Level: Foundation

Computer Hacking Forensic Investigator (CHFI)

5 Day | Instructor Led

Computer forensics enables the systematic and careful identification of evidence in computer related crime and abuse cases. This may range from tracing the tracks of a hacker through a client systems, to tracing the originator of defamatory emails, to recovering signs of fraud.

The CHFI course will provide participants the necessary skills to identify an intruder's footprints and to properly gather the necessary evidence to prosecute in the court of law.

Inquire About:
Computer Hacking Forensic Investigator (CHFI)

Ideal Candidates for Computer Hacking Forensic Investigator (CHFI) Class

IT professionals involved with information system security, computer forensics, and incident response

Computer Hacking Forensic Investigator (CHFI) Prerequisites

Experience with Windows and/or UNIX/Linux operating systems

Knowledge of TCP/IP and networking

Security+ certification is recommended

Certified Ethical Hacker certification is strongly recommended

What You'll Get in Computer Hacking Forensic Investigator (CHFI)

CHFI Official Courseware

Up to 13Gs of tools, scripts, and additional information.

An image of Backtrack Linux is also provided for those that cannot download such a large file on their own. It is a combination of open source, freeware, and evaluation software.

Hands-on practice/skills development on hacking from both Microsoft and Linux

70 precent hands-on activity during the class

What You'll Learn in Computer Hacking Forensic Investigator (CHFI)

Law and computer forensics in todays world

How the computer investigation process and security incident response team work

Computer forensic laboratory requirements

Understanding file systems and hard disks

Windows forensics

Linux and Macintosh boot processes

Linux forensics

Data acquisition and duplication

Recovering deleted files

Image files forensics


Computer forensics tools

Application password crackers

Investigating logs and network traffic

Router forensics

Investigating web attacks and e-mail crimes, tracking e-mail

Mobile and PDA forensics

Investigating trademark and copyright infringement

Investigative reports and becoming an expert witness

Forensics in action

Computer Hacking Forensic Investigator (CHFI) Certification

The Computer Hacking Forensic Investigator exam EC0 312-49 may be taken on the last day of the training (optional). Students need to pass the online Prometric exam to receive CHFI certification.

Computer Hacking Forensic Investigator (CHFI) Outline

1. Computer Forensics in Today's World

2. Computer Forensics Investigation Process

3. Searching and Seizing Computers

4. Digital Evidence

5. First Responder Procedures

6. Computer Forensics Lab

7. Understanding Hard Disks and File Systems

8. Windows Forensics

9. Data Acquisition and Duplication

10. Recovering Deleted Files and Deleted Partitions

11. Forensics Investigation Using AccessData FTK

12. Forensics Investigation Using EnCase

13. Steganography and Image File Forensics

14. Application Password Crackers

15. Log Capturing and Event Correlation

16. Network Forensics, Investigating Logs and Investigating Network Traffic

17. Investigating Wireless Attacks

18. Investigating Web Attacks

19. Tracking Emails and Investigating Email Crimes

20. Mobile Forensics

21. Investigative Reports

22. Becoming an Expert Witness


A. Erlich


I just wanted to say your presentation on Social Media Technology and Security was the finest I have ever attended.

Wilder Guerra

US Navy Reserve

This course is definitely an eye opener. With how much social media has taken over, it is important to be fully aware of the capabilities along with all the risks it brings. It is important to get this course because social media is the new norm.

Rebekah Coughlin


The Social Media and Security Training course offered by UKI is a great and beneficial course combining technical training to fully understand TCP IP networking, DNS, and the harms of malware and cross-site scripting; as well as practical training that allowed attendees to play with open source social intelligence gathering solutions. This is the perfect class for those involved in IT security and interested in social media and identity theft.

Top Related Courses

The BEC XXE exercise is a customized, six-hour, Cyber Range exercise hosted on ManTech’s Advanced Cyber Range Environment (ACRE). Lead by expert cyber security engineers, the exercise can be executed in a classroom and remotely. In this exercise, BEC-based attacks are simulated. Participants will be introduced to variations of the BEC attack (both external and internal) and will capture, preserve and recover network and host-based artifacts from the attacks. They will also determine the origin of the attacks, the extent of the compromise, and any on-going activity related to it. Discussion focuses on blue team threat hunter tasks. This exercise uses a hands-on keyboard approach to create realistic technical training and management interaction opportunities where participants respond to and report events as identified. Participants are engaged via an Incident Response "Observe/Engage" Model and are encouraged to view the attack as if it were happening to their institutions in real time. Participants are asked to share what they have done or would do based on the facts provided.

All actions in war, regardless of the level, are based upon either taking the initiative or reacting in response to the opponent. By taking the initiative, we dictate the terms of the conflict and force the enemy to meet us on our terms. The initiative allows us to pursue some positive aim even if only to preempt an enemy initiative. It is through the initiative that we seek to impose our will on the enemy.

Cyber Vanguard Series - Cyber Strike takes the offensive and defensive assault tactics and applies them in several different real world scenarios. The entire course is hands on and builds upon the skills and knowledge the students have previously received. Applications include Offensive only - Hunt Teaming, Data Harvesting, and Asset Extraction, Defensive Only – Defending Your Assets, Setting Active Intrusion Systems, Vulnerability Assessment and Remediation, and Offensive and Defensive – Capture the Flag, where teams are pitted against each other to protect their own resources while attacking the opposing team.

© 2019 Ultimate Knowledge Insitute | All Rights Reserved
GSA# GS-35F-0469W