Computer Hacking Forensic Investigator – CHFI. v9

EC-Council released the most advanced computer forensic investigation program in the world. This course covers major forensic investigation scenarios that enable you to acquire hands-on experience on various forensic investigation techniques and standard tools necessary to successfully carry-out a computer forensic investigation.

Battles between corporations, governments, and countries are no longer fought using physical force. Cyberwar has begun and the consequences can be seen in everyday life. With the onset of sophisticated cyber-attacks, the need for advanced cybersecurity and investigation training is critical. If you or your organization requires the knowledge or skills to identify, track, and prosecute cybercriminals, then this is the course for you. You will learn how to excel in digital evidence acquisition, handling, and forensically sound analysis. These skills will lead to successful prosecutions in various types of security incidents such as data breaches, corporate espionage, insider threats, and other intricate cases involving computer systems.

Quote a Price


Computer hacking forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks.

Computer crime in today’s cyber world is on the rise. Computer Investigation techniques are being used by police, government, and corporate entities globally and many of them turn to EC-Council for our Digital Forensic Investigator CHFI Certification Program.

Computer Security and Computer investigations are changing terms. More tools are invented daily for conducting Computer Investigations, be it computer crime, digital forensics, computer investigations, or even standard computer data recovery. The tools and techniques covered in EC-Council’s CHFI program will prepare the student to conduct computer investigations using ground-breaking digital forensics technologies.
Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. CHFI investigators can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information known as computer data recovery.


  • The computer forensic investigation process and the various legal issues involved

  • Evidence searching, seizing, and acquisition methodologies in a legal and forensically sound manner

  • Types of digital evidence, rules of evidence, digital evidence examination process, and electronic crime and digital evidence consideration by crime category

  • Roles of the first responder, first responder toolkit, securing and evaluating electronic crime scene, conducting preliminary interviews, documenting electronic crime scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence, and reporting the crime scene

  • Setting up a computer forensics lab and the tools involved in it

  • Various file systems and how to boot a disk

  • Gathering volatile and non-volatile information from Windows

  • Data acquisition and duplication rules

  • Validation methods and tools required

  • Recovering deleted files and deleted partitions in Windows, Mac OS X, and Linux

  • Forensic investigation using AccessData FTK and EnCase

  • Steganography and its techniques

  • Steganalysis and image file forensics

  • Password cracking concepts, tools, and types of password attacks

  • Investigating password protected files

  • Types of log capturing, log management, time synchronization, and log capturing tools

  • Investigating logs, network traffic, wireless attacks, and web attacks

  • Tracking emails and investigate email crimes

  • Mobile forensics and mobile forensics software and hardware tools

  • Writing investigative reports

Who Is It For?

The CHFI program is designed for all IT professionals involved with information system security, computer forensics, and incident response.

Target Audience

  • Defense and Military personnel

  • Banking, Insurance, and other professionals

  • Government agencies

  • IT managers

  • Attorneys, legal consultants, and lawyers

  • Law enforcement officers

  • Police officers

  • Federal/ government agents

  • Detectives/ investigators

  • Incident response team members

  • Information security managers

  • Network defenders

  • IT professionals, IT directors/ managers

  • System/network engineers

  • Security analyst/ architect/ auditors/ consultants


  • EC-Council is one of the few organizations that specialize in information security (IS) to achieve ANSI 17024 accreditation for its Computer Hacking Forensic Investigator certification

  • The CHFI v9 program has been redesigned and updated after thorough investigation including current market requirements, job tasks analysis, and recent industry focus on forensic skills

  • It is designed and developed by experienced subject matter experts and digital forensics practitioners

  • CHFI is a complete vendor-neutral course covering all major forensics investigations technologies and solutions

  • CHFI has detailed labs for the hands-on learning experience. On average, approximately 40% of training time is dedicated to labs

  • It covers all the relevant knowledge-bases and skills to meets regulatory compliance standards Such as ISO 27001, PCI DSS, SOX, HIPPA, etc.

  • The student kit contains a large number of white papers for additional reading

  • The program presents a repeatable forensics investigation methodology required from a versatile digital forensic professional which increases employability

  • The student kit contains several forensics investigation templates for evidence collection, chain-of-custody, final investigation reports, etc.

  • The program comes with cloud-based virtual labs enabling students to practice various investigation techniques in a real-time and simulated environment

What’s New In CHFI v9

  • 14 comprehensive modules and 39 labs

  • More than 40 percent of new labs

  • More than 400 new/updated tools

  • Classroom-friendly curriculum with a diagrammatic representation of concepts and examples

  • New and rich presentation style with eye-catching graphics

  • Coverage of latest operating systems

  • Updated patch management and testing environment

  • Well tested, result-oriented, descriptive, and analytical lab manual to evaluate the presented concepts

Course Outline

CHFI v9 curriculum is a comprehensive course with 14 training modules covering major forensic
investigation scenarios

  • Module 1. Computer Forensics in Today’s World

  • Module 2. Computer Forensics Investigation Process

  • Module 3. Understanding Hard Disks and File Systems

  • Module 4. Data Acquisition and Duplication

  • Module 5. Defeating Anti-Forensics Techniques

  • Module 6. Operating System Forensics

  • Module 7. Network Forensics

  • Module 8. Investigating Web Attacks

  • Module 9. Database Forensics

  • Module 10. Cloud Forensics

  • Module 11. Malware Forensics

  • Module 12. Investigating Email Crimes

  • Module 13. Mobile Forensics

  • Module 14. Forensics Report Writing and Presentation

Course Highlights

  • 14 comprehensive modules and 39 labs
  • More than 40 percent of new labs
  • More than 400 new/updated tools
  • Coverage of latest operating systems
  • Updated patch management and testing environment

Get Quote