1800 ULEARN (853 276)

www.ddls.com.au

EC-Council Computer Hacking Forensic Investigator

Length Price Version
5 days $5115.00 (inc GST) 9

Overview
This 5 day course covers a detailed methodological approach to forensic analysis including searching, seizing, chain of
custody, acquisition, preservation, analysis and reporting of digital evidence. All major tools and theories adopted by
forensic investigators are covered in this course.
The program comes with cloud-based virtual labs enabling students to practice various investigation techniques in a real-
time and simulated environment.
Exam vouchers are included with the course. Exams are not taken at the conclusion of the course. Exam candidates are
required to book their exam after completion of the course. Your EC-Council Exam Centre Voucher will come with an
expiry date. Please refer to the DDLS booking Terms and Conditions regarding exam voucher validity.
There are strict conditions applied to attendance at the EC-Council Certified Hacking Investigator courses. On the first day
of the course, students are required to sign a Liability Agreement form. A copy of this form and relevant links may be
found here.

Skills Gained
After attending this course you will be able to identify footprints and gather all necessary evidence for a prosecution of an intruder. CHFI has detailed labs
for hands-on learning experience. On average, approximately 50% of training time is dedicated to labs.

After attending this course you will have covered all the relevant knowledge-bases and skills required to meet regulatory standards such as ISO 27001,
PCI DSS, SOX, HIPPA, etc.

Key Topics
Module 01: Computer Forensics in Todays World

Understanding Computer Forensics

Why and When Do You Use Computer Forensics?
Cyber Crime (Types of Computer Crimes)
Case Study
Challenges Cyber Crimes Present For Investigators
Cyber Crime Investigation
Rules of Forensics Investigation
Understanding Digital Evidence
Types of Digital Evidence
Characteristics of Digital Evidence
Role of Digital Evidence
Sources of Potential Evidence
Rules of Evidence
Forensics Readiness
Computer Forensics as part of an Incident Response Plan
Need for Forensic Investigator
Roles and Responsibilities of Forensics Investigator
What makes a Good Computer Forensics Investigator?
Investigative Challenges
Legal and Privacy Issues
Code of Ethics
 Accessing Computer Forensics Resources

Module 02: Computer Forensics Investigation Process

Importance of Computer Forensics Process

Phases Involved in the Computer Forensics Investigation Process
Pre-investigation Phase
Investigation Phase
Post-investigation Phase

Module 03: Understanding Hard Disks and File Systems

Hard Disk Drive Overview

Disk Partitions and Boot Process
Understanding File Systems
RAID Storage System
File System Analysis

Module 04: Data Acquisition and Duplication

Data Acquisition and Duplication Concepts

Static Acquisition
Validate Data Acquisitions
Acquisition Best Practices

Module 05: Defeating Anti-forensics Techniques

What is Anti-Forensics?
Anti-Forensics techniques

Module 06: Operating System Forensics (Windows, Mac, Linux)

Introduction to OS Forensics

Windows Forensics

Collecting Volatile Information

Collecting Non-Volatile Information
Analyse the Windows thumbcaches
Windows Memory Analysis
Windows Registry Analysis
Cache, Cookie, and History Analysis
Windows File Analysis
Metadata Investigation
Text Based Logs
Other Audit Events
Forensic Analysis of Event Logs
Windows Forensics Tools

Linux Forensics

Shell Commands
Linux Log files
Collecting Volatile Data
Collecting Non-Volatile Data

MAC Forensics

Introduction to MAC Forensics

MAC Forensics Data
MAC Log Files
MAC Directories
MAC Forensics Tools

Module 07: Network Forensics

 Introduction to Network Forensics
Fundamental Logging Concepts
Event Correlation Concepts
Network Forensic Readiness
Network Forensics Steps
Network Traffic Investigation
Network Packet Analyser: Capsa Portable Network Analyser
Documenting the Evidence
Evidence Reconstruction

Module 08: Investigating Web Attacks

Introduction to Web Application Forensics

Web Attack Investigation
Investigating Web Server Logs
Web Attack Detection Tools
Tools for Locating IP Address
WHOIS Lookup Tools

Module 09: Database Forensics

Database Forensics and Its Importance

MSSQL Forensics
MySQL Forensics

Module 10: Cloud Forensics

Introduction to Cloud Computing

Cloud Forensics

Module 11: Malware Forensics

Introduction to Malware
Introduction to Malware Forensics
Analysis of Malicious Documents
Malware Analysis Challenges

Module 12: Investigating Email Crimes

Email System
Email Crimes (Email Spamming, Mail Bombing/Mail Storm, Phishing, Email Spoofing, Crime via Chat Room, Identity Fraud/Chain Letter)
Email Message
Steps to Investigate Email Crimes and Violation
Email Forensics Tools
Laws and Acts against Email Crimes

Module 13: Mobile Phone Forensics

Why Mobile Forensics?

Top Threats Targeting Mobile Devices
Mobile Hardware and Forensics
Mobile OS and Forensics
What Should You Do Before the Investigation?
Mobile Forensics Process

Module 14: Forensics Report Writing and Presentation

Writing Investigation Reports

Expert Witness Testimony

Target Audience
Law enforcement officers, system administrators, security officers, network security professionals, auditors
We can also deliver and customise this training course for larger groups saving your organisation time, money and resources. For
more information, please contact us on 1800 853 276.

Prerequisites
Basic knowledge on IT cyber-security, computer forensics and incident response. Certified Ethical Hacker would be advantageous.

The supply of this course by DDLS is governed by the booking terms and conditions. Please read the terms and conditions carefully before enrolling in this course, as enrolment in the course is
conditional on acceptance of these terms and conditions.

2017 DDLS Australia Pty Ltd. All Rights Reserved