Home | C|HFI

C|HFI - Computer Hacking Forensic Investigator Certification

EC-Council’s CHFI certifies individuals in the specific security discipline of computer forensics from a vendor-neutral perspective. The CHFI certification will fortify the application knowledge of law enforcement personnel, system administrators, security officers, defense and military personnel, legal professionals, bankers, security professionals, and anyone who is concerned about the integrity of the network infrastructure.

A CHFI v10 certified professional will be able to:

1. Perform incident response and forensics
2. Perform electronic evidence collections
3. Perform digital forensic acquisitions
4. Perform bit-stream Imaging/acquiring of the digital media seized during the process of investigation.
5. Examine and analyze text, graphics, multimedia, and digital images
6. Conduct thorough examinations of computer hard disk drives, and other electronic data storage media
7. Recover information and electronic data from computer hard drives and other data storage devices
8. Follow strict data and evidence handling procedures
9. Maintain audit trail (i.e., chain of custody) and evidence integrity
10. Work on technical examination, analysis and reporting of computer-based evidence
11. Prepare and maintain case files
12. Utilize forensic tools and investigative methods to find electronic data, including Internet use history, word processing documents, images and other files
13. Gather volatile and non-volatile information from Windows, MAC and Linux
14. Recover deleted files and partitions in Windows, Mac OS X, and Linux
15. Perform keyword searches including using target words or phrases
16. Investigate events for evidence of insider threats or attacks
17. Support the generation of incident reports and other collateral
18. Investigate and analyze all response activities related to cyber incidents
19. Plan, coordinate and direct recovery activities and incident analysis tasks
20. Examine all available information and supporting evidence or artefacts related to an incident or event
21. Collect data using forensic technology methods in accordance with evidence handling procedures, including collection of hard copy and electronic documents
22. Conduct reverse engineering for known and suspected malware files
23. Perform detailed evaluation of the data and any evidence of activity in order to analyze the full circumstances and implications of the event
24. Identify data, images and/or activity which may be the target of an internal investigation
25. Establish threat intelligence and key learning points to support pro-active profiling and scenario modelling
26. Search file slack space where PC type technologies are employed
27. File MAC times (Modified, Accessed, and Create dates and times) as evidence of access and event sequences
28. Examine file type and file header information
29. Review e-mail communications including web mail and Internet Instant Messaging programs
30. Examine the Internet browsing history
31. Generate reports which detail the approach, and an audit trail which documents actions taken to support the integrity of the internal investigation process
32. Recover active, system and hidden files with date/time stamp information
33. Crack (or attempt to crack) password protected files
34. Perform anti-forensics detection
35. Maintain awareness and follow laboratory evidence handling, evidence examination, laboratory safety, and laboratory security policy and procedures
36. Play a role of first responder by securing and evaluating a cybercrime scene, conducting preliminary interviews, documenting crime scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence, reporting of the crime scene
37. Perform post-intrusion analysis of electronic and digital media to determine the who, where, what, when, and how the intrusion occurred
38. Apply advanced forensic tools and techniques for attack reconstruction
39. Perform fundamental forensic activities and form a base for advanced forensics
40. Identify and check the possible source/incident origin
41. Perform event co-relation
42. Extract and analyze logs from various devices such as proxies, firewalls, IPSes, IDSes, Desktops, laptops, servers, SIM tools, routers, switches, AD servers, DHCP servers, Access Control Systems, etc.
43. Ensure that reported incident or suspected weaknesses, malfunctions and deviations are handled with confidentiality
44. Assist in the preparation of search and seizure warrants, court orders, and subpoenas
45. Provide expert witness testimony in support of forensic examinations conducted by the examiner

Cyber security as a profession has seen tremendous growth over the past 10 years and EC-Council has been on the leading edge of this profession. Practices in Network Defense, Ethical Hacking, and Penetration Testing have proven to be the pillars of cyber security teams across the globe and Digital Forensics is no exception. Whether you operate a team of 2 or 2,000 to tackle Cyber issues facing your organization, digital forensics must be a part of the equation as a critical skill and daily practice.