CHFI 9.0 | Computer Hacking Forensic Investigator Certification in India

Computer forensic is the collection, preservation, analysis, identification and presentation of computer related evidence that can be used in criminal cases for the purpose of taking the criminal proceedings forward.

In other words Computer Hacking Forensic Investigation or CHFI is discovering hacking attacks and collecting evidence to report the crime and conduct audits as a precaution to future attacks.

CHFI presents a methodological approach to computer forensics including searching and seizing, chain-of-custody, acquisition, preservation, analysis and reporting of digital evidence.

CHFI services are sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. CHFI investigators may take the help of a number of ways for discovering data inside a computer system, or recovering deleted, encrypted, or damaged file information known as computer data recovery.

Computer Security and Computer Investigations are fast changing. More and more tools are invented daily for conducting Computer Investigations, be it computer crime, digital forensics, computer investigations, or even standard computer data recovery. The tools and techniques covered in CHFI program will prepare the student to conduct computer investigations using innovative digital forensic technologies.

5.0
Course Rating

View All Reviews »

1000+
Students Enrolled and Counting…

Full List of Alumni »

Why learn CHFI 9.0 - Computer Hacking Forensic Investigator?

Using
Steganography

Course Syllabus »

Password Cracking
Concepts

LOG Capturing
Techniques

Tracking
Emails

Jobs »

Duration

40 hours - 2 classes per week

Eligibility

Basic knowledge of Hardware, Software & Network. Prior completion of CEH training would be an advantage.

Course Fees

Class Room Training

Rs.38,000/-
Inclusive of all taxes

Online Training

Rs.44,000/-
Inclusive of all taxes

What You Will Get?

40 Hours
of in depth training in lab environment by the EC Council certified instructors and best cyber security and computer forensic experts

Study Materials
Voucher code from EC Council, Tools and Software

CHFI 9.0
Certificate of Completetion after examination and alumni status

Enroll Into The Course » Pay & Book Your Seat »

Course Benefits:

Using Steganography: studying message detection that was hidden with steganography techniques
LOG Capturing Techniques: time synchronization techniques and also the use of log capturing tools
Tracking Emails: to combat email crimes
Becoming a certified computer / digital forensic investigator
Covering all major forensic investigations, technologies and solutions
Gathering and analysis of cybercrime evidence to find out the source for prosecution
Getting detailed hands-on learning experience
Getting exclusive job opportunities in government and corporate sector

Course Details

The duration of the course is 40 hours - 2 Classes per week
The course fee is Rs.32,000/- for Classroom and Rs.42,000/- for online
The course is taught in theory as well as practical
The course is designed and developed for digital forensic practitioners
A complete computer/digital forensic investigation technologies and solutions guide
Detailed labs for hands-on learning experience
Covers all the relevant knowledge-bases and skills to meets government and corporate standards
The program presents a repeatable forensic investigation methodology required from a versatile digital forensic professional which increases your employability

About the Exam

Exam Prefix: 312-49 (ECC EXAM)
Number of Questions: 150
Test Duration: 4 Hours
Test Format: Multiple Choice
Passing Score: Cut scores can range from 60% to 85%

Module 01: Computer Forensics in Today's World 2 Hours - 7 Topics

Forensics Science (Day 1)
Computer Forensics (Day 1)
- Security Incident Report
- Aspects of Organizational Security
- Evolution of Computer Forensics
- Objective of Computer Forensics
- Need for Compute Forensics
Forensics Readiness (Day 1)
- Benefits of Forensics Readiness
- Goals of Forensics Readiness
- Forensics Readiness Planning
Cyber Crime (Day 1)
- Computer Facilitated Crimes
- Modes of Attacks
- Examples of Cyber Crime
- Types of Computer Crimes
- Cyber Criminals
- Organized Cyber Crime: Organizational Chart
- How Serious are Different Types of Incidents?
- Disruptive Incidents to the Business
- Cost Expenditure Responding to the Security Incident
Cyber Crime Investigation (Day 1)
- Key Steps in Forensics Investigation
- Rules of Forensics Investigation
- Need for Forensics Investigator
- Role of Forensics Investigator
- Accessing Computer Forensics Resources
- Role of Digital Evidence
Corporate Investigations (Day 1)
- Understanding Corporate Investigations
- Approach to Forensics Investigation: A Case Study
- Instructions for the Forensic Investigator to Approach the Crime Scene
- Why and When Do You Use Computer Forensics?
- Enterprise Theory of Investigation (ETI)
- Legal Issues
- Reporting the Results
Reporting a Cyber Crime (Day 1)
- Why you Should Report Cybercrime?
- Reporting Computer-Related Crimes
- Person Assigned to Report the Crime
- When and How to Report an Incident?
- Who to Contact at the Law Enforcement?
- Federal Local Agents Contact
- More Contacts
- CIO Cyberthreat Report Form

Module 2: Computer Forensic Investigation Understanding Hard disk and file systems 2 Hours - 3 Topics

Investigating Computer Crime (Day 2)
- Before the Investigation
- Build a Forensics Workstation
- Building the Investigation Team
- People Involved in Computer Forensics
- Review Policies and Laws
- Forensics Laws
- Notify Decision Makers and Acquire Authorization
- Risk Assessment
- Build a Computer Investigation Toolkit
Steps to Prepare for a Computer Forensics Investigation (Day 2)
Computer Forensics Investigation Methodology (Day 2)
- Obtain Search Warrant
  - Example of Search Warrant
  - Searches Without a Warrant
- Evaluate and Secure the Scene
  - Forensics Photography
  - Gather the Preliminary Information at the Scene
  - First Responder
- Collect the Evidence
  - Collect Physical Evidence
    - Evidence Collection Form
  - Collect Electronic Evidence
  - Guidelines for Acquiring Evidence
- Secure the Evidence
  - Evidence Management
  - Chain of Custody
    - Chain of Custody Form
- Acquire the Data
  - Duplicate the Data (Imaging)
  - Verify Image Integrity
    - MD5 Hash Calculators: HashCalc, MD5 Calculator and HashMyFiles
  - Recover Lost or Deleted Data
    - Data Recovery Software
- Analyze the Data
  - Data Analysis
  - Data Analysis Tools
- Assess Evidence and Case
  - Evidence Assessment
  - Case Assessment
  - Processing Location Assessment
  - Best Practices to Assess the Evidence
- Prepare the Final Report
  - Documentation in Each Phase
  - Gather and Organize Information
  - Writing the Investigation Report
  - Sample Report
- Testifying as an Expert Witness
  - Expert Witness
  - Testifying in the Court Room
  - Closing the Case
  - Maintaining Professional Conduct
  - Investigating a Company Policy Violation
  - Computer Forensics Service Providers

Module 3: Data Acquisition and Duplication 2 Hours - 8 Topics

Data Acquisition and Duplication Concepts (Day 3)
- Data Acquisition
- Forensic and Procedural Principles
- Types of Data Acquisition Systems
- Data Acquisition Formats
- Bit Stream vs. Backups
- Why to Create a Duplicate Image?
- Issues with Data Duplication
- Data Acquisition Methods
- Determining the Best Acquisition Method
- Contingency Planning for Image Acquisitions
- Data Acquisition Mistakes
Data Acquisition Types (Day 3)
- Rules of Thumb
- Static Data Acquisition
  - Collecting Static Data
  - Static Data Collection Process
- Live Data Acquisition
  - Why Volatile Data is Important?
  - Volatile Data
  - Order of Volatility
  - Common Mistakes in Volatile Data Collection
  - Volatile Data Collection Methodology
  - Basic Steps in Collecting Volatile Data
  - Types of Volatile Information
Disk Acquisition Tool Requirements (Day 3)
- Disk Imaging Tool Requirements
- Disk Imaging Tool Requirements: Mandatory
- Disk Imaging Tool Requirements: Optional
Validation Methods (Day 3)
- Validating Data Acquisitions
- Linux Validation Methods
- Windows Validation Methods
RAID Data Acquisition (Day 3)
- Understanding RAID Disks
- Acquiring RAID Disks
- Remote Data Acquisition
Acquisition Best Practices (Day 3)
- Acquisition Best Practices
Data Acquisition Software Tools (Day 3)
- Acquiring Data on Windows
- Acquiring Data on Linux
- dd Command
- dcfldd Command
- Extracting the MBR
- Netcat Command
- EnCase Forensic
- Analysis Software: DriveSpy
- ProDiscover Forensics
- AccessData FTK Imager
- Mount Image Pro
- Data Acquisition Toolbox
- SafeBack
- ILookPI
- RAID Recovery for Windows
- R-Tools R-Studio
- F-Response
- PyFlag
- LiveWire Investigator
- ThumbsDisplay
- DataLifter
- X-Ways Forensics
- R-drive Image
- DriveLook
- DiskExplorer
- P2 eXplorer Pro
- Flash Retriever Forensic Edition
Data Acquisition Hardware Tools (Day 3)
- US-LATT
- Image MASSter: Solo-4 (Super Kit)
- Image MASSter: RoadMASSter- 3
- Tableau TD1 Forensic Duplicator
- Logicube: Forensic MD5
- Logicube: Portable Forensic Lab™
- Logicube: Forensic Talon®
- Logicube: RAID I/O Adapter™
- DeepSpar: Disk Imager Forensic Edition
- Logicube: USB Adapter
- Disk Jockey PRO
- Logicube: Forensic Quest-2®
- Logicube: CloneCard Pro
- Logicube: EchoPlus
- Paraben Forensics Hardware: Chat Stick
- Image MASSter: Rapid Image 7020CS IT
- Digital Intelligence Forensic Hardware: UltraKit
- Digital Intelligence Forensic Hardware: UltraBay II
- Digital Intelligence Forensic Hardware: UltraBlock SCSI
- Digital Intelligence Forensic Hardware: HardCopy 3P
- Wiebetech: Forensics DriveDock v4
- Wiebetech: Forensics UltraDock v4
- Image MASSter: WipeMASSter
- Image MASSter: WipePRO
- Portable Forensic Systems and Towers: Forensic Air-Lite V MK III
- Forensic Tower IV Dual Xeon
- Digital Intelligence Forensic Hardware: FREDDIE
- DeepSpar: 3D Data Recovery
  - Phase 1 Tool: PC-3000 Drive Restoration System
  - Phase 2 Tool: DeepSpar Disk Imager
  - Phase 3 Tool: PC-3000 Data Extractor
- Logicube
  - Cables
  - Adapters
  - GPStamp™
  - OmniPort
  - CellDEK®
- Paraben Forensics Hardware
  - Project-a-Phone
  - Mobile Field Kit
  - iRecovery Stick
- CelleBrite
  - UFED System
  - UFED Physical Pro

Module 4: Volatile Memory Forensic 2 Hours - Day 4

Module 5: Defeating Anti forensic technique4 Hours - Day 5 & 6

Module 6: Operating system Forensic 2 Hours - Day 7

Module 7: Windows forensic 3 Hours - 13 Topics

Collecting Volatile Information (Day 8)
- Volatile Information
  - System Time
    - Logged-on Users
    - Psloggedon
    - Net Sessions Command
    - Logonsessions Tool
  - Open Files
    - Net File Command
    - PsFile Command
    - OpenFiles Command
  - Network Information
  - Network Connections
  - Process Information
  - Process-to-Port Mapping
  - Process Memory
  - Network Status
  - Other Important Information
Collecting Non-volatile Information (Day 8)
- Non-volatile Information
  - Examine File Systems
  - Registry Settings
  - Microsoft Security ID
  - Event Logs
  - Index.dat File
  - Devices and Other Information
  - Slack Space
  - Virtual Memory
  - Swap File
  - Windows Search Index
  - Collecting Hidden Partition Information
  - Hidden ADS Streams
    - Investigating ADS Streams: StreamArmor
  - Other Non-Volatile Information
Windows Memory Analysis (Day 8)
- Memory Dump
- EProcess Structure
- Process Creation Mechanism
- Parsing Memory Contents
- Parsing Process Memory
- Extracting the Process Image
- Collecting Process Memory
Windows Registry Analysis (Day 8)
- Inside the Registry
- Registry Structure within a Hive File
- The Registry as a Log File
- Registry Analysis
- System Information
- TimeZone Information
- Shares
- Audit Policy
- Wireless SSIDs
- Autostart Locations
- System Boot
- User Login
- User Activity
- Enumerating Autostart Registry Locations
- USB Removable Storage Devices
- Mounted Devices
- Finding Users
- Tracking User Activity
- The UserAssist Keys
- MRU Lists
- Search Assistant
- Connecting to Other Systems
- Analyzing Restore Point Registry Settings
- Determining the Startup Locations
Cache, Cookie, and History Analysis (Day 8)
- Cache, Cookie, and History Analysis in IE
- Cache, Cookie, and History Analysis in Firefox
- Cache, Cookie, and History Analysis in Chrome
- Analysis Tools
  - IE Cookies View
  - IE Cache View
  - IE History Viewer
  - MozillaCookiesView
  - MozillaCacheView
  - MozillaHistoryView
  - ChromeCookiesView
  - ChromeCacheView
  - ChromeHistoryView
MD5 Calculation (Day 8)
- Message Digest Function: MD5
- Why MD5 Calculation?
- MD5 Hash Calculators: HashCalc, MD5 Calculator and HashMyFiles
- MD5 Checksum Verifier
- ChaosMD5
Windows File Analysis (Day 8)
- Recycle Bin
- System Restore Points (Rp.log Files)
- System Restore Points (Change.log.x Files)
- Prefetch Files
- Shortcut Files
- Word Documents
- PDF Documents
- Image Files
- File Signature Analysis
- NTFS Alternate Data Streams
- Executable File Analysis
- Documentation Before Analysis
- Static Analysis Process
- Search Strings
- PE Header Analysis
- Import Table Analysis
- Export Table Analysis
- Dynamic Analysis Process
- Creating Test Environment
- Collecting Information Using Tools
- Process of Testing the Malware
Metadata Investigation (Day 8)
- Metadata
- Types of Metadata
- Metadata in Different File Systems
- Metadata in PDF Files
- Metadata in Word Documents
- Tool: Metadata Analyzer
Text Based Logs (Day 8)
- Understanding Events
- Event Logon Types
- Event Record Structure
- Vista Event Logs
- IIS Logs
  - Parsing IIS Logs
- Parsing FTP Logs
  - FTP sc-status Codes
- Parsing DHCP Server Logs
- Parsing Windows Firewall Logs
- Using the Microsoft Log Parser
Other Audit Events (Day 8)
- Evaluating Account Management Events
- Examining Audit Policy Change Events
- Examining System Log Entries
- Examining Application Log Entries
Forensic Analysis of Event Logs (Day 9)
- Searching with Event Viewer
- Using EnCase to Examine Windows Event Log Files
- Windows Event Log Files Internals
Windows Password Issues (Day 9)
- Understanding Windows Password Storage
- Cracking Windows Passwords Stored on Running Systems
- Exploring Windows Authentication Mechanisms
  - LanMan Authentication Process
  - NTLM Authentication Process
  - Kerberos Authentication Process
- Sniffing and Cracking Windows Authentication Exchanges
- Cracking Offline Passwords
Forensic Tools (Day 9)
- Windows Forensics Tool: OS Forensics
- Windows Forensics Tool: Helix3 Pro
- Integrated Windows Forensics Software: X-Ways Forensics
- X-Ways Trace
- Windows Forensic Toolchest (WFT)
- Built-in Tool: Sigverif
- Computer Online Forensic Evidence Extractor (COFEE)
- System Explorer
- Tool: System Scanner
- SecretExplorer
- Registry Viewer Tool: Registry Viewer
- Registry Viewer Tool: RegScanner
- Registry Viewer Tool: Alien Registry Viewer
- MultiMon
- CurrProcess
- Process Explorer
- Security Task Manager
- PrcView
- ProcHeapViewer
- Memory Viewer
- Tool: PMDump
- Word Extractor
- Belkasoft Evidence Center
- Belkasoft Browser Analyzer
- Metadata Assistant
- HstEx
- XpoLog Center Suite
- LogViewer Pro
- Event Log Explorer
- LogMeister
- ProDiscover Forensics
- PyFlag
- LiveWire Investigator
- ThumbsDisplay
- DriveLook

Module 8: Linux Forensic 1 Hour - Day 9

Module 9: Deleted file recovery 1 Hour - Day 10

Module 10: Metadata Extraction 1 Hour - Day 10

Module 11: Event log Analysis 1 Hour - Day 11

Module 12: Registry Analysis 1 Hour - Day 12

Module 13: Network Forensics 2 Hours - 7 Topics

Network Forensics (Day 12)
- Network Forensics
- Network Forensics Analysis Mechanism
- Network Addressing Schemes
- Overview of Network Protocols
- Overview of Physical and Data-Link Layer of the OSI Model
- Overview of Network and Transport Layer of the OSI Model
- OSI Reference Model
- TCP/ IP Protocol
- Intrusion Detection Systems (IDS) and ??heir Placement
  - How IDS Works
  - Types of Intrusion Detection Systems
  - General Indications of Intrusions
- Firewall
- Honeypot
Network Attacks (Day 12)
- Network Vulnerabilities
- Types of Network Attacks
  - IP Address Spoofing
  - Man-in-the-Middle Attack
  - Packet Sniffing
    - How a Sniffer Works
  - Enumeration
  - Denial of Service Attack
  - Session Sniffing
  - Buffer Overflow
  - Trojan Horse
Log Injection Attacks (Day 12)
- New Line Injection Attack
  - New Line Injection Attack Countermeasure
- Separator Injection Attack
  - Defending Separator Injection Attacks
- Timestamp Injection Attack
  - Defending Timestamp Injection Attacks
- Word Wrap Abuse Attack
  - Defending Word Wrap Abuse Attacks
- HTML Injection Attack
  - Defending HTML Injection Attacks
- Terminal Injection Attack
  - Defending Terminal Injection Attacks
Investigating and Analyzing Logs (Day 12)
- Postmortem and Real-Time Analysis
- Where to Look for Evidence
- Log Capturing Tool: ManageEngine EventLog Analyzer
- Log Capturing Tool: ManageEngine Firewall Analyzer
- Log Capturing Tool: GFI EventsManager
- Log Capturing Tool: Kiwi Syslog Server
- Handling Logs as Evidence
- Log File Authenticity
- Use Signatures, Encryption, and Checksums
- Work with Copies
- Ensure System’s Integrity
- Access Control
- Chain of Custody
- Condensing Log File
Investigating Network Traffic (Day 12)
- Why Investigate Network Traffic?
- Evidence Gathering via Sniffing
- Capturing Live Data Packets Using Wireshark
  - Display Filters in Wireshark
  - Additional Wireshark Filters
- Acquiring Traffic Using DNS Poisoning Techniques
  - Intranet DNS Spoofing (Local Network)
  - Intranet DNS Spoofing (Remote Network)
  - Proxy Server DNS Poisoning
  - DNS Cache Poisoning
- Evidence Gathering from ARP Table
- Evidence Gathering at the Data-Link Layer: DHCP Database
- Gathering Evidence by IDS
Traffic Capturing and Analysis Tools (Day 13)
- NetworkMiner
- Tcpdump/Windump
- Intrusion Detection Tool: Snort
  - How Snort Works
- IDS Policy Manager
- MaaTec Network Analyzer
- Iris Network Traffic Analyzer
- NetWitness Investigator
- Colasoft Capsa Network Analyzer
- Sniff - O - Matic
- NetResident
- Network Probe
- NetFlow Analyzer
- OmniPeek Network Analyzer
- Firewall Evasion Tool: Traffic IQ Professional
- NetworkView
- CommView
- Observer
- SoftPerfect Network Protocol Analyzer
- EffeTech HTTP Sniffer
- Big-Mother
- EtherDetect Packet Sniffer
- Ntop
- EtherApe
- AnalogX Packetmon
- IEInspector HTTP Analyzer
- SmartSniff
- Distinct Network Monitor
- Give Me Too
- EtherSnoop
- Show Traffic
- Argus
Documenting the Evidence Gathered on a Network (Day 13)

Module 14: Investigating Web Attacks 2 Hours - 6 Topics

Introduction to Web Applications and Webservers (Day 13)
- Introduction to Web Applications
- Web Application Components
- How Web Applications Work
- Web Application Architecture
- Open Source Webserver Architecture
- Indications of a Web Attack
- Web Attack Vectors
- Why Web Servers are Compromised
- Impact of Webserver Attacks
- Website Defacement
- Case Study
Web Logs (Day 13)
- Overview of Web Logs
- Application Logs
- Internet Information Services (IIS) Logs
  - IIS Webserver Architecture
  - IIS Log File Format
- Apache Webserver Logs
- DHCP Server Logs
Web Attacks (Day 13)
- Web Attacks - 1
- Web Attacks - 2
Web Attack Investigation (Day 14)
- Investigating Web Attacks
- Investigating Web Attacks in Windows-Based Servers
- Investigating IIS Logs
- Investigating Apache Logs
- Example of FTP Compromise
- Investigating FTP Servers
- Investigating Static and Dynamic IP Addresses
- Sample DHCP Audit Log File
- Investigating Cross-Site Scripting (XSS)
- Investigating SQL Injection Attacks
- Pen-Testing CSRF Validation Fields
- Investigating Code Injection Attack
- Investigating Cookie Poisoning Attack
- Detecting Buffer Overflow
- Investigating Authentication Hijacking
- Web Page Defacement
- Investigating DNS Poisoning
- Intrusion Detection
- Security Strategies to Web Applications
- Checklist for Web Security
Web Attack Detection Tools (Day 14)
- Web Application Security Tools
  - Acunetix Web Vulnerability Scanner
  - Falcove Web Vulnerability Scanner
  - Netsparker
  - N-Stalker Web Application Security Scanner
  - Sandcat
  - Wikto
  - WebWatchBot
  - OWASP ZAP
  - SecuBat Vulnerability Scanner
  - Websecurify
  - HackAlert
  - WebCruiser
- Web Application Firewalls
  - dotDefender
  - IBM AppScan
  - ServerDefender VP
- Web Log Viewers
  - Deep Log Analyzer
  - WebLog Expert
  - AlterWind Log Analyzer
  - Webalizer
  - eWebLog Analyzer
  - Apache Logs Viewer (ALV)
- Web Attack Investigation Tools
  - AWStats
  - Paros Proxy
  - Scrawlr
Tools for Locating IP Address (Day 14)
- Whois Lookup
- SmartWhois
- ActiveWhois
- LanWhois
- CountryWhois
- CallerIP
- Hide Real IP
- IP - Address Manager
- Pandora FMS

Module 15: Database Forensics 2 Hours - Day 14 & 15

Module 16: Cloud Forensics 2 Hours - Day 15 & 16

Module 17: Malware Forensics 2 Hours - Day 16 & 17

Module 18: Investigating EMail Crimes 2 Hours - 6 Topics

Email System Basics (Day 17)
- Email Terminology
- Email System
- Email Clients
- Email Server
- SMTP Server
- POP3 and IMAP Servers
- Email Message
- Importance of Electronic Records Management
Email Crimes (Day 17)
- Email Crime
- Email Spamming
- Mail Bombing/Mail Storm
- Phishing
- Email Spoofing
- Crime via Chat Room
- Identity Fraud/Chain Letter
Email Headers (Day 17)
- Examples of Email Headers
- List of Common Headers
Steps to Investigate (Day 18)
- Why to Investigate Emails
- Investigating Email Crime and Violation
  - Obtain a Search Warrant and Seize the Computer and Email Account
  - Obtain a Bit-by-Bit Image of Email Information
  - Examine Email Headers
    - Viewing Email Headers in Microsoft Outlook
    - Viewing Email Headers in AOL
    - Viewing Email Headers in Hotmail
    - Viewing Email Headers in Gmail
    - Viewing Headers in Yahoo Mail
    - Forging Headers
  - Analyzing Email Headers
    - Email Header Fields
    - Received: Headers
    - Microsoft Outlook Mail
    - Examining Additional Files (.pst or .ost files)
    - Checking the Email Validity
    - Examine the Originating IP Address
  - Trace Email Origin
    - Tracing Back
    - Tracing Back Web-based Email
  - Acquire Email Archives
    - Email Archives
    - Content of Email Archives
    - Local Archive
    - Server Storage Archive
    - Forensic Acquisition of Email Archive
  - Recover Deleted Emails
    - Deleted Email Recovery
Email Forensics Tools (Day 18)
- Stellar Phoenix Deleted Email Recovery
- Recover My Email
- Outlook Express Recovery
- Zmeil
- Quick Recovery for MS Outlook
- Email Detective
- Email Trace - Email Tracking
- R-Mail
- FINALeMAIL
- eMailTrackerPro
- Forensic Tool Kit (FTK)
- Paraben’s email Examiner
- Network Email Examiner by Paraben
- DiskInternal’s Outlook Express Repair
- Abuse.Net
- MailDetective Tool
Laws and Acts against Email Crimes (Day 18)
- U.S. Laws Against Email Crime: CAN-SPAM Act
- 18 U.S.C. § 2252A
- 18 U.S.C. § 2252B
- Email Crime Law in Washington: RCW 19.190.020

Module 19: Mobile Forensics 4 Hours - 6 Topics

Mobile Phone (Day 18)
- Mobile Phone
- Different Mobile Devices
- Hardware Characteristics of Mobile Devices
- Software Characteristics of Mobile Devices
- Components of Cellular Network
- Cellular Network
- Different Cellular Networks
Mobile Operating Systems (Day 18)
- Mobile Operating Systems
- Types of Mobile Operating Systems
- WebOS
  - WebOS System Architecture
- Symbian OS
  - Symbian OS Architecture
- Android OS
  - Android OS Architecture
- RIM BlackBerry OS
- Windows Phone 7
  - Windows Phone 7 Architecture
- Apple iOS
Mobile Forensics (Day 19)
- What a Criminal can do with Mobiles Phones?
- Mobile Forensics
- Mobile Forensics Challenges
- Forensics Information in Mobile Phones
- Memory Considerations in Mobiles
- Subscriber Identity Module (SIM)
- SIM File System
- Integrated Circuit Card Identification (ICCID)
- International Mobile Equipment Identifier (IMEI)
- Electronic Serial Number (ESN)
- Precautions to be Taken Before Investigation
Mobile Forensic Process (Day 19)
- Mobile Forensic Process
  - Collect the Evidence
    - Collecting the Evidence
    - Points to Remember while Collecting the Evidence
    - Collecting iPod/iPhone Connected with Computer
  - Document the Scene and Preserve the Evidence
  - Imaging and Profiling
  - Acquire the Information
    - Device Identification
    - Acquire Data from SIM Cards
    - Acquire Data from Unobstructed Mobile Devices
    - Acquire the Data from Obstructed Mobile Devices
    - Acquire Data from Memory Cards
    - Acquire Data from Synched Devices
    - Gather Data from Network Operator
    - Check Call Data Records (CDRs)
    - Gather Data from SQLite Record
    - Analyze the Information
  - Generate Report
Mobile Forensics Software Tools (Day 19)
- Oxygen Forensic Suite 2011
- MOBILedit! Forensic
- BitPim
- SIM Analyzer
- SIMCon
- SIM Card Data Recovery
- Memory Card Data Recovery
- Device Seizure
- SIM Card Seizure
- ART (Automatic Reporting Tool)
- iPod Data Recovery Software
- Recover My iPod
- PhoneView
- Elcomsoft Blackberry Backup Explorer
- Oxygen Phone Manager II
- Sanmaxi SIM Recoverer
- USIMdetective
- CardRecovery
- Stellar Phoenix iPod Recovery Software
- iCare Data Recovery Software
- Cell Phone Analyzer
- iXAM
- BlackBerry Database Viewer Plus
- BlackBerry Signing Authority Tool
Mobile Forensics Hardware Tools (Day 19)
- Secure View Kit
- Deployable Device Seizure (DDS)
- Paraben's Mobile Field Kit
- PhoneBase
- XACT System
- Logicube CellDEK
- Logicube CellDEK TEK
- TadioTactics ACESO
- UME-36Pro - Universal Memory Exchanger
- Cellebrite UFED System - Universal Forensic Extraction Device
- ZRT 2
- ICD 5200
- ICD 1300

Module 20: Report Writing and Presentation 2 Hours - Day 20

Hacking Tutorials

Read All Tutorials »

Building a career in Digital Forensics - How promising is the future? A thorough career guide

Read Details »

Know Your Faculty

Mr. Sandeep Sengupta

CISA, Certified Ethical Hacker, ISO 27001:2013 Lead Auditor, Lead Privacy auditor, GDPR Implementer

21 years of experience working in India, New Zealand & Singapore; in Information Security domain as Ethical Hacker, ISO 27001 Lead Auditor / Tutor, BS 10012 Privacy Lead Auditor, Mr. Sandeep Sengupupta has conducted security audit in companies like ONGC, KPMG, PWC, Airtel, Vodafone, Accenture, Capgemini, Vedanta, PayU, Bandhan Bank, ABP, etc.

He has been invited as a speaker at FICCI, VIT (Vellore), Nasscom, CII, BCCI, ICAI, ISACA, FICCI, CeBIT, US High Commission (Kolkata), etc. He has taken part in several Television shows on ABP, ETV, NDTV, AajTak, Times Now, etc. In 2005, Sandeep founded the online community "Hackers Library"; which had 80,000+ members, making it the largest Indian online forum for cyber-security professionals at its time. Mr. Sengupta is the committee member at Nasscom (East) & CII ICT-East.

Mr. Kirit Sankar Gupta

B. Tech (IT), OSCP, CEH 10.0, CHFI 9.0, ISO Certified Lead Security Incident Manager (ISO/IEC 27035), ISO Certified Lead Forensic Examiner (CLFE), CCNA, CCNP

A Penetration Tester with 6 years of experience, Kirit has the expertise in Mobile Application Pentesting Network, IoT Penetration Testing, Source-code review, Fuzzing, Red teaming, Social Engineering, Digital Forensics and Incident Response, Dev(Sec)Ops, Malware Analysis as well as SOC analysis. He has been acknowledged for reporting critical vulnerabilities to Uber, Apple, Flipkart, and MIT. Mr. Kirit Sankar Gupta is the member of Data Security Council of India (Kolkata).

Mr. Sanchayan Bhaumik

ME (Jadavpur University), MCA (WBUT), CEH, CHFI, CEI

With 7 years of experience in Information Security audit and Forensic Investigation, Mr. Sanchayan Bhaumik is working as Information Security Analyst at ISOEH and has successfully conducted various Vulnerability Assessment and Penetration Testing / audit, as well as Forensic Investigation for leading corporate houses and Government entities.

He has worked as an Assistant Professor at Sikkim Manipal University & Guest Faculty at National Institute of Pharmaceutical Education and Research. His research domain is AI, Machine Learning and Cryptography. He has presented several research papers in international conferences. At ISOEH his job profile includes VAPT, Forensic Assignments & Teaching advance courses on penetration testing, creating hacking tools using python, AI & ML.

Mr. Saumitra Biswas

M Tech - Computer Science, MSc (Statistics), GATE qualified

Mr. Saumitra Biswas is M.Tech in computer science from Netaji Subhash Engineering College, GATE qualified in computer science and a MSC in statistics from Kalyani University. He has 20 years of experience. His technical interests include Machine Learning, Neural Networks, Genetic Algorithms and Object Oriented Programming. He is skilled in C, C++, C#, Dotnet, Java, Python, Matlab, Unix, MS Windows XP, Windows 7, My SQL, Oracle, MS Access, HTML, XML, CSS and PHP. He take classes on AI & ML in ISOAH, as well as act as mentors to interns & project trainees.

Ms. Amrita Acharya

M Tech in CSE, ISO 27001 Lead Auditor (IRCA/BSI)

After completion of her Master degree, she has worked with ISOAH as an intern for few years before joining full time as secuity analyst. She has been involved in internal audit, policy design, ISMS consultancy for more than 2 years. She is well versed in Kali Linux, Nmap, Metasploit, ITGC, ISO 27001 & COBIT framework. ISOAH clients she has provided active consultancy are CESC, Diadem, Lexplosion, Diamond Beverages, etc. As part of her hobby, she has been a professional model in her free time.

Mr. Subhendu Bhadra

ECSA, CEH, CCNA, Android Pentesting, Reverse Engineering

A Certified Ethical Hacker & CCNA, Mr. Subhendu Bhadra has expertise in exploit writing using Python, Ruby and Bash and is working as a Information Security Analyst and Faculty at ISOEH. Passionate about gadgets and technology, he has created several projects using Arduino. Well versed with networking and various programming languages, Suvendu is developing new hacking tools using Python.

Mr. Anubhav Khettry

Certificate EC-Council Instructor(CEIv2), CEH, CHFI

Anubhav Khettry is a Certified Ethical Hacker. His area of interest includes Network Penetration Testing (NPT), Web Application Penetration Testing (WAPT) & RDBMS concepts. He is currently a part of ISOEH as Information Security Analyst and faculty.

Mr. Avirup Ukil

CEH, CHFI

Information Security Analyst & Faculty. His research domain is python (Network programming and hacking toolkits), privilege escalation attack & mitigation, advance penetration testing.

Mr. Sagar Neogi

MCA, CEH

Sagar Neogi is a Certified Ethical Hacker (CEH). His area of interest is Python, Reverse Engineering, Vulnerability Assessment and Penetration Testing. He is proficient in network design & hardening. He has a passion for teaching & likes to guide students to apply cyber security knowledge in the real-life scenario. He is currently a part of ISOEH as a faculty member & research analyst.

Mr. Somdeb Chakraborty

CEH, CCNA, Android Development

Somdeb Chakraborty is a Certified Ethical Hacker (CEH), whose expertise lies in penetration testing. His areas of interest are Networking, Python, Vulnerability Assessment and Penetration Testing. He is also CCNA Global Certified (CISCO ID# CSCO13549504). Previously he worked as a software and web development trainer at The EDGE College in tie up with Vinayaka mission Sikkim University. He is working as an Information Security Analyst in the Indian School of Ethical Hacking.

Mr. Md. Imamul Haque

MCA, JAVA Developer, ANDROID App Developer

Experienced Software Developer and Trainer working as Corporate Android Trainer at ISOEH as well as developing Mobile apps for clients and helping students in their final year projects & internships. Have experience in Client-Server based and Enterprise application development in Android. He had earlier worked as a Software Developer at Oaasa Technologies.

Ratings & Reviews

5.0
Course Rating
Based On
1000 Students Rating

Sid Bhardwaj

Date: 17.12.2019
Course: CHFI 9.0 - Computer Hacking Forensic Investigator (Global Certification)

Did the CHFI and Python Programming, the environment is good and the teachers are really wonderful, Special Thanks to Mr. Sanchayan Bhaumik and Mr. Sagar Neogi.

Rita Das

Date: 06.03.2019
Course: CHFI 9.0 - Computer Hacking Forensic Investigator (Global Certification)

Best center to learn CEH, CCNA, CHFI.

Paulomi Ray

Date: 03.03.2019
Course: CHFI 9.0 - Computer Hacking Forensic Investigator (Global Certification)

Excellent place for learning EH, CCNA, CHFI.

Debasis Mazumdar

Date: 28.01.2019
Course: CHFI 9.0 - Computer Hacking Forensic Investigator (Global Certification)

Get taught by professional hackers, learn computer forensics, network penetration testing and so many other related courses. Best in Asia.

Papia Das

Date: 17.01.2019
Course: CHFI 9.0 - Computer Hacking Forensic Investigator (Global Certification)

I have completed my Ethical Hacking classes under Anubhav Sir and currently doing Forensic classes under Sanchayan Sir.... Both teachers' are very helpful and classes are interactive as well.

Job Prospects & Job Sources

The various positions in which a CHFI expert can apply for are,

IT Security Specialist	Network Security Pro	Penetration Tester
IT Auditor Positions	Security Engineer	Cyber Forensics Analyst
Forensic Analyst - Incident Response	Digital Forensic Investigator

As organizations try hard to combat cyber attacks, businesses and government agencies are increasingly employing top-notch expertise for important information security jobs. Computer forensics investigation – the detection and analysis of cyber crime evidence for legal proceedings and precaution is one of the most crucial and promising IT security jobs in that respect.

Workforce demand for Computer Hacking Forensic Investigators is on an all time high across multiple work options; major industries for CHFI hiring include law enforcement, military and defense, enterprise IT, insurance and banking, legal practices, and of course cyber security firms.

The pay packet for CHFI experts in India on an average is Rs.21 lakhs.

Apply Now »

FAQs

What is the course content?

Computer Forensics in today's world
Computer forensics investigation process
Searching and Seizing Computers
Digital Evidence
First Responder Procedures
Computer Forensics Lab
Understanding Hard Disks and File Systems
Windows Forensics
Data Acquisition and Duplication
Recovering Deleted Files and Deleted Partitions
Forensics Investigation using AccessData FTK
Forensics Investigation Using EnCase
Steganography and Image File Forensics
Application Password Crackers
Log Capturing and Event Correlation
Network Forensics
Investigating Logs and Investigating Network Traffic
Investigating Wireless Attacks
Investigating Web Attacks
Tracking Emails and Investigating Email Crimes
Mobile Forensics
Investigative Reports
Becoming an Expert Witness

What is the course Duration?

The duration of the course is 40 hours - 2 classes per week.

What is the course Methodology?

The course is taught in theory as well as practical.

What is the course Prerequisites?

The prerequisites of the course are Basic knowledge of Hardware, Software & Network.

What is the career path after doing this course?

What is the next step after CHFI?

You can apply for corporate designation after this.

Enroll Now

Fields marked with * are mandatory.

Online Training

Course Fees

Rs.44,000/-
Inclusive of all taxes

Batches

Weekday Batches:

Reg. Date

Start Date

End Date

08
Jul, 2020

10
Jul, 2020

15
Sep, 2020

20
Jul, 2020

22
Jul, 2020

20
Sep, 2020

29
Jul, 2020

31
Jul, 2020

07
Oct, 2020

Weekend Batches:

Reg. Date

Start Date

End Date

02
Jul, 2020

04
Jul, 2020

06
Sep, 2020

16
Jul, 2020

18
Jul, 2020

20
Sep, 2020

CHFI 9.0 - Computer Hacking Forensic Investigator
(Global Certification)