CHFIv9: Computer Hacking Forensic Investigator (v.9)

home > training > CHFIv9: Computer Hacking Forensic Investigator (v.9)

CHFIv9: Computer Hacking Forensic Investigator (v.9)


  • 5 Days
  • Replay™ Class Recordings Included
Interface Gold™This is an Interface Gold™ class date delivered live at our Phoenix location. Online attendees will have access to our RemoteLive™ platform. Replay™ class recordings are included.
Interested in scheduling a date for this course?
Request A Date

Course Description

Computer hacking forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks. Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. Computer forensic investigators can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information.  This includes recovering deleted email, restoring erased images, and more.

This five-day instructor-led course will give participants the necessary skills to identify an intruder’s footprints and to properly gather the necessary evidence to prosecute. Many of today’s top tools of the forensic trade will be taught during this course, including software, hardware and specialized techniques. The need for businesses to become more efficient and integrated with one another, as well as the home user, has given way to a new type of criminal, the “cyber-criminal.” It is no longer a matter of “will your organization be hacked?” but, rather, “when?” Today’s battles between corporations, governments, and countries are no longer fought only in the typical arenas of boardrooms or battlefields using physical force. Now the battlefield starts in the technical realm, which ties into most every facet of modern day life. If you or your organization requires the knowledge or skills to identify, track, and prosecute the cybercriminal, then this is the course for you.

Interface is an Official EC-Council Training Provider and includes CHFIv9 Authorized Courseware. This course prepares students for the CHFIv9 Certification exam*.

* Note, exams are independent of course and any fees or exam costs are the responsibility of the student.

Course Outline

  • Computer Forensics in Today’s World
  • Computer Forensics Investigation Process
  • Understanding Hard Disks and File Systems
  • Operating System Forensics
  • Defeating Anti-Forensics Techniques
  • Data Acquisition and Duplication
  • Network Forensics
  • Investigating Web Attacks
  • Database Forensics
  • Cloud Forensics
  • Malware Forensics
  • Investigating Email Crimes
  • Mobile Forensics
  • Investigative Reports


This course is intended for law enforcement personnel, system administrators, security officers, defense and military personnel, legal professionals, bankers, computer and network security professionals, and anyone who is concerned about the integrity of the network and digital investigations.


Prior to attending this course, students must have completed the Certified Ethical Hacker (CEH) course or currently hold the CEHv8 or CEHv9 certification. Documentation is required prior to confirming registration.

This course is restricted to students at least 18 years old.

If the student is under the age of 18, they can attend if they provide a written consent of their parent/legal guardian and a supporting letter from their institution of higher learning. Only students from nationally accredited institutions of higher learning shall be considered.

What You Will Learn

After completing this course, students will be able to:

  • Implement the process of investigating cybercrime, laws involved, and the details in obtaining and executing a search warrant.
  • Identify different types of digital evidence, rules of evidence, digital evidence examination process, and electronic crime and digital evidence consideration by crime category.
  • Assume the role of first responder to IT security incidents. This includes building and using the first responder toolkit, securing and evaluating electronic crime scene, conducting preliminary interviews, documenting electronic crime scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence and reporting the crime scene.
  • Recover deleted files and deleted partitions in Windows, Mac OS X, and Linux.
  • Recover deleted email, images, documents, and other files containing relevant evidence.
  • Conduct a forensic investigation using Access Data FTK and Encase.
  • Identify the use of steganography and its techniques, and conduct steganalysis.
  • Analyze image files for forensic data.
  • Use password cracking tools and various types of password attacks to investigate password protected file breaches.
  • Identify different types of log capturing techniques, log management, time synchronization and log capturing tools.
  • Investigate logs, network traffic, wireless attacks, and web attacks.