<div style="margin:20px 0 0 200px"> To view the site, enable JavaScript by changing your browser options, then <a href="">Try Again</a>.</div>
EC-Council Accredited Training Center

Computer forensic is the collection, preservation, analysis, identification and presentation of computer related evidence that can be used in criminal cases for the purpose of taking the criminal proceedings forward.

In other words Computer Hacking Forensic Investigation or CHFI is discovering hacking attacks and collecting evidence to report the crime and conduct audits as a precaution to future attacks.

CHFI presents a methodological approach to computer forensics including searching and seizing, chain-of-custody, acquisition, preservation, analysis and reporting of digital evidence.

CHFI services are sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. CHFI investigators may take the help of a number of ways for discovering data inside a computer system, or recovering deleted, encrypted, or damaged file information known as computer data recovery.

Computer Security and Computer Investigations are fast changing. More and more tools are invented daily for conducting Computer Investigations, be it computer crime, digital forensics, computer investigations, or even standard computer data recovery. The tools and techniques covered in CHFI program will prepare the student to conduct computer investigations using innovative digital forensic technologies.

Course Rating

View All Reviews »

Students Enrolled and Counting…

Full List of Alumni »

Why learn CHFI 9.0 - Computer Hacking Forensic Investigator?


Course Syllabus »

Password Cracking

LOG Capturing


Jobs »


40 hours - 2 classes per week



Basic knowledge of Hardware, Software & Network. Prior completion of CEH training would be an advantage.

Course Fees

Course Fees

Class Room Training


Online Training


What You Will Get?

40 Hours
of in depth training in lab environment by the EC Council certified instructors and best cyber security and computer forensic experts

Study Materials
Voucher code from EC Council, Tools and Software

CHFI 9.0
Certificate of Completion after examination and alumni status

Course Benefits:

  1. Using Steganography: studying message detection that was hidden with steganography techniques
  2. LOG Capturing Techniques: time synchronization techniques and also the use of log capturing tools
  3. Tracking Emails: to combat email crimes
  4. Becoming a certified computer / digital forensic investigator
  5. Covering all major forensic investigations, technologies and solutions
  6. Gathering and analysis of cybercrime evidence to find out the source for prosecution
  7. Getting detailed hands-on learning experience
  8. Getting exclusive job opportunities in government and corporate sector

Course Details

  1. The duration of the course is 40 hours - 2 Classes per week
  2. The course fee is Rs.38,000/- + GST (Classroom Training) & Rs.44,000/- Rs.38,000/- + GST (Online Training)
  3. The course is taught in theory as well as practical
  4. The course is designed and developed for digital forensic practitioners
  5. A complete computer/digital forensic investigation technologies and solutions guide
  6. Detailed labs for hands-on learning experience
  7. Covers all the relevant knowledge-bases and skills to meets government and corporate standards
  8. The program presents a repeatable forensic investigation methodology required from a versatile digital forensic professional which increases your employability

About the Exam

  1. Exam Prefix: 312-49 (ECC EXAM)
  2. Number of Questions: 150
  3. Test Duration: 4 Hours
  4. Test Format: Multiple Choice
  5. Passing Score: Cut scores can range from 60% to 85%
Module 01: Computer Forensics in Today's World 2 Hours - 7 Topics
  • Forensics Science (Day 1)
  • Computer Forensics (Day 1)
    • Security Incident Report
    • Aspects of Organizational Security
    • Evolution of Computer Forensics
    • Objective of Computer Forensics
    • Need for Compute Forensics
  • Forensics Readiness (Day 1)
    • Benefits of Forensics Readiness
    • Goals of Forensics Readiness
    • Forensics Readiness Planning
  • Cyber Crime (Day 1)
    • Computer Facilitated Crimes
    • Modes of Attacks
    • Examples of Cyber Crime
    • Types of Computer Crimes
    • Cyber Criminals
    • Organized Cyber Crime: Organizational Chart
    • How Serious are Different Types of Incidents?
    • Disruptive Incidents to the Business
    • Cost Expenditure Responding to the Security Incident
  • Cyber Crime Investigation (Day 1)
    • Key Steps in Forensics Investigation
    • Rules of Forensics Investigation
    • Need for Forensics Investigator
    • Role of Forensics Investigator
    • Accessing Computer Forensics Resources
    • Role of Digital Evidence
  • Corporate Investigations (Day 1)
    • Understanding Corporate Investigations
    • Approach to Forensics Investigation: A Case Study
    • Instructions for the Forensic Investigator to Approach the Crime Scene
    • Why and When Do You Use Computer Forensics?
    • Enterprise Theory of Investigation (ETI)
    • Legal Issues
    • Reporting the Results
  • Reporting a Cyber Crime (Day 1)
    • Why you Should Report Cybercrime?
    • Reporting Computer-Related Crimes
    • Person Assigned to Report the Crime
    • When and How to Report an Incident?
    • Who to Contact at the Law Enforcement?
    • Federal Local Agents Contact
    • More Contacts
    • CIO Cyberthreat Report Form
  • Investigating Computer Crime (Day 2)
    • Before the Investigation
    • Build a Forensics Workstation
    • Building the Investigation Team
    • People Involved in Computer Forensics
    • Review Policies and Laws
    • Forensics Laws
    • Notify Decision Makers and Acquire Authorization
    • Risk Assessment
    • Build a Computer Investigation Toolkit
  • Steps to Prepare for a Computer Forensics Investigation (Day 2)
  • Computer Forensics Investigation Methodology (Day 2)
    • Obtain Search Warrant
      • Example of Search Warrant
      • Searches Without a Warrant
    • Evaluate and Secure the Scene
      • Forensics Photography
      • Gather the Preliminary Information at the Scene
      • First Responder
    • Collect the Evidence
      • Collect Physical Evidence
        • Evidence Collection Form
      • Collect Electronic Evidence
      • Guidelines for Acquiring Evidence
    • Secure the Evidence
      • Evidence Management
      • Chain of Custody
        • Chain of Custody Form
    • Acquire the Data
      • Duplicate the Data (Imaging)
      • Verify Image Integrity
        • MD5 Hash Calculators: HashCalc, MD5 Calculator and HashMyFiles
      • Recover Lost or Deleted Data
        • Data Recovery Software
    • Analyze the Data
      • Data Analysis
      • Data Analysis Tools
    • Assess Evidence and Case
      • Evidence Assessment
      • Case Assessment
      • Processing Location Assessment
      • Best Practices to Assess the Evidence
    • Prepare the Final Report
      • Documentation in Each Phase
      • Gather and Organize Information
      • Writing the Investigation Report
      • Sample Report
    • Testifying as an Expert Witness
      • Expert Witness
      • Testifying in the Court Room
      • Closing the Case
      • Maintaining Professional Conduct
      • Investigating a Company Policy Violation
      • Computer Forensics Service Providers
  • Data Acquisition and Duplication Concepts (Day 3)
    • Data Acquisition
    • Forensic and Procedural Principles
    • Types of Data Acquisition Systems
    • Data Acquisition Formats
    • Bit Stream vs. Backups
    • Why to Create a Duplicate Image?
    • Issues with Data Duplication
    • Data Acquisition Methods
    • Determining the Best Acquisition Method
    • Contingency Planning for Image Acquisitions
    • Data Acquisition Mistakes
  • Data Acquisition Types (Day 3)
    • Rules of Thumb
    • Static Data Acquisition
      • Collecting Static Data
      • Static Data Collection Process
    • Live Data Acquisition
      • Why Volatile Data is Important?
      • Volatile Data
      • Order of Volatility
      • Common Mistakes in Volatile Data Collection
      • Volatile Data Collection Methodology
      • Basic Steps in Collecting Volatile Data
      • Types of Volatile Information
  • Disk Acquisition Tool Requirements (Day 3)
    • Disk Imaging Tool Requirements
    • Disk Imaging Tool Requirements: Mandatory
    • Disk Imaging Tool Requirements: Optional
  • Validation Methods (Day 3)
    • Validating Data Acquisitions
    • Linux Validation Methods
    • Windows Validation Methods
  • RAID Data Acquisition (Day 3)
    • Understanding RAID Disks
    • Acquiring RAID Disks
    • Remote Data Acquisition
  • Acquisition Best Practices (Day 3)
    • Acquisition Best Practices
  • Data Acquisition Software Tools (Day 3)
    • Acquiring Data on Windows
    • Acquiring Data on Linux
    • dd Command
    • dcfldd Command
    • Extracting the MBR
    • Netcat Command
    • EnCase Forensic
    • Analysis Software: DriveSpy
    • ProDiscover Forensics
    • AccessData FTK Imager
    • Mount Image Pro
    • Data Acquisition Toolbox
    • SafeBack
    • ILookPI
    • RAID Recovery for Windows
    • R-Tools R-Studio
    • F-Response
    • PyFlag
    • LiveWire Investigator
    • ThumbsDisplay
    • DataLifter
    • X-Ways Forensics
    • R-drive Image
    • DriveLook
    • DiskExplorer
    • P2 eXplorer Pro
    • Flash Retriever Forensic Edition
  • Data Acquisition Hardware Tools (Day 3)
    • US-LATT
    • Image MASSter: Solo-4 (Super Kit)
    • Image MASSter: RoadMASSter- 3
    • Tableau TD1 Forensic Duplicator
    • Logicube: Forensic MD5
    • Logicube: Portable Forensic Lab™
    • Logicube: Forensic Talon®
    • Logicube: RAID I/O Adapter™
    • DeepSpar: Disk Imager Forensic Edition
    • Logicube: USB Adapter
    • Disk Jockey PRO
    • Logicube: Forensic Quest-2®
    • Logicube: CloneCard Pro
    • Logicube: EchoPlus
    • Paraben Forensics Hardware: Chat Stick
    • Image MASSter: Rapid Image 7020CS IT
    • Digital Intelligence Forensic Hardware: UltraKit
    • Digital Intelligence Forensic Hardware: UltraBay II
    • Digital Intelligence Forensic Hardware: UltraBlock SCSI
    • Digital Intelligence Forensic Hardware: HardCopy 3P
    • Wiebetech: Forensics DriveDock v4
    • Wiebetech: Forensics UltraDock v4
    • Image MASSter: WipeMASSter
    • Image MASSter: WipePRO
    • Portable Forensic Systems and Towers: Forensic Air-Lite V MK III
    • Forensic Tower IV Dual Xeon
    • Digital Intelligence Forensic Hardware: FREDDIE
    • DeepSpar: 3D Data Recovery
      • Phase 1 Tool: PC-3000 Drive Restoration System
      • Phase 2 Tool: DeepSpar Disk Imager
      • Phase 3 Tool: PC-3000 Data Extractor
    • Logicube
      • Cables
      • Adapters
      • GPStamp™
      • OmniPort
      • CellDEK®
    • Paraben Forensics Hardware
      • Project-a-Phone
      • Mobile Field Kit
      • iRecovery Stick
    • CelleBrite
      • UFED System
      • UFED Physical Pro
  • Collecting Volatile Information (Day 8)
    • Volatile Information
      • System Time
        • Logged-on Users
        • Psloggedon
        • Net Sessions Command
        • Logonsessions Tool
      • Open Files
        • Net File Command
        • PsFile Command
        • OpenFiles Command
      • Network Information
      • Network Connections
      • Process Information
      • Process-to-Port Mapping
      • Process Memory
      • Network Status
      • Other Important Information
  • Collecting Non-volatile Information (Day 8)
    • Non-volatile Information
      • Examine File Systems
      • Registry Settings
      • Microsoft Security ID
      • Event Logs
      • Index.dat File
      • Devices and Other Information
      • Slack Space
      • Virtual Memory
      • Swap File
      • Windows Search Index
      • Collecting Hidden Partition Information
      • Hidden ADS Streams
        • Investigating ADS Streams: StreamArmor
      • Other Non-Volatile Information
  • Windows Memory Analysis (Day 8)
    • Memory Dump
    • EProcess Structure
    • Process Creation Mechanism
    • Parsing Memory Contents
    • Parsing Process Memory
    • Extracting the Process Image
    • Collecting Process Memory
  • Windows Registry Analysis (Day 8)
    • Inside the Registry
    • Registry Structure within a Hive File
    • The Registry as a Log File
    • Registry Analysis
    • System Information
    • TimeZone Information
    • Shares
    • Audit Policy
    • Wireless SSIDs
    • Autostart Locations
    • System Boot
    • User Login
    • User Activity
    • Enumerating Autostart Registry Locations
    • USB Removable Storage Devices
    • Mounted Devices
    • Finding Users
    • Tracking User Activity
    • The UserAssist Keys
    • MRU Lists
    • Search Assistant
    • Connecting to Other Systems
    • Analyzing Restore Point Registry Settings
    • Determining the Startup Locations
  • Cache, Cookie, and History Analysis (Day 8)
    • Cache, Cookie, and History Analysis in IE
    • Cache, Cookie, and History Analysis in Firefox
    • Cache, Cookie, and History Analysis in Chrome
    • Analysis Tools
      • IE Cookies View
      • IE Cache View
      • IE History Viewer
      • MozillaCookiesView
      • MozillaCacheView
      • MozillaHistoryView
      • ChromeCookiesView
      • ChromeCacheView
      • ChromeHistoryView
  • MD5 Calculation (Day 8)
    • Message Digest Function: MD5
    • Why MD5 Calculation?
    • MD5 Hash Calculators: HashCalc, MD5 Calculator and HashMyFiles
    • MD5 Checksum Verifier
    • ChaosMD5
  • Windows File Analysis (Day 8)
    • Recycle Bin
    • System Restore Points (Rp.log Files)
    • System Restore Points (Change.log.x Files)
    • Prefetch Files
    • Shortcut Files
    • Word Documents
    • PDF Documents
    • Image Files
    • File Signature Analysis
    • NTFS Alternate Data Streams
    • Executable File Analysis
    • Documentation Before Analysis
    • Static Analysis Process
    • Search Strings
    • PE Header Analysis
    • Import Table Analysis
    • Export Table Analysis
    • Dynamic Analysis Process
    • Creating Test Environment
    • Collecting Information Using Tools
    • Process of Testing the Malware
  • Metadata Investigation (Day 8)
    • Metadata
    • Types of Metadata
    • Metadata in Different File Systems
    • Metadata in PDF Files
    • Metadata in Word Documents
    • Tool: Metadata Analyzer
  • Text Based Logs (Day 8)
    • Understanding Events
    • Event Logon Types
    • Event Record Structure
    • Vista Event Logs
    • IIS Logs
      • Parsing IIS Logs
    • Parsing FTP Logs
      • FTP sc-status Codes
    • Parsing DHCP Server Logs
    • Parsing Windows Firewall Logs
    • Using the Microsoft Log Parser
  • Other Audit Events (Day 8)
    • Evaluating Account Management Events
    • Examining Audit Policy Change Events
    • Examining System Log Entries
    • Examining Application Log Entries
  • Forensic Analysis of Event Logs (Day 9)
    • Searching with Event Viewer
    • Using EnCase to Examine Windows Event Log Files
    • Windows Event Log Files Internals
  • Windows Password Issues (Day 9)
    • Understanding Windows Password Storage
    • Cracking Windows Passwords Stored on Running Systems
    • Exploring Windows Authentication Mechanisms
      • LanMan Authentication Process
      • NTLM Authentication Process
      • Kerberos Authentication Process
    • Sniffing and Cracking Windows Authentication Exchanges
    • Cracking Offline Passwords
  • Forensic Tools (Day 9)
    • Windows Forensics Tool: OS Forensics
    • Windows Forensics Tool: Helix3 Pro
    • Integrated Windows Forensics Software: X-Ways Forensics
    • X-Ways Trace
    • Windows Forensic Toolchest (WFT)
    • Built-in Tool: Sigverif
    • Computer Online Forensic Evidence Extractor (COFEE)
    • System Explorer
    • Tool: System Scanner
    • SecretExplorer
    • Registry Viewer Tool: Registry Viewer
    • Registry Viewer Tool: RegScanner
    • Registry Viewer Tool: Alien Registry Viewer
    • MultiMon
    • CurrProcess
    • Process Explorer
    • Security Task Manager
    • PrcView
    • ProcHeapViewer
    • Memory Viewer
    • Tool: PMDump
    • Word Extractor
    • Belkasoft Evidence Center
    • Belkasoft Browser Analyzer
    • Metadata Assistant
    • HstEx
    • XpoLog Center Suite
    • LogViewer Pro
    • Event Log Explorer
    • LogMeister
    • ProDiscover Forensics
    • PyFlag
    • LiveWire Investigator
    • ThumbsDisplay
    • DriveLook
  • Network Forensics (Day 12)
    • Network Forensics
    • Network Forensics Analysis Mechanism
    • Network Addressing Schemes
    • Overview of Network Protocols
    • Overview of Physical and Data-Link Layer of the OSI Model
    • Overview of Network and Transport Layer of the OSI Model
    • OSI Reference Model
    • TCP/ IP Protocol
    • Intrusion Detection Systems (IDS) and ??heir Placement
      • How IDS Works
      • Types of Intrusion Detection Systems
      • General Indications of Intrusions
    • Firewall
    • Honeypot
  • Network Attacks (Day 12)
    • Network Vulnerabilities
    • Types of Network Attacks
      • IP Address Spoofing
      • Man-in-the-Middle Attack
      • Packet Sniffing
        • How a Sniffer Works
      • Enumeration
      • Denial of Service Attack
      • Session Sniffing
      • Buffer Overflow
      • Trojan Horse
  • Log Injection Attacks (Day 12)
    • New Line Injection Attack
      • New Line Injection Attack Countermeasure
    • Separator Injection Attack
      • Defending Separator Injection Attacks
    • Timestamp Injection Attack
      • Defending Timestamp Injection Attacks
    • Word Wrap Abuse Attack
      • Defending Word Wrap Abuse Attacks
    • HTML Injection Attack
      • Defending HTML Injection Attacks
    • Terminal Injection Attack
      • Defending Terminal Injection Attacks
  • Investigating and Analyzing Logs (Day 12)
    • Postmortem and Real-Time Analysis
    • Where to Look for Evidence
    • Log Capturing Tool: ManageEngine EventLog Analyzer
    • Log Capturing Tool: ManageEngine Firewall Analyzer
    • Log Capturing Tool: GFI EventsManager
    • Log Capturing Tool: Kiwi Syslog Server
    • Handling Logs as Evidence
    • Log File Authenticity
    • Use Signatures, Encryption, and Checksums
    • Work with Copies
    • Ensure System’s Integrity
    • Access Control
    • Chain of Custody
    • Condensing Log File
  • Investigating Network Traffic (Day 12)
    • Why Investigate Network Traffic?
    • Evidence Gathering via Sniffing
    • Capturing Live Data Packets Using Wireshark
      • Display Filters in Wireshark
      • Additional Wireshark Filters
    • Acquiring Traffic Using DNS Poisoning Techniques
      • Intranet DNS Spoofing (Local Network)
      • Intranet DNS Spoofing (Remote Network)
      • Proxy Server DNS Poisoning
      • DNS Cache Poisoning
    • Evidence Gathering from ARP Table
    • Evidence Gathering at the Data-Link Layer: DHCP Database
    • Gathering Evidence by IDS
  • Traffic Capturing and Analysis Tools (Day 13)
    • NetworkMiner
    • Tcpdump/Windump
    • Intrusion Detection Tool: Snort
      • How Snort Works
    • IDS Policy Manager
    • MaaTec Network Analyzer
    • Iris Network Traffic Analyzer
    • NetWitness Investigator
    • Colasoft Capsa Network Analyzer
    • Sniff - O - Matic
    • NetResident
    • Network Probe
    • NetFlow Analyzer
    • OmniPeek Network Analyzer
    • Firewall Evasion Tool: Traffic IQ Professional
    • NetworkView
    • CommView
    • Observer
    • SoftPerfect Network Protocol Analyzer
    • EffeTech HTTP Sniffer
    • Big-Mother
    • EtherDetect Packet Sniffer
    • Ntop
    • EtherApe
    • AnalogX Packetmon
    • IEInspector HTTP Analyzer
    • SmartSniff
    • Distinct Network Monitor
    • Give Me Too
    • EtherSnoop
    • Show Traffic
    • Argus
  • Documenting the Evidence Gathered on a Network (Day 13)
  • Introduction to Web Applications and Webservers (Day 13)
    • Introduction to Web Applications
    • Web Application Components
    • How Web Applications Work
    • Web Application Architecture
    • Open Source Webserver Architecture
    • Indications of a Web Attack
    • Web Attack Vectors
    • Why Web Servers are Compromised
    • Impact of Webserver Attacks
    • Website Defacement
    • Case Study
  • Web Logs (Day 13)
    • Overview of Web Logs
    • Application Logs
    • Internet Information Services (IIS) Logs
      • IIS Webserver Architecture
      • IIS Log File Format
    • Apache Webserver Logs
    • DHCP Server Logs
  • Web Attacks (Day 13)
    • Web Attacks - 1
    • Web Attacks - 2
      • Unvalidated Input
      • Parameter/Form Tampering
      • Directory Traversal
      • Security Misconfiguration
      • Injection Flaws
      • SQL Injection Attacks
      • Command Injection Attacks
        • Command Injection Example
      • File Injection Attack
      • What is LDAP Injection?
        • How LDAP Injection Works
      • Hidden Field Manipulation Attack
      • Cross-Site Scripting (XSS) Attacks
        • How XSS Attacks Work
      • Cross-Site Request Forgery (CSRF) Attack
        • How CSRF Attacks Work
      • Web Application Denial-of-Service (DoS) Attack
        • Denial of Service (DoS) Examples
      • Buffer Overflow Attacks
      • Cookie/Session Poisoning
        • How Cookie Poisoning Works
      • Session Fixation Attack
      • Insufficient Transport Layer Protection
      • Improper Error Handling
      • Insecure Cryptographic Storage
      • Broken Authentication and Session Management
      • Unvalidated Redirects and Forwards
      • DMZ Protocol Attack/ Zero Day Attack
      • Log Tampering
      • URL Interpretation and Impersonation Attack
      • Web Services Attack
      • Web Services Footprinting Attack
      • Web Services XML Poisoning
      • Webserver Misconfiguration
      • HTTP Response Splitting Attack
      • Web Cache Poisoning Attack
      • HTTP Response Hijacking
      • SSH Bruteforce Attack
      • Man-in-the-Middle Attack
      • Defacement Using DNS Compromise
  • Web Attack Investigation (Day 14)
    • Investigating Web Attacks
    • Investigating Web Attacks in Windows-Based Servers
    • Investigating IIS Logs
    • Investigating Apache Logs
    • Example of FTP Compromise
    • Investigating FTP Servers
    • Investigating Static and Dynamic IP Addresses
    • Sample DHCP Audit Log File
    • Investigating Cross-Site Scripting (XSS)
    • Investigating SQL Injection Attacks
    • Pen-Testing CSRF Validation Fields
    • Investigating Code Injection Attack
    • Investigating Cookie Poisoning Attack
    • Detecting Buffer Overflow
    • Investigating Authentication Hijacking
    • Web Page Defacement
    • Investigating DNS Poisoning
    • Intrusion Detection
    • Security Strategies to Web Applications
    • Checklist for Web Security
  • Web Attack Detection Tools (Day 14)
    • Web Application Security Tools
      • Acunetix Web Vulnerability Scanner
      • Falcove Web Vulnerability Scanner
      • Netsparker
      • N-Stalker Web Application Security Scanner
      • Sandcat
      • Wikto
      • WebWatchBot
      • OWASP ZAP
      • SecuBat Vulnerability Scanner
      • Websecurify
      • HackAlert
      • WebCruiser
    • Web Application Firewalls
      • dotDefender
      • IBM AppScan
      • ServerDefender VP
    • Web Log Viewers
      • Deep Log Analyzer
      • WebLog Expert
      • AlterWind Log Analyzer
      • Webalizer
      • eWebLog Analyzer
      • Apache Logs Viewer (ALV)
    • Web Attack Investigation Tools
      • AWStats
      • Paros Proxy
      • Scrawlr
  • Tools for Locating IP Address (Day 14)
    • Whois Lookup
    • SmartWhois
    • ActiveWhois
    • LanWhois
    • CountryWhois
    • CallerIP
    • Hide Real IP
    • IP - Address Manager
    • Pandora FMS
  • Email System Basics (Day 17)
    • Email Terminology
    • Email System
    • Email Clients
    • Email Server
    • SMTP Server
    • POP3 and IMAP Servers
    • Email Message
    • Importance of Electronic Records Management
  • Email Crimes (Day 17)
    • Email Crime
    • Email Spamming
    • Mail Bombing/Mail Storm
    • Phishing
    • Email Spoofing
    • Crime via Chat Room
    • Identity Fraud/Chain Letter
  • Email Headers (Day 17)
    • Examples of Email Headers
    • List of Common Headers
  • Steps to Investigate (Day 18)
    • Why to Investigate Emails
    • Investigating Email Crime and Violation
      • Obtain a Search Warrant and Seize the Computer and Email Account
      • Obtain a Bit-by-Bit Image of Email Information
      • Examine Email Headers
        • Viewing Email Headers in Microsoft Outlook
        • Viewing Email Headers in AOL
        • Viewing Email Headers in Hotmail
        • Viewing Email Headers in Gmail
        • Viewing Headers in Yahoo Mail
        • Forging Headers
      • Analyzing Email Headers
        • Email Header Fields
        • Received: Headers
        • Microsoft Outlook Mail
        • Examining Additional Files (.pst or .ost files)
        • Checking the Email Validity
        • Examine the Originating IP Address
      • Trace Email Origin
        • Tracing Back
        • Tracing Back Web-based Email
      • Acquire Email Archives
        • Email Archives
        • Content of Email Archives
        • Local Archive
        • Server Storage Archive
        • Forensic Acquisition of Email Archive
      • Recover Deleted Emails
        • Deleted Email Recovery
  • Email Forensics Tools (Day 18)
    • Stellar Phoenix Deleted Email Recovery
    • Recover My Email
    • Outlook Express Recovery
    • Zmeil
    • Quick Recovery for MS Outlook
    • Email Detective
    • Email Trace - Email Tracking
    • R-Mail
    • eMailTrackerPro
    • Forensic Tool Kit (FTK)
    • Paraben’s email Examiner
    • Network Email Examiner by Paraben
    • DiskInternal’s Outlook Express Repair
    • Abuse.Net
    • MailDetective Tool
  • Laws and Acts against Email Crimes (Day 18)
    • U.S. Laws Against Email Crime: CAN-SPAM Act
    • 18 U.S.C. § 2252A
    • 18 U.S.C. § 2252B
    • Email Crime Law in Washington: RCW 19.190.020
  • Mobile Phone (Day 18)
    • Mobile Phone
    • Different Mobile Devices
    • Hardware Characteristics of Mobile Devices
    • Software Characteristics of Mobile Devices
    • Components of Cellular Network
    • Cellular Network
    • Different Cellular Networks
  • Mobile Operating Systems (Day 18)
    • Mobile Operating Systems
    • Types of Mobile Operating Systems
    • WebOS
      • WebOS System Architecture
    • Symbian OS
      • Symbian OS Architecture
    • Android OS
      • Android OS Architecture
    • RIM BlackBerry OS
    • Windows Phone 7
      • Windows Phone 7 Architecture
    • Apple iOS
  • Mobile Forensics (Day 19)
    • What a Criminal can do with Mobiles Phones?
    • Mobile Forensics
    • Mobile Forensics Challenges
    • Forensics Information in Mobile Phones
    • Memory Considerations in Mobiles
    • Subscriber Identity Module (SIM)
    • SIM File System
    • Integrated Circuit Card Identification (ICCID)
    • International Mobile Equipment Identifier (IMEI)
    • Electronic Serial Number (ESN)
    • Precautions to be Taken Before Investigation
  • Mobile Forensic Process (Day 19)
    • Mobile Forensic Process
      • Collect the Evidence
        • Collecting the Evidence
        • Points to Remember while Collecting the Evidence
        • Collecting iPod/iPhone Connected with Computer
      • Document the Scene and Preserve the Evidence
      • Imaging and Profiling
      • Acquire the Information
        • Device Identification
        • Acquire Data from SIM Cards
        • Acquire Data from Unobstructed Mobile Devices
        • Acquire the Data from Obstructed Mobile Devices
        • Acquire Data from Memory Cards
        • Acquire Data from Synched Devices
        • Gather Data from Network Operator
        • Check Call Data Records (CDRs)
        • Gather Data from SQLite Record
        • Analyze the Information
      • Generate Report
  • Mobile Forensics Software Tools (Day 19)
    • Oxygen Forensic Suite 2011
    • MOBILedit! Forensic
    • BitPim
    • SIM Analyzer
    • SIMCon
    • SIM Card Data Recovery
    • Memory Card Data Recovery
    • Device Seizure
    • SIM Card Seizure
    • ART (Automatic Reporting Tool)
    • iPod Data Recovery Software
    • Recover My iPod
    • PhoneView
    • Elcomsoft Blackberry Backup Explorer
    • Oxygen Phone Manager II
    • Sanmaxi SIM Recoverer
    • USIMdetective
    • CardRecovery
    • Stellar Phoenix iPod Recovery Software
    • iCare Data Recovery Software
    • Cell Phone Analyzer
    • iXAM
    • BlackBerry Database Viewer Plus
    • BlackBerry Signing Authority Tool
  • Mobile Forensics Hardware Tools (Day 19)
    • Secure View Kit
    • Deployable Device Seizure (DDS)
    • Paraben's Mobile Field Kit
    • PhoneBase
    • XACT System
    • Logicube CellDEK
    • Logicube CellDEK TEK
    • TadioTactics ACESO
    • UME-36Pro - Universal Memory Exchanger
    • Cellebrite UFED System - Universal Forensic Extraction Device
    • ZRT 2
    • ICD 5200
    • ICD 1300

Hacking Tutorials

Read All Tutorials »
Building a career in Digital Forensics - How promising is the future? A thorough career guide
Building a career in Digital Forensics - How promising is the future? A thorough career guide
Read Details »

Hacking Videos

Explore All Videos »
How to Hiding Your Secret File using Steganography?
View On Youtube »

Get In Touch


Related Course

Enroll Now »
Know Your Faculty
Mr. Sandeep Sengupta
Mr. Sandeep Sengupta
CISA, Certified Ethical Hacker, ISO 27001:2013 Lead Auditor, Lead Privacy auditor, GDPR Implementer

21 years of experience working in India, New Zealand & Singapore; in Information Security domain as Ethical Hacker, ISO 27001 Lead Auditor / Tutor, BS 10012 Privacy Lead Auditor, Mr. Sandeep Sengupupta has conducted security audit in companies like ONGC, KPMG, PWC, Airtel, Vodafone, Accenture, Capgemini, Vedanta, PayU, Bandhan Bank, ABP, etc.

He has been invited as a speaker at FICCI, VIT (Vellore), Nasscom, CII, BCCI, ICAI, ISACA, FICCI, CeBIT, US High Commission (Kolkata), etc. He has taken part in several Television shows on ABP, ETV, NDTV, AajTak, Times Now, etc. In 2005, Sandeep founded the online community "Hackers Library"; which had 80,000+ members, making it the largest Indian online forum for cyber-security professionals at its time. Mr. Sengupta is the committee member at Nasscom (East) & CII ICT-East.

Mr. Kirit Sankar Gupta
Mr. Kirit Sankar Gupta
B. Tech (IT), OSCP, CEH 10.0, CHFI 9.0, ISO Certified Lead Security Incident Manager (ISO/IEC 27035), ISO Certified Lead Forensic Examiner (CLFE), CCNA, CCNP

A Penetration Tester with 6 years of experience, Kirit has the expertise in Mobile Application Pentesting Network, IoT Penetration Testing, Source-code review, Fuzzing, Red teaming, Social Engineering, Digital Forensics and Incident Response, Dev(Sec)Ops, Malware Analysis as well as SOC analysis. He has been acknowledged for reporting critical vulnerabilities to Uber, Apple, Flipkart, and MIT. Mr. Kirit Sankar Gupta is the member of Data Security Council of India (Kolkata).

Mr. Sanchayan Bhaumik
Mr. Sanchayan Bhaumik
ME (Jadavpur University), MCA (WBUT), CEH, CHFI, CEI

With 7 years of experience in Information Security audit and Forensic Investigation, Mr. Sanchayan Bhaumik is working as Information Security Analyst at ISOEH and has successfully conducted various Vulnerability Assessment and Penetration Testing / audit, as well as Forensic Investigation for leading corporate houses and Government entities.

He has worked as an Assistant Professor at Sikkim Manipal University & Guest Faculty at National Institute of Pharmaceutical Education and Research. His research domain is AI, Machine Learning and Cryptography. He has presented several research papers in international conferences. At ISOEH his job profile includes VAPT, Forensic Assignments & Teaching advance courses on penetration testing, creating hacking tools using python, AI & ML.

Mr. Saumitra Biswas
Mr. Saumitra Biswas
M Tech - Computer Science, MSc (Statistics), GATE qualified

Mr. Saumitra Biswas is M.Tech in computer science from Netaji Subhash Engineering College, GATE qualified in computer science and a MSC in statistics from Kalyani University. He has 20 years of experience. His technical interests include Machine Learning, Neural Networks, Genetic Algorithms and Object Oriented Programming. He is skilled in C, C++, C#, Dotnet, Java, Python, Matlab, Unix, MS Windows XP, Windows 7, My SQL, Oracle, MS Access, HTML, XML, CSS and PHP. He take classes on AI & ML in ISOAH, as well as act as mentors to interns & project trainees.

Ms. Amrita Acharya
Ms. Amrita Acharya
M Tech in CSE, ISO 27001 Lead Auditor (IRCA/BSI)

After completion of her Master degree, she has worked with ISOAH as an intern for few years before joining full time as secuity analyst. She has been involved in internal audit, policy design, ISMS consultancy for more than 2 years. She is well versed in Kali Linux, Nmap, Metasploit, ITGC, ISO 27001 & COBIT framework. ISOAH clients she has provided active consultancy are CESC, Diadem, Lexplosion, Diamond Beverages, etc. As part of her hobby, she has been a professional model in her free time.

Mr. Subhendu Bhadra
Mr. Subhendu Bhadra
ECSA, CEH, CCNA, Android Pentesting, Reverse Engineering

A Certified Ethical Hacker & CCNA, Mr. Subhendu Bhadra has expertise in exploit writing using Python, Ruby and Bash and is working as a Information Security Analyst and Faculty at ISOEH. Passionate about gadgets and technology, he has created several projects using Arduino. Well versed with networking and various programming languages, Suvendu is developing new hacking tools using Python.

Mr. Anubhav Kettry
Mr. Anubhav Khettry
Certificate EC-Council Instructor(CEIv2), CEH, CHFI

Anubhav Khettry is a Certified Ethical Hacker. His area of interest includes Network Penetration Testing (NPT), Web Application Penetration Testing (WAPT) & RDBMS concepts. He is currently a part of ISOEH as Information Security Analyst and faculty.

Mr. Saugata Sil
Mr. Saugata Sil

Saugata Sil is a Certified Ethical Hacker (CEH). His area of interest is Python, Networking, Ethical Hacking, Front-end Development, Vulnerability Assessment, Web Application Pentesting, Android Application Pentesting and API Pentesting. Previously he worked as a Front-end developer and Software developer. As well as he also bug hunting and he has been acknowledged for reporting critical vulnerabilities to Dell, TripAdvisor, HealthifyMe, Spacex and many more. He has a passion for teaching & likes to guide students to apply cyber security knowledge in real-life scenarios. He is currently a part of ISOAH as a faculty member & Security Researcher Analyst.

Mr. Sagar Neogi
Mr. Sagar Neogi

Sagar Neogi is a Certified Ethical Hacker (CEH). His area of interest is Python, Reverse Engineering, Vulnerability Assessment and Penetration Testing. He is proficient in network design & hardening. He has a passion for teaching & likes to guide students to apply cyber security knowledge in the real-life scenario. He is currently a part of ISOEH as a faculty member & research analyst.

Mr. Somdeb Chakraborty
Mr. Somdeb Chakraborty
CEH, CCNA, Android Development

Somdeb Chakraborty is a Certified Ethical Hacker (CEH), whose expertise lies in penetration testing. His areas of interest are Networking, Python, Vulnerability Assessment and Penetration Testing. He is also CCNA Global Certified (CISCO ID# CSCO13549504). Previously he worked as a software and web development trainer at The EDGE College in tie up with Vinayaka mission Sikkim University. He is working as an Information Security Analyst in the Indian School of Ethical Hacking.


Ratings & Reviews

CHFI 9.0 - Computer Hacking Forensic Investigator

Course Rating
Based On
1000 Students Rating

Date: 17.12.2019
Course: CHFI 9.0 - Computer Hacking Forensic Investigator (Global Certification)

Did the CHFI and Python Programming, the environment is good and the teachers are really wonderful, Special Thanks to Mr. Sanchayan Bhaumik and Mr. Sagar Neogi.

Date: 06.03.2019
Course: CHFI 9.0 - Computer Hacking Forensic Investigator (Global Certification)

Best center to learn CEH, CCNA, CHFI.

Date: 03.03.2019
Course: CHFI 9.0 - Computer Hacking Forensic Investigator (Global Certification)

Excellent place for learning EH, CCNA, CHFI.

Date: 28.01.2019
Course: CHFI 9.0 - Computer Hacking Forensic Investigator (Global Certification)

Get taught by professional hackers, learn computer forensics, network penetration testing and so many other related courses. Best in Asia.

Date: 17.01.2019
Course: CHFI 9.0 - Computer Hacking Forensic Investigator (Global Certification)

I have completed my Ethical Hacking classes under Anubhav Sir and currently doing Forensic classes under Sanchayan Sir.... Both teachers' are very helpful and classes are interactive as well.


Job Prospects & Job Sources

The various positions in which a CHFI expert can apply for are,

IT Security Specialist Network Security Pro Penetration Tester
IT Auditor Positions Security Engineer Cyber Forensics Analyst
Forensic Analyst - Incident Response Digital Forensic Investigator

As organizations try hard to combat cyber attacks, businesses and government agencies are increasingly employing top-notch expertise for important information security jobs. Computer forensics investigation – the detection and analysis of cyber crime evidence for legal proceedings and precaution is one of the most crucial and promising IT security jobs in that respect.

Workforce demand for Computer Hacking Forensic Investigators is on an all time high across multiple work options; major industries for CHFI hiring include law enforcement, military and defense, enterprise IT, insurance and banking, legal practices, and of course cyber security firms.

The pay packet for CHFI experts in India on an average is Rs.21 lakhs.


What is the course content?
  • Computer Forensics in today's world
  • Computer forensics investigation process
  • Searching and Seizing Computers
  • Digital Evidence
  • First Responder Procedures
  • Computer Forensics Lab
  • Understanding Hard Disks and File Systems
  • Windows Forensics
  • Data Acquisition and Duplication
  • Recovering Deleted Files and Deleted Partitions
  • Forensics Investigation using AccessData FTK
  • Forensics Investigation Using EnCase
  • Steganography and Image File Forensics
  • Application Password Crackers
  • Log Capturing and Event Correlation
  • Network Forensics
  • Investigating Logs and Investigating Network Traffic
  • Investigating Wireless Attacks
  • Investigating Web Attacks
  • Tracking Emails and Investigating Email Crimes
  • Mobile Forensics
  • Investigative Reports
  • Becoming an Expert Witness
What is the course Duration?

The duration of the course is 40 hours - 2 classes per week.

What is the course Methodology?

The course is taught in theory as well as practical.

What is the course Prerequisites?

The prerequisites of the course are Basic knowledge of Hardware, Software & Network.

What is the career path after doing this course?

Workforce demand for Computer Hacking Forensic Investigators is on an all time high across multiple work options; major industries for CHFI hiring include law enforcement, military and defense, enterprise IT, insurance and banking, legal practices, and of course cyber security firms..

What is the next step after CHFI?

You can apply for corporate designation after this.

Enroll Now

Fields marked with * are mandatory.

Online Interactive Classroom with dedicated Faculty

Course Fees


Weekday Batches:
Reg. Date
Start Date
End Date
Apr, 2021
Apr, 2021
Jun, 2021
Apr, 2021
Apr, 2021
Jun, 2021
Apr, 2021
Apr, 2021
Jul, 2021
Weekend Batches:
Reg. Date
Start Date
End Date
Apr, 2021
Apr, 2021
Jun, 2021
Mar, 2021
Apr, 2021
Jun, 2021

Member of:

Data Security Council of India