Our classes are always live and instructor led from our Exton, PA or EPIC Partner locations. Springhouse AnywhereLive options require Internet Access. Select classes are Guaranteed to Run (GTR). View our complete schedule policies.
CHFIv8 presents a detailed methodological approach to computer forensics and evidence analysis. It is a comprehensive course covering major forensic investigation scenarios that enables students to acquire necessary hands-on experience on various forensic investigation techniques and standard forensic tools necessary to successfully carryout a computer forensic investigation leading to prosecution of perpetrators.
Computer hacking forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks. Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. Computer forensic investigators can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information. This includes recovering deleted email, restoring erased images, and more.
This five-day instructor-led course will give participants the necessary skills to identify an intruder's footprints and to properly gather the necessary evidence to prosecute. Many of today's top tools of the forensic trade will be taught during this course, including software, hardware and specialized techniques. The need for businesses to become more efficient and integrated with one another, as well as the home user, has given way to a new type of criminal, the "cyber-criminal." It is no longer a matter of "will your organization be hacked?" but, rather, "when?" Today's battles between corporations, governments, and countries are no longer fought only in the typical arenas of boardrooms or battlefields using physical force. Now the battlefield starts in the technical realm, which ties into most every facet of modern day life. If you or your organization requires the knowledge or skills to identify, track, and prosecute the cybercriminal, then this is the course for you.
This course is intended for information security and law enforcement professionals. Students should be in job roles that are directly responsible for information security.
After completing this course, students will be able to:
- Implement the process of investigating cybercrime, laws involved, and the details in obtaining and executing a search warrant.
- Identify different types of digital evidence, rules of evidence, digital evidence examination process, and electronic crime and digital evidence consideration by crime category.
- Assume the role of first responder to IT security incidents. This includes building and using the first responder toolkit, securing and evaluating electronic crime scene, conducting preliminary interviews, documenting electronic crime scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence and reporting the crime scene.
- Recover deleted files and deleted partitions in Windows, Mac OS X, and Linux.
- Recover deleted email, images, documents, and other files containing relevant evidence.
- Conduct a forensic investigation using Access Data FTK and Encase.
- Identify the use of steganography and its techniques, and conduct steganalysis.
- Analyze image files for forensic data.
- Use password cracking tools and various types of password attacks to investigate password protected file breaches.
- Identify different types of log capturing techniques, log management, time synchronization and log capturing tools.
- Investigate logs, network traffic, wireless attacks, and web attacks.
Prior to attending this course, students must have completed one of the following courses or currently hold the associated certification:
Exams & Certifications
Lesson 1: Computer Forensics in Today's World
Lesson 2: Computer Forensics Investigation Process
Lesson 3: Searching and Seizing of Computers
Lesson 4: Digital Evidence
Lesson 5: First Responder Procedures
Lesson 6: Computer Forensics Lab
Lesson 7: Understanding Hard Disks and File Systems
Lesson 8: Windows Forensics
Lesson 9: Data Acquisition and Duplication
Lesson 10: Recovering Deleted Files and Deleted Partitions
Lesson 11: Forensics Investigations Using AccessData FTK
Lesson 12: Forensics Investigations Using Encase
Lesson 13: Steganography and Image Files Forensics
Lesson 14: Application Password Crackers
Lesson 15: Log Capturing and Event Correlation
Lesson 16: Network Forensics, Investigating Logs and Investigating Network Traffic
Lesson 17: Investigating Wireless Attacks
Lesson 18: Investigating Web Attacks
Lesson 19: Tracking Emails and Investigating Email Crimes
Lesson 20: Mobile Forensics
Lesson 21: Investigative Reports
Lesson 22: Becoming an Expert Witness
*This course is offered through Epic Learning Partners (Centriq Training or Interface TT), an EC-Council Authorized Training Center