A CHFI is a skilled professional trained in the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. CHFI professionals are aware of legally sound detailed methodological approach to computer forensics and evidence analysis.

Computer Hacking Forensic Investigation (CHFI) is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks. Computer crime in today’s cyber world is on the rise. Computer Investigation techniques are being used by police, government and corporate entities globally and many of them turn to EC-Council for our Computer Hacking Forensic Investigator CHFI Certification Program.

  • About this course

    CHFI is a comprehensive course covering major forensic investigation scenarios and enabling students to acquire necessary hands-on experience with various forensic investigation techniques and standard forensic tools necessary to successfully carry out a computer forensic investigation leading to the prosecution of perpetrators.

  • Why should you take this course?

    ✅The course was designed and developed by experienced SMEs and digital forensics practitioners

    ✅A complete vendor neutral course covering all major forensics investigations technologies and solutions

    ✅Detailed labs for hands-on learning experience; approximately 50% of training time is dedicated to labs

    ✅It covers all the relevant knowledge-bases and skills to meets with regulatory compliance standards such as ISO 27001, PCI DSS, SOX, HIPPA, etc

    ✅The program presents a repeatable forensics investigation methodology required from a versatile digital forensic professional which increases your employability

  • What will you learn by taking this course?

    Computer forensics enables the systematic and careful identification of evidence in computer related crime and abuse cases. This may range from tracing the tracks of a hacker through a client’s systems, to tracing the originator of defamatory emails, to recovering signs of fraud.

  • Chaptar 1. Computer Forensics in Today's World

    ✅Forensics Science

    ✅Computer Forensics

    ✅Security Incident Report

    ✅Aspects of Organizational Security

    ✅Evolution of Computer Forensics

    ✅Objective of Computer Forensics

    ✅Need for Compute Forensics

    ✅Forensics Readiness

    ✅Cyber Crime

    ✅Cyber Crime Investigation

    ✅Corporate Investigations

    ✅Reporting a Cyber Crime


  • Chaptar 2. Computer Forensics Investigation Process

    ✅Investigating Computer Crime

    ✅Before the Investigation

    ✅Build a Forensics Workstation

    ✅Building the Investigation Team

    ✅People Involved in Computer Forensics

    ✅Review Policies and Laws

    ✅Forensics Laws

    ✅Notify Decision Makers and Acquire Authorization

    ✅Risk Assessment

    ✅Build a Computer Investigation Toolkit

    ✅Steps to Prepare for a Computer Forensics Investigation

    ✅Computer Forensics Investigation Methodology

  • Chaptar 3. Searching and Seizing Computers

    ✅Searching and Seizing Computers without a Warrant

    ✅Searching and Seizing Computers with a Warrant

    ✅The Electronic Communications Privacy Act



  • Chaptar 4. Digital Evidence

    ✅Digital Data

    ✅Definition of Digital Evidence

    ✅Increasing Awareness of Digital Evidence

    ✅Challenging Aspects of Digital Evidence

    ✅The Role of Digital Evidence

    ✅Characteristics of Digital Evidence

    ✅Fragility of Digital Evidence

    ✅Anti-Digital Forensics (ADF)

    ✅Types of Digital Data

    ✅Rules of Evidence

    ✅Electronic Devices: Types and Collecting Potential Evidence

    ✅Digital Evidence Examination Process

    ✅Electronic Crime and Digital Evidence Consideration by Crime Category



  • Chaptar 5. First Responder Procedures

    ✅Electronic Evidence

    ✅First Responder

    ✅Roles of First Responder

    ✅Electronic Devices: Types and Collecting Potential Evidence

    ✅First Responder Toolkit

    ✅First Responder Toolkit

    ✅Creating a First Responder Toolkit

    ✅Evidence Collecting Tools and Equipment

    ✅First Response Basics


    ✅Securing and Evaluating Electronic Crime Scene

    ✅Conducting Preliminary Interviews

    ✅Documenting Electronic Crime Scene

    ✅Collecting and Preserving Electronic Evidence

    ✅Packaging and Transporting Electronic Evidence

    ✅Reporting the Crime Scene

    ✅Note Taking Checklist

    ✅First Responder Common Mistakes


  • Chaptar 6. Computer Forensics Lab

    ✅Setting a Computer Forensics Lab

    ✅Computer Forensics Lab

    ✅Planning for a Forensics Lab

    ✅Budget Allocation for a Forensics Lab

    ✅Physical Location Needs of a Forensics Lab

    ✅Structural Design Considerations

    ✅Environmental Conditions

    ✅Electrical Needs

    ✅Communication Needs

    ✅Work Area of a Computer Forensics Lab

    ✅Ambience of a Forensics Lab

    ✅Ambience of a Forensics Lab: Ergonomics

    ✅Physical Security Recommendations

    ✅Fire-Suppression Systems

    ✅Evidence Locker Recommendations

    ✅Computer Forensic Investigator

    ✅Law Enforcement Officer

    ✅Lab Director

    ✅Forensics Lab Licensing Requisite

    ✅Features of the Laboratory Imaging System

    ✅Technical Specification of the Laboratory-??ased Imaging System

    ✅Forensics Lab

    ✅Auditing a Computer Forensics Lab

    ✅Recommendations to Avoid Eyestrain

    ✅Investigative Services in Computer Forensics

    ✅Computer Forensics Hardware

    ✅Computer Forensics Software


  • Chaptar 7. Understanding Hard Disks and File Systems

    ✅Hard Disk Drive Overview

    ✅Disk Drive Overview

    ✅Hard Disk Drive

    ✅Solid-State Drive (SSD)

    ✅Physical Structure of a Hard Disk

    ✅Logical Structure of Hard Disk

    ✅Types of Hard Disk Interfaces

    ✅Hard Disk Interfaces

    ✅Disk Platter


    ✅Bad Sector

    ✅Hard Disk Data Addressing

    ✅Disk Capacity Calculation




    ✅Measuring the Performance of the Hard Disk

    ✅Disk Partitions and Boot Process

    ✅RAID Storage System

    ✅File System Analysis Using The Sleuth Kit (TSK)



  • Chaptar 8. Windows Forensics

    ✅Collecting Volatile Information

    ✅Volatile Information

    ✅Collecting Non-volatile Information

    ✅Windows Memory Analysis

    ✅Windows Registry Analysis

    ✅Cache, Cookie, and History Analysis

    ✅MD5 Calculation

    ✅Windows File Analysis

    ✅Metadata Investigation

    ✅Text Based Logs

    ✅Other Audit Events

    ✅Forensic Analysis of Event Logs

    ✅Windows Password Issues

    ✅Forensic Tools



  • Chaptar 9. Data Acquisition and Duplication

    ✅Data Acquisition and Duplication Concepts

    ✅Data Acquisition Types

    ✅Disk Acquisition Tool Requirements

    ✅Validation Methods

    ✅RAID Data Acquisition

    ✅Acquisition Best Practices

    ✅Data Acquisition Software Tools

    ✅Data Acquisition Hardware Tools



  • Chaptar 10. Recovering Deleted Files and Deleted Partitions

    ✅Recovering the Deleted Files

    ✅Deleting Files

    ✅What Happens When a File is Deleted in Windows?

    ✅Recycle Bin in Windows

    ✅File Recovery in MAC OS X


    ✅File Recovery in Linux

    ✅File Recovery Tools for Windows

    ✅File Recovery Tools for MAC

    ✅File Recovery Tools for Linux

    ✅Recovering the Deleted Partitions

    ✅Partition Recovery Tools


  • Chaptar 11. Forensics Investigation using Access Data FTK

    ✅Overview and Installation of FTK

    ✅Overview of Forensic Toolkit (FTK)

    ✅Features of FTK

    ✅Software Requirement

    ✅Configuration Option

    ✅Database Installation

    ✅FTK Application Installation

    ✅FTK Case Manager User Interface

    ✅FTK Examiner User Interface

    ✅Starting with FTK

    ✅FTK Interface Tabs

    ✅Adding and Processing Static, Live, and Remote Evidence

    ✅Using and Managing Filters

    ✅Using Index Search and Live Search

    ✅Decrypting EFS and other Encrypted Files

    ✅Working with Reports



  • Chaptar 12. Forensics Investigation Using EnCase

    ✅Overview of EnCase Forensic

    ✅Overview of EnCase Forensic

    ✅EnCase Forensic Features

    ✅EnCase Forensic Platform

    ✅EnCase Forensic Modules

    ✅Installing EnCase Forensic

    ✅EnCase Interface


    ✅Case Management

    ✅Working with Evidence

    ✅Source Processor

    ✅Analyzing and Searching Files

    ✅Viewing File Content

    ✅Bookmarking Items




  • Chaptar 13. Steganography and Image File Forensics


    ✅What is Steganography?

    ✅How Steganography Works

    ✅Legal Use of Steganography

    ✅Unethical Use of Steganography


    ✅Steganography Techniques


    ✅Image Files

    ✅Data Compression

    ✅Locating and Recovering Image Files

    ✅Image File Forensics Tools


  • Chaptar 14. Application Password Crackers

    ✅Password Cracking Concepts

    ✅Password – Terminology

    ✅Password Types

    ✅Password Cracker

    ✅How Does a Password Cracker Work?

    ✅How Hash Passwords are Stored in Windows SAM

    ✅Types of Password Attacks

    ✅Classification of Cracking Software

    ✅Systems Software vs. Applications Software

    ✅System Software Password Cracking

    ✅Application Software Password Cracking

    ✅Password Cracking Tools



  • Chaptar 15. Log Capturing and Event Correlation

    ✅Computer Security Logs

    ✅Computer Security Logs

    ✅Operating System Logs

    ✅Application Logs

    ✅Security Software Logs

    ✅Router Log Files

    ✅Honeypot Logs

    ✅Linux Process Accounting

    ✅Logon Event in Window

    ✅Windows Log File

    ✅IIS Logs

    ✅Log File Accuracy

    ✅Log Everything

    ✅Keeping Time

    ✅UTC Time

    ✅ODBC Logging

    ✅Logs and Legal Issues

    ✅Log Management

    ✅Centralized Logging and Syslogs

    ✅Time Synchronization

    ✅Event Correlation

    ✅Log Capturing and Analysis Tools


  • Chaptar 16. Network Forensics, Investigating Logs and Investigating Network Traffic

    ✅Network Forensics

    ✅Network Forensics

    ✅Network Forensics Analysis Mechanism

    ✅Network Addressing Schemes

    ✅Overview of Network Protocols

    ✅Overview of Physical and Data-Link Layer of the OSI Model

    ✅Overview of Network and Transport Layer of the OSI Model

    ✅OSI Reference Model

    ✅TCP/ IP Protocol


    ✅Intrusion Detection Systems (IDS) and ??heir Placement



    ✅Network Attacks

    ✅Log Injection Attacks

    ✅Investigating and Analyzing Logs

    ✅Investigating Network Traffic

    ✅Traffic Capturing and Analysis Tools

    ✅Documenting the Evidence Gathered on a Network


  • Chaptar 17. Investigating Wireless Attacks

    ✅Wireless Technologies

    ✅Wireless Networks

    ✅Wireless Terminologies

    ✅Wireless Components

    ✅Types of Wireless Networks

    ✅Wireless Standards

    ✅MAC Filtering

    ✅Service Set Identifier (SSID)

    ✅Types of Wireless Encryption: WEP

    ✅Types of Wireless Encryption: WPA

    ✅Types of Wireless Encryption: WPA2

    ✅WEP vs. WPA vs. WPA2

    ✅Wireless Attacks

    ✅Investigating Wireless Attacks

    ✅Features of a Good Wireless Forensics Tool

    ✅Wireless Forensics Tools

    ✅Traffic Capturing and Analysis Tools



  • Chaptar 18. Investigating Web Attacks

    ✅Introduction to Web Applications and Webservers

  • Chaptar 19. Tracking Emails and investigating Email Crimes

    ✅Email Terminology

    ✅Email System

    ✅Email Clients

    ✅Email Server

    ✅SMTP Server

    ✅POP3 and IMAP Servers

    ✅Importance of Electronic Records Management

    ✅Email Message

    ✅Email Crimes

    ✅Email Headers

    ✅Steps to Investigate

    ✅Email Forensics Tools

    ✅Laws and Acts against Email Crimes


  • Chaptar 20. Mobile Forensics

    ✅Mobile Phone

    ✅Different Mobile Devices

    ✅Hardware Characteristics of Mobile Devices

    ✅Software Characteristics of Mobile Devices

    ✅Components of Cellular Network

    ✅Different Cellular Networks

    ✅Cellular Network

    ✅Mobile Operating Systems

    ✅Mobile Forensics

    ✅Mobile Forensic Process

    ✅Mobile Forensics Software Tools

    ✅Mobile Forensics Hardware Tools


  • Chaptar 21. Investigative Reports

    ✅Computer Forensics Report

    ✅Computer Forensics Report

    ✅Salient Features of a Good Report

    ✅Aspects of a Good Report

    ✅Computer Forensics Report Template

    ✅Investigative Report Writing

    ✅Sample Forensics Report

    ✅Report Writing Using Tools


  • Chaptar 22. Becoming an Expert Witness

    ✅Expert Witness

  • What is the Computer Hacking Forensic Investigator Exam?

    Computer hacking forensic investigation Exam is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks. CHFI investigators can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information known as computer data recovery.

  • How much time take ?

    1 hours 

  • what is the extention policy?

    EC-Council exam vouchers are valid for a maximum period of one year from the date of purchase. A candidate may opt to extend his/her EC-Council exam vouchers for an additional 3 months for $35 if the voucher is valid (not used and not expired). Vouchers can only be extended once.

  • What is the passing criteria for the Exam?

    To ensure each form has equal assessment standards, cut scores are set on a “per exam form” basis. Depending on which exam form is challenged, cut scores can range from 60% to 85%.

  • Key Features:
  • Created by a Security expert :
  • Access period : 12 months
  • Course duration : 40+ hours
  • Quizzes & revision exams :
  • Certificate of completion :
  • Support : 24/7 hours
Feature Picture

Why choose the Computer Hacking Forensic Investigator?

Aspire-IT-Executive Image

Computer Security and Computer investigations are changing terms. More tools are being invented daily for conducting Computer Investigations, be it computer crime, digital forensics, computer investigations, or even standard computer data recovery. The tools and techniques covered in EC-Council’s CHFI program will prepare you to conduct computer investigations using groundbreaking digital forensics technologies.

Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property and fraud. CHFI investigators can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information known as computer data recovery.

Included in your modules

  • Essential skills for your career
  • Computer Forensics in Today’s World
  • Computer Forensics Investigation Process
  • Understanding Hard Disks and File Systems
  • Operating System Forensics
  • Defeating Anti-Forensics Techniques
  • Data Acquisition and Duplication
  • Network Forensics
  • Investigating Web Attacks
  • Database Forensics
  • Cloud Forensics
  • Malware Forensics
  • Investigating Email Crimes
  • Mobile Forensics
  • Investigative Reports
Aspire-IT-Executive Image

Get certified the
Learning People way

Professional development courses that work around you

  • Official EC-Council training
  • Global community of peers
  • Hands-on interactive labs
  • 12 months unlimited access

Why learn with us?

  • We're tech career experts
  • 25,000+ students worldwide
  • Alternative to traditional university education
  • Start a new career or advance your current one & land your dream job
  • Most in-demand skills for today's job market
  • Partnered with biggest accreditors in the world
  • Exclusive student benefits; CV detox, NUS, industry events & loads more
IT-Parofessional Image

Boost Engagement with delivering Communication Tools

Bootcamp Image

Increase employee engagement with a different suite of communication tools like:


Promote your training program with visuals you can customize to brand... more  


Send training updates and security best practice highlights directly... more  

Digital wallpapers and web banners

Increase program engagement with colorful thought-provoking messaging... more  

Training Videos/Animations

Strengthen key awareness concepts and skills through stylish visual... more  

Why Aspire Tech

Award-winning courses

Aspire's award-winning online course and programs are designed and taught by distinguished Cyber Security expert.

The perfect fit for business

Plans for small to large organizations, with flexibility to fit inside your budget. Volume discounting available.

Cost effective training

Train thousands of staff members across multiple locations for a function of the cost of traditional classroom training.

Speak with an expert