EC-Council Computer Hacking Forensic Investigator v9.0 (CHFI) - Virtual Delivery
Request a Class


COURSE COST: $2,995*

COURSE TIMES: 10:00 am - 6:00 pm

Printable version of this course


EC-Council releases the most advanced Computer Forensic Investigation program in the world. CHFIv9 presents a detailed methodological approach to computer forensics and evidence analysis. It is a comprehensive course covering major forensic investigation scenarios that enable students to acquire hands-on experience on various forensic investigation techniques and standard tools necessary to successfully carry-out a computer forensic investigation.


The CHFI program is designed for all IT professionals involved with information system security, computer forensics, and incident response.

It is strongly recommended that you attend the CEH class before enrolling into CHFI program.


vendor course description

*This is a Live Distance Learning (LDL) Course. The instructor will be remote, interacting virtually with the VTEC classroom . Course Cost includes Courseware iLabs and Exam voucher. Course cost does not include Courware (textbook) the cost of lunch. If you have any questions, please contact us ( or 207-775-0244).


Lesson 1: Computer Forensics in Today’s World
Understanding Computer Forensics
Why and When Do You Use Computer Forensics?
Cyber Crime (Types of Computer Crimes)
Case Study
Challenges Cyber Crimes Present For Investigators
Cyber Crime Investigation-Civil v Ciminal , Case Studies, Admin Investigation
Rules of Forensics Investigation - Enterprise Theory of Investigation (ETI)
Understanding Digital Evidence
Types of Digital Evidence
Characteristics of Digital Evidence, Types of Digital Evidence
Role of Digital Evidence
Rules of Evidence, Forensics Readiness,Incident Response Plan

Lesson 2: Computer Forensics Investigation Process
Importance of Computer Forensics Process
Phases Involved in the Computer Forensics Investigation Process
Pre-investigation Phase, Setting Up a Computer Forensics Lab
Planning and Budgeting, Physical Location and Structural Design Considerations
Work Area Considerations, Physical Security Recommendations, Fire-Suppression Systems
Evidence Locker Recommendations, Auditing the Security of a Forensics Lab
Human Resource Considerations, Build a Forensics Workstation
Basic Workstation Requirements in a Forensics Lab, Build a Computer Forensics Toolkit
Forensics Hardware, Forensics Software (Cont’d)
Build the Investigation Team, Forensic Practitioner Certification and Licensing
Review Policies and Laws, Forensics Laws
Establish Quality Assurance Processes, Quality Assurance Practices in Digital Forensics

Lesson 3: Understanding Hard Disks and File Systems
Hard Disk Drive Overview, Disk, Hard Disk Drive (HDD) Solid State Drive (SSD)
Physical Structure of a Hard Disk, Logical Structure of Hard Disk
Types of Hard Disk Interfaces, Hard Disk Interfaces, ATA, SCSI, IDE/EIDE, USB, Fibre Channel,
Tracks, Track Numbering
Sector, Sector Addressing, Advanced Format Sectors
Cluster, Cluster Size, Slack Space, Lost Clusters
Bad Sectors, Understanding Bit, Byte, and Nibble
Hard Disk Data Addressing
Data Densities on a Hard Disk
Disk Capacity Calculation
Measuring the Performance of the Hard Disk
Disk Partitions and Boot Process, Disk Partitions

Lesson 4: Data Acquisition and Duplication
Data Acquisition and Duplication Concepts
Static Acquisition
Validate Data Acquisitions
Acquisition Best Practices

Lesson 5: Defeating Anti-forensics Techniques
What is Anti-Forensics?
Anti-Forensics techniques
Recycle Bin in Windows
File Recovery in MAC OS X
Recovering the Deleted Partitions
Password Protection
Data Hiding in File System Structures
Trail Obfuscation, Rootkits
Artifact Wiping, Minimize Footprint, Tools Bugs, Coutermeasures
Overwriting Data/Metadata, Anti-forensics Tools
Encryption, Encrypted Network Protocols, Program Packers

Lesson 6: Operating System Forensics (Windows, Mac, Linux)
Introduction to OS Forensics
Windows Forensics, Collecting Volatile Information
System Time, Logged-On Users, Open Files, Network Information & Connections
Process Information, Process-to-Port Mapping, Process Memory, Network Status, Print spool files,
Collecting Non-Volatile Information
Analyze the Windows thumbcaches
Windows Memory Analysis
Windows Registry Analysis
Cache, Cookie, and History Analysis
Windows File Analysis, Other Audit Events
Metadata Investigation, Text Based Logs
Forensic Analysis of Event Logs, Linux Forensics, MAC Forensics

Lesson 7: Network Forensics
Introduction to Network Forensics
Fundamental Logging Concepts
Event Correlation Concepts
Network Forensic Readiness
Network Forensics Steps
Network Traffic Investigation
Why Investigate Network Traffic?
Evidence Gathering via Sniffing, Sniffing Tool: Wireshark
Packet Sniffing Tool: Capsa Network Analyzer
Network Packet Analyzer: OmniPeek Network Analyzer, & Observer
Network Packet Analyzer: Capsa Portable Network Analyzer
Documenting the Evidence

Lesson 8: Investigating Web Attacks
Introduction to Web Application Forensics
Web Attack Investigation
Investigating Web Server Logs, Internet Information Services (IIS) Logs
Investigating Apache Logs, Investigating Cross-Site Scripting (XSS)
Investigating XSS: Using Regex to Search XSS Strings
Pen-Testing CSRF Validation Fields
Web Attack Detection Tools
Tools for Locating IP Address
IP Address Locating Tools
WHOIS Lookup Tools

Lesson 9: Database Forensics
Database Forensics and Its Importance
MSSQL Forensics, Structure of the Data Directory
MySQL Forensics, Viewing the Information Schema
MySQL Utility Programs For Forensic Analysis
Common Scenario for Reference
MySQL Forensics for WordPress Website Database: Scenario 1
Collect the Evidences, Examine the Log Files, Take a Backup of the Database
Create an Evidence Database, Select the Database
View the Tables & Users in the Database
View Columns in the Table, Collect the Posts Made by the User
MySQL Forensics for WordPress Website Database: Scenario 2
Collect the Database and all the Logs,Examine the .frm Files & Binary Logs

Lesson 10: Cloud Forensics
Introduction to Cloud Computing
Cloud Forensics, Cloud Forensics: Stakeholders and their Roles
Cloud Crimes
Cloud Forensics Challenges
Investigating Cloud Storage Services
Investigating Dropbox Cloud Storage Service
Investigating Google Drive Cloud Storage Service

Lesson 11: Malware Forensics
Introduction to Malware
Introduction to Malware Forensics
Supporting Tools for Malware Analysis
General Rules for Malware Analysis
Documentation Before Analysis
Types of Malware Analysis
Malware Analysis: Dynamic
Installation & Process Monitor
Files and Folder Monitor, Registry Monitor, Network Activity Monitor
Port Monitor, DNS Monitoring/Resolution, API Calls Monitor
Device Drivers Monitor, Startup Programs Monitor
Windows Services Monitor, Analysis of Malicious Documents, Malware Analysis Challenges

Lesson 12: Investigating Email Crimes
Email System, Clients, Server, SMTP Server, POP3 Server, IMAP Server
Importance of Electronic Records Management
Email Crimes (Email Spamming, Mail Bombing/Mail Storm, Phishing, Email Spoofing, Crime via Chat Room, Identity Fraud/Chain Letter)
Email Message, Steps to Investigate Email Crimes and Violation
Examine E-mail Messages, Acquire Email Archives
Recover Deleted Emails
Examining Email Logs
Examining Linux E-mail Server Logs
Examining Microsoft Exchange E-mail Server Logs
Email Forensics Tools
Laws and Acts against Email Crimes
U.S. Laws Against Email Crime: CAN-SPAM Act

Lesson 13: Mobile Phone Forensics
Mobile Device Forensics, Why Mobile Forensics?
Top Threats Targeting Mobile Devices, Mobile Hardware and Forensics
Mobile OS and Forensics,
Page | 28 Computer Hacking Forensic Investigator Copyright c by EC-Council
Mobile Forensics Process
Packing, Transporting, and Storing the Evidence
Forensics Imaging, Phone Locking, Enabling USB Debugging
Platform Security Removal Techniques: Jailbreaking/Rooting
Mobile Evidence Acquisition, Cellular Network, Subscriber Identity Module (SIM)
Logical , Physical & File System Acquisition
File Carving, SQLite Database Extraction, Android Forensics Analysis
Android Forensics Analysis, iPhone Data Extraction, Examination and Analysis

Lesson 14: Forensics Report Writing and Presentation
Writing Investigation Reports
Expert Witness Testimony
Dealing with Media