Kõik koolitused ühest kohast!

tk
Tagasi

CHFI – Computer Hacking Forensic Investigator

Digital forensics is a key component in Cyber Security. Many people hear the term forensics, or computer forensics, or digital forensics and instantly think, that’s just for law enforcement, but the truth is, digital forensics has a key place on every cyber security team. In fact, without it, chances are your organizations Security posture and maturity will fail to see its full potential.
Computer hacking forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks.

Computer crime in today’s cyber world is on the rise. Computer Investigation techniques are being used by police, government and corporate entities globally.

Computer Security and Computer investigations are changing terms. More tools are invented daily for conducting Computer Investigations, be it computer crime, digital forensics, computer investigations, or even standard computer data recovery. The tools and techniques covered in EC-Council’s CHFI program will prepare the student to conduct computer investigations using groundbreaking digital forensics technologies.

Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. CHFI investigators can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information known as computer data recovery.

The purpose of the CHFI crdential is to validate the candidate´s skills to identify an intrude´s footprints and to properly gather the necessary evidence to prosecute in the court of law.

The CHFI program is designed for all IT professionals involved with information system security, computer forensics, and incident response.

EC-Council’s CHFI certifies individuals in the specific security discipline of computer forensics from a vendor-neutral perspective.

Target Audience:

  • Police and other law enforcement personnel
  • Defense and Military personnel
  • e-Business Security professionals
  • Systems administrators
  • Legal professionals
  • Banking, Insurance and other professionals
  • Government agencies
  • IT managers

The results of the training:

  • Perform incident response and forensics
  • Perform electronic evidence collections
  • Perform digital forensic acquisitions
  • Perform bit-stream Imaging/acquiring of the digital media seized during the process of investigation.
  • Examine and analyze text, graphics, multimedia, and digital images
  • Conduct thorough examinations of computer hard disk drives, and other electronic data storage media
  • Recover information and electronic data from computer hard drives and other data storage devices
  • Follow strict data and evidence handling procedures
  • Maintain audit trail (i.e., chain of custody) and evidence integrity
  • Work on technical examination, analysis and reporting of computer-based evidence
  • Prepare and maintain case files
  • Utilize forensic tools and investigative methods to find electronic data, including Internet use history, word processing documents, images and other files
  • Gather volatile and non-volatile information from Windows, MAC and Linux
  • Recover deleted files and partitions in Windows, Mac OS X, and Linux
  • Perform keyword searches including using target words or phrases
  • Investigate events for evidence of insider threats or attacks
  • Support the generation of incident reports and other collateral
  • Investigate and analyze all response activities related to cyber incidents
  • Plan, coordinate and direct recovery activities and incident analysis tasks
  • Examine all available information and supporting evidence or artefacts related to an incident or event
  • Collect data using forensic technology methods in accordance with evidence handling procedures, including collection of hard copy and electronic documents
  • Conduct reverse engineering for known and suspected malware files
  • Perform detailed evaluation of the data and any evidence of activity in order to analyze the full circumstances and implications of the event
    • Identify data, images and/or activity which may be the target of an internal investigation
    • Establish threat intelligence and key learning points to support pro-active profiling and scenario modelling
  • Search file slack space where PC type technologies are employed
  • File MAC times (Modified, Accessed, and Create dates and times) as evidence of access and event sequences
  • Examine file type and file header information
  • Review e-mail communications including web mail and Internet Instant Messaging programs
  • Examine the Internet browsing history
  • Generate reports which detail the approach, and an audit trail which documents actions taken to support the integrity of the internal investigation process
  • Recover active, system and hidden files with date/time stamp information
  • Crack (or attempt to crack) password protected files
  • Perform anti-forensics detection
  • Maintain awareness and follow laboratory evidence handling, evidence examination, laboratory safety, and laboratory security policy and procedures
  • Play a role of first responder by securing and evaluating a cybercrime scene, conducting preliminary interviews, documenting crime scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence, reporting of the crime scene
  • Perform post-intrusion analysis of electronic and digital media to determine the who, where, what, when, and how the intrusion occurred
  • Apply advanced forensic tools and techniques for attack reconstruction
  • Perform fundamental forensic activities and form a base for advanced forensics
  • Identify and check the possible source/incident origin
  • Perform event co-relation
  • Extract and analyze logs from various devices such as proxies, firewalls, IPSes, IDSes, Desktops, laptops, servers, SIM tools, routers, switches, AD servers, DHCP servers, Access Control Systems, etc.
  • Ensure that reported incident or suspected weaknesses, malfunctions and deviations are handled with confidentiality
  • Assist in the preparation of search and seizure warrants, court orders, and subpoenas
  • Provide expert witness testimony in support of forensic examinations conducted by the examiner

More information: https://www.eccouncil.org/programs/computer-hacking-forensic-investigator-chfi/

CHFI Course Outline:

  • Computer Forensics in Today’s World
  • Computer Forensics Investigation Process
  • Understanding Hard Disks and File Systems
  • Operating System Forensics
  • Defeating Anti-Forensics Techniques
  • Data Acquisition and Duplication
  • Network Forensics
  • Investigating Web Attacks
  • Database Forensics
  • Cloud Forensics
  • Malware Forensics
  • Investigating Email Crimes
  • Mobile Forensics
  • Investigative Reports

The CHFI certification is awarded after successfully passing the exam EC0 312-49. CHFI EC0 312-49 exams are available at ECC exam center around the world.

Candidates will be granted the Computer Hacking Forensic Investigator credential by passing a proctored CHFI exam. The exam will be for 4 hours with 150 multiple choice questions.

Trainer:
Robert Petrunic
Robert Petrunic was born in 1973 in Nagold, Germany and has a Master’s degree in Computer Engineering.
He works as senior security consultant in Eduron IS, the company dedicated to IT security education, penetration testing and computer forensics. He also works as lecturer in most successful Croatian private college “Algebra – University College”, where he has designed several courses related to computer security and forensics.
Robert is Microsoft certified trainer since 2002, EC-Council certified trainer from 2008 and VMware certified trainer from 2012. He works mainly in security field from 2004, and Microsoft acknowledged this at 2008 assigning him Microsoft most valuable professional recognition every year until 2017.
For the last 15 years Robert is working on programs related to ethical hacking and IT security awareness for system administrators, developers and IT security consultant. He also speaks at regional IT conferences.
Robert started to work in IT in 1996 and his learning curve was really steep from the beginning. Started as computer technician, “cable guy” and a developer in one single person, which gave him an overview of the “big picture” early in the process. During early 2000 he decided to continue his career as a systems administrator and only few years later security kicked in and “drag” Robert into this really difficult, but yet rewarding area. From 2008 he started to work mostly on a security consulting and penetration testing, where he settled for a few years (2012-2014) in the best Croatian PT company Infigo. Today he is self-employed working as a trainer, security consultant and penetration tester.

Küsin koolituse kohta lisainfot

Koolitusfirma tutvustus

IT Koolitus on juhtiv info- ja kommunikatsioonitehnoloogia ning IT projektijuhtimise koolitusteenuse pakkuja Baltikumis. Loen koolitusfirma kohta veel...

Osalen koolitusel

CHFI – Computer Hacking Forensic Investigator