Course Code: 829

EC-Council Computer Hacking Forensic Investigator v9.0 (CHFI) - Virtual Delivery

Class Dates:
5/20/2019
Length:
5 Days
Cost:
$2,995*
Class Time:
Technology:
Security,ec-council
Delivery:
Virtual Instructor-Led Training, Instructor-Led Training

Overview

  • Course Overview
  • EC-Council releases the most advanced Computer Forensic Investigation program in the world. CHFIv9 presents a detailed methodological approach to computer forensics and evidence analysis. It is a comprehensive course covering major forensic investigation scenarios that enable students to acquire hands-on experience on various forensic investigation techniques and standard tools necessary to successfully carry-out a computer forensic investigation.
  • Audience
  • The CHFI program is designed for all IT professionals involved with information system security, computer forensics, and incident response.

Prerequisites

Course Details

  • Lesson 1: Computer Forensics in Today’s World
  • Understanding Computer Forensics
  • Why and When Do You Use Computer Forensics?
  • Cyber Crime (Types of Computer Crimes)
  • Case Study
  • Challenges Cyber Crimes Present For Investigators
  • Cyber Crime Investigation-Civil v Ciminal , Case Studies, Admin Investigation
  • Rules of Forensics Investigation - Enterprise Theory of Investigation (ETI)
  • Understanding Digital Evidence
  • Types of Digital Evidence
  • Characteristics of Digital Evidence, Types of Digital Evidence
  • Role of Digital Evidence
  • Rules of Evidence, Forensics Readiness,Incident Response Plan
  • Lesson 2: Computer Forensics Investigation Process
  • Importance of Computer Forensics Process
  • Phases Involved in the Computer Forensics Investigation Process
  • Pre-investigation Phase, Setting Up a Computer Forensics Lab
  • Planning and Budgeting, Physical Location and Structural Design Considerations
  • Work Area Considerations, Physical Security Recommendations, Fire-Suppression Systems
  • Evidence Locker Recommendations, Auditing the Security of a Forensics Lab
  • Human Resource Considerations, Build a Forensics Workstation
  • Basic Workstation Requirements in a Forensics Lab, Build a Computer Forensics Toolkit
  • Forensics Hardware, Forensics Software (Cont’d)
  • Build the Investigation Team, Forensic Practitioner Certification and Licensing
  • Review Policies and Laws, Forensics Laws
  • Establish Quality Assurance Processes, Quality Assurance Practices in Digital Forensics
  • Lesson 3: Understanding Hard Disks and File Systems
  • Hard Disk Drive Overview, Disk, Hard Disk Drive (HDD) Solid State Drive (SSD)
  • Physical Structure of a Hard Disk, Logical Structure of Hard Disk
  • Types of Hard Disk Interfaces, Hard Disk Interfaces, ATA, SCSI, IDE/EIDE, USB, Fibre Channel,
  • Tracks, Track Numbering
  • Sector, Sector Addressing, Advanced Format Sectors
  • Cluster, Cluster Size, Slack Space, Lost Clusters
  • Bad Sectors, Understanding Bit, Byte, and Nibble
  • Hard Disk Data Addressing
  • Data Densities on a Hard Disk
  • Disk Capacity Calculation
  • Measuring the Performance of the Hard Disk
  • Disk Partitions and Boot Process, Disk Partitions
  • Lesson 4: Data Acquisition and Duplication
  • Data Acquisition and Duplication Concepts
  • Static Acquisition
  • Validate Data Acquisitions
  • Acquisition Best Practices
  • Lesson 5: Defeating Anti-forensics Techniques
  • What is Anti-Forensics?
  • Anti-Forensics techniques
  • Recycle Bin in Windows
  • File Recovery in MAC OS X
  • Recovering the Deleted Partitions
  • Password Protection
  • Steganography
  • Data Hiding in File System Structures
  • Trail Obfuscation, Rootkits
  • Artifact Wiping, Minimize Footprint, Tools Bugs, Coutermeasures
  • Overwriting Data/Metadata, Anti-forensics Tools
  • Encryption, Encrypted Network Protocols, Program Packers
  • Lesson 6: Operating System Forensics (Windows, Mac, Linux)
  • Introduction to OS Forensics
  • Windows Forensics, Collecting Volatile Information
  • System Time, Logged-On Users, Open Files, Network Information & Connections
  • Process Information, Process-to-Port Mapping, Process Memory, Network Status, Print spool files,
  • Collecting Non-Volatile Information
  • Analyze the Windows thumbcaches
  • Windows Memory Analysis
  • Windows Registry Analysis
  • Cache, Cookie, and History Analysis
  • Windows File Analysis, Other Audit Events
  • Metadata Investigation, Text Based Logs
  • Forensic Analysis of Event Logs, Linux Forensics, MAC Forensics
  • Lesson 7: Network Forensics
  • Introduction to Network Forensics
  • Fundamental Logging Concepts
  • Event Correlation Concepts
  • Network Forensic Readiness
  • Network Forensics Steps
  • Network Traffic Investigation
  • Why Investigate Network Traffic?
  • Evidence Gathering via Sniffing, Sniffing Tool: Wireshark
  • Packet Sniffing Tool: Capsa Network Analyzer
  • Network Packet Analyzer: OmniPeek Network Analyzer, & Observer
  • Network Packet Analyzer: Capsa Portable Network Analyzer
  • Documenting the Evidence
  • Lesson 8: Investigating Web Attacks
  • Introduction to Web Application Forensics
  • Web Attack Investigation
  • Investigating Web Server Logs, Internet Information Services (IIS) Logs
  • Investigating Apache Logs, Investigating Cross-Site Scripting (XSS)
  • Investigating XSS: Using Regex to Search XSS Strings
  • Pen-Testing CSRF Validation Fields
  • Web Attack Detection Tools
  • Tools for Locating IP Address
  • IP Address Locating Tools
  • WHOIS Lookup Tools
  • Lesson 9: Database Forensics
  • Database Forensics and Its Importance
  • MSSQL Forensics, Structure of the Data Directory
  • MySQL Forensics, Viewing the Information Schema
  • MySQL Utility Programs For Forensic Analysis
  • Common Scenario for Reference
  • MySQL Forensics for WordPress Website Database: Scenario 1
  • Collect the Evidences, Examine the Log Files, Take a Backup of the Database
  • Create an Evidence Database, Select the Database
  • View the Tables & Users in the Database
  • View Columns in the Table, Collect the Posts Made by the User
  • MySQL Forensics for WordPress Website Database: Scenario 2
  • Collect the Database and all the Logs,Examine the .frm Files & Binary Logs
  • Lesson 10: Cloud Forensics
  • Introduction to Cloud Computing
  • Cloud Forensics, Cloud Forensics: Stakeholders and their Roles
  • Cloud Crimes
  • Cloud Forensics Challenges
  • Investigating Cloud Storage Services
  • Investigating Dropbox Cloud Storage Service
  • Investigating Google Drive Cloud Storage Service
  • Lesson 11: Malware Forensics
  • Introduction to Malware
  • Introduction to Malware Forensics
  • Supporting Tools for Malware Analysis
  • General Rules for Malware Analysis
  • Documentation Before Analysis
  • Types of Malware Analysis
  • Malware Analysis: Dynamic
  • Installation & Process Monitor
  • Files and Folder Monitor, Registry Monitor, Network Activity Monitor
  • Port Monitor, DNS Monitoring/Resolution, API Calls Monitor
  • Device Drivers Monitor, Startup Programs Monitor
  • Windows Services Monitor, Analysis of Malicious Documents, Malware Analysis Challenges
  • Lesson 12: Investigating Email Crimes
  • Email System, Clients, Server, SMTP Server, POP3 Server, IMAP Server
  • Importance of Electronic Records Management
  • Email Crimes (Email Spamming, Mail Bombing/Mail Storm, Phishing, Email Spoofing, Crime via Chat Room, Identity Fraud/Chain Letter)
  • Email Message, Steps to Investigate Email Crimes and Violation
  • Examine E-mail Messages, Acquire Email Archives
  • Recover Deleted Emails
  • Examining Email Logs
  • Examining Linux E-mail Server Logs
  • Examining Microsoft Exchange E-mail Server Logs
  • Email Forensics Tools
  • Laws and Acts against Email Crimes
  • U.S. Laws Against Email Crime: CAN-SPAM Act
  • Lesson 13: Mobile Phone Forensics
  • Mobile Device Forensics, Why Mobile Forensics?
  • Top Threats Targeting Mobile Devices, Mobile Hardware and Forensics
  • Mobile OS and Forensics,
  • Page | 28 Computer Hacking Forensic Investigator Copyright c by EC-Council
  • Mobile Forensics Process
  • Packing, Transporting, and Storing the Evidence
  • Forensics Imaging, Phone Locking, Enabling USB Debugging
  • Platform Security Removal Techniques: Jailbreaking/Rooting
  • Mobile Evidence Acquisition, Cellular Network, Subscriber Identity Module (SIM)
  • Logical , Physical & File System Acquisition
  • File Carving, SQLite Database Extraction, Android Forensics Analysis
  • Android Forensics Analysis, iPhone Data Extraction, Examination and Analysis
  • Lesson 14: Forensics Report Writing and Presentation
  • Writing Investigation Reports
  • Expert Witness Testimony
  • Deposition
  • Dealing with Media