2252A
§ U.S.C. § 2252B
§ Email crime law in Washington: RCW 19.190.020
Module 27: Investigating Corporate Espionage
§ Introduction to Corporate Espionage
§ Motives behind Corporate Espionage
§ Information that Corporate Spies Seek
§ Corporate Espionage: Insider/Outsider Threat
§ Techniques of Spying
§ Defense Against Corporate Spying
§ Netspionage
§ Investigating Corporate Espionage Cases
§ Employee Monitoring: Activity Monitor
§ Spy Tool: SpyBuddy
Module 28: Investigating Trademark and Copyright Infringement
§ Characteristics of Trademarks
§ Copyright
§ Copyright Infringement: Plagiarism
§ http://www.ip.com
§ Investigating Intellectual Property
§ US Laws for Trademarks and Copyright
§ Indian Laws for Trademarks and Copyright
§ Japanese Laws for Trademarks and Copyright
§ Australia Laws For Trademarks and Copyright
§ UK Laws for Trademarks and Copyright
Module 29: Investigating sexually harassment incidents
§ Sexual Harassment - Introduction
§ Types of Sexual Harassment
§ Consequences of Sexual Harassment
§ Responsibilities of Supervisors
§ Responsibilities of Employees
§ Complaint Procedures
§ Investigation Process
§ Sexual Harassment Investigations
§ Sexual Harassment Policy
§ Preventive Steps
§ U.S Laws on Sexual Harassment
§ The Laws on Sexual Harassment: Title VII of the 1964 Civil Rights Act
§ The Laws on Sexual Harassment: The Civil Rights Act of 1991
§ The Laws on Sexual Harassment: Equal Protection Clause of the 14th Amendment
§ The Laws on Sexual Harassment: Common Law Torts
§ The Laws on Sexual Harassment: State and Municipal Laws
Module 30: Investigating Child Pornography
§ Introduction to Child Pornography
§ People’s Motive Behind Child Pornography
§ People Involved in Child Pornography
§ Role of Internet in Promoting Child Pornography
§ Effects of Child Pornography on Children
§ Measures to Prevent Dissemination of Child Pornography
§ Challenges in Controlling Child Pornography
§ Guidelines for Investigating Child Pornography Cases
§ Sources of Digital Evidence
§ Antichildporn.org
§ Tools to Protect Children from Pornography: Reveal
§ http://www.projectsafechildhood.gov/
§ Innocent Images National Initiative
§ Internet Crimes Against Children (ICAC)
§ Reports on Child Pornography
§ U.S. Laws against Child Pornography
Module 31: PDA Forensics
§ Features
§ PDA Forensics Steps
§ Tool:
Module 32: iPod Forensics
§ iPod
§ Apple HFS+ and FAT32
§ Application Formats
§ Misuse of iPod
§ iPod Investigation
§ Testing Mac Version
§ Full System Restore as Described in the Users’ Manual
§ Testing Windows Version
§ User Account
§ Calendar and Contact Entries
§ Macintosh Version
§ EnCase
§ Deleted Files
§ Windows Version
§ Registry Key Containing the iPod’s USB/Firewire Serial Number
Module 33: Blackberry Forensics
§ Blackberry: Introduction
§ BlackBerry Functions
§ BlackBerry as Operating System
§ How BlackBerry (RIM) Works
§ BlackBerry Serial Protocol
§ BlackBerry Security
§ BlackBerry Wireless Security
§ Forensics
§ Acquisition
§ Collecting Evidence from Blackberry
§ Review of Evidence
§ Simulator – Screenshot
§ Blackberry Attacks
§ Protecting Stored Data
§ Data Hiding in BlackBerry
§ BlackBerry Signing Authority Tool
Module 34: Investigative Reports
§ Understanding the Importance of Reports
§ Investigating Report Requirements
§ Sample Forensic Report
§ Guidelines for Writing Reports
§ Important Aspects of a Good Report
§ Dos and Don'ts of Forensic Computer Investigations
§ Case Report Writing and Documentation
§ Create a Report to Attach to the Media Analysis Worksheet
§ Investigative Procedures
§ Best Practices for Investigators
Module 35: Becoming an Expert Witness
§ What is Expert Witness
§ Types of Expert Witnesses
§ Scope of Expert Witness Testimony
§ Checklists for Processing Evidence
§ Examining Computer Evidence
§ Dealing with Media
Certification Path
- Computer Hacker Forensic Investigator (CHFI)
Required Exam(s) |
Recommended Training |
|
|---|---|---|
312-49 |
||
Current Technologies Computer Learning Center is an authorized VUE Cisco Testing Center .
For More Information or to Register for Computer
Hacker Forensic Investigator (CHFI) Contact Us
EMail: Sales@ctclc.com
Phone: (219) 764-3800