Computer Hacking Forensic Investigator (C|HFI)


The CHFI course will give participants the necessary skills to identify an intruder’s footprints and to properly gather the necessary evidence to prosecute. Many of today’s top tools of the forensic trade will be taught during this course, including software, hardware and specialized techniques.


The need for businesses to become more efficient and integrated with one another, as well as the home user, has given way to a new type of criminal, the “cyber-criminal.” It is no longer a matter of “will your organization be comprised (hacked)?” but, rather, “when?” Today’s battles between corporations, governments, and countries are no longer fought only in the typical arenas of boardrooms or battlefields using physical force.


Now the battlefield starts in the technical realm, which ties into most every facet of modern day life. If you or your organization requires the knowledge or skills to identify, track, and prosecute the cyber-criminal, then this is the course for you.


CHFIv8 contains updated information including concepts, methodologies and tools.

The well-organized content enhances the learning experience and ensures better understanding of key concepts and investigation methodologies.

CHFIv8 presents step-by-step procedures,best practices and guidelines to carry out forensic investigation.
Illustration Rich Concepts are well-illustrated to create self-explanatory slides which makes it classroom and instructor friendly.

CHFIv8 provides in-depth knowledge of new techniques and tools used in forensic investigation to meet the toughest challenges in fighting cybercrime.

CHFIv8 showcases hundreds of investigation tools including EnCase, Access Data FTK, and ProDiscover.

CHFIv8 DVD contains a huge cache of evidence files for analysis including RAW, .dd images, video and audio files, MS Office files, systems files etc.

Use of rich Visual Content Technology to present concepts and forensic investigation techniques.

Lab setup manual provides detailed procedures to setup a lab environment complete with network environment, evidence files and other prerequisite tools.

CHFIv8 also provides a DVD-ROM with a repository of the around 8 GB of the latest investigation and security tools.

The CHFI certification is awarded after successfully passing the exam EC0 312-49. CHFI EC0 312-49 exams are available at ECC exam center around the world.

CHFI Exam Details

  • Number of Questions: 150
  • Passing Score: 70%
  • Test Duration: 4 hours
  • Test Format: Multiple choice
  • Test Delivery: ECC exam portal

The CHFI program is designed for all IT professionals involved with information system security, computer forensics, and incident response.

Target Audience

  • Police and other law enforcement personnel
  • Defense and Military personnel
  • e-Business Security professionals
  • Systems administrators
  • Legal professionals
  • Banking, Insurance and other professionals
  • Government agencies
  • IT managers

    • 1 Computer Forensics in Today’s World
    • 2 Computer Forensics Investigation Process
    • 3 Searching and Seizing Computers
    • 4 Digital Evidence
    • 5 First Responder Procedures
    • 6 Computer Forensics Lab
    • 7 Understanding Hard Disks and File Systems
    • 8 Windows Forensics
    • 9 Data Acquisition and Duplication
    • 10 Recovering Deleted Files and Deleted Partitions
    • 11 Forensics Investigation Using AccessData FTK
    • 12 Forensics Investigation Using EnCase
    • 13 Steganography and Image File Forensics
    • 14 Application Password Crackers
    • 15 Log Capturing and Event Correlation
    • 16 Network Forensics, Investigating Logs and Investigating Network Traffic
    • 17 Investigating Wireless Attacks
    • 18 Investigating Web Attacks
    • 19 Tracking Emails and Investigating Email Crimes
    • 20 Mobile Forensics
    • 21 Investigative Reports
    • 22 Becoming an Expert Witness