EC-Council Computer Hacking Forensic Investigator (CHFI) iClass|iLearn

EC-Council Computer Hacking Forensic Investigator (CHFI) iClass|iLearn Course Description

Duration: 365.00 days (40 hours)

Price: $1,899.00

EC-Council

This computer forensics course will give participants the necessary skills to identify an intruder's footprints and to properly gather the necessary evidence to prosecute. Many of today's top tools of the forensic trade will be taught during this course, including software, hardware and specialized techniques. It is no longer a matter of "will your organization be comprised (hacked)?" but, rather, "when?"

The Computer Hacking Forensic Investigator (CHFI) iClass|iLearn, a self-paced learning, course delivers the security discipline of digital forensics from a vendor-neutral perspective. CHFI is a comprehensive course covering major forensic investigation scenarios and the course enables students to acquire necessary hands-on experience with various forensic investigation techniques and standard forensic tools necessary to successfully carryout a computer forensic investigation leading to prosecution of perpetrators.

CHFI presents a methodological approach to computer forensics including searching and seizing, chain-of-custody, acquisition, preservation, analysis and reporting of digital evidence.


What's Included
- Self-paced online training
- One year access to the official e-courseware
- Six months access to EC-Council's official Online lab environment (iLabs)
- Certification Voucher


Buy eLearning

Next Class Dates

Contact us to customize this class with your own dates, times and location. You can also call 1-888-563-8266 or chat live with a Learning Consultant.

Back to Top

Intended Audience for this EC-Council Computer Hacking Forensic Investigator (CHFI) iClass|iLearn Course

  • » Anyone interested in cyber forensics/investigations
  • » Attorneys, legal consultants, and lawyers
  • » Law enforcement officers
  • » Police officers
  • » Federal/ government agents
  • » Defense and military
  • » Detectives/ investigators
  • » Incident response team members
  • » Information security managers
  • » Network defenders
  • » IT professionals, IT directors/ managers
  • » System/network engineers
  • » Security analyst/ architect/ auditors/ consultants

Back to Top

Course Prerequisites for EC-Council Computer Hacking Forensic Investigator (CHFI) iClass|iLearn

  • » IT/forensics professionals with basic knowledge on IT/cyber security, computer forensics, and incident response
  • » Prior completion of CEH training would be an advantage

Back to Top

EC-Council Computer Hacking Forensic Investigator (CHFI) iClass|iLearn Course Objectives

  • » A complete vendor neutral course covering all major forensics investigations technologies and solutions
  • » Detailed labs for hands-on learning experience; approximately 50% of training time is dedicated to labs
  • » It covers all the relevant knowledge-bases and skills to meets with regulatory compliance standards such as ISO 27001, PCI DSS, SOX, HIPPA, etc
  • » The program presents a repeatable forensics investigation methodology required from a versatile digital forensic professional which increases your employability

Back to Top

EC-Council Computer Hacking Forensic Investigator (CHFI) iClass|iLearn Course Outline

      1. Computer Forensics in Today’s World
        1. Forensics Science
        2. Computer Forensics
          1. Security Incident Report
          2. Aspects of Organizational Security
          3. Evolution of Computer Forensics
          4. Objective of Computer Forensics
          5. Need for Compute Forensics
        3. Forensics Readiness
          1. Benefits of Forensics Readiness
          2. Goals of Forensics Readiness
          3. Forensics Readiness Planning
        4. Cyber Crime
          1. Computer Facilitated Crimes
          2. Modes of Attacks
          3. Examples of Cyber Crime
          4. Types of Computer Crimes
          5. Cyber Criminals
          6. Organized Cyber Crime: Organizational Chart
          7. How Serious are Different Types of Incidents?
          8. Disruptive Incidents to the Business
          9. Cost Expenditure Responding to the Security Incident
        5. Cyber Crime Investigation
          1. Key Steps in Forensics Investigation
          2. Rules of Forensics Investigation
          3. Need for Forensics Investigator
          4. Role of Forensics Investigator
          5. Accessing Computer Forensics Resources
          6. Role of Digital Evidence
        6. Corporate Investigations
          1. Understanding Corporate Investigations
          2. Approach to Forensics Investigation: A Case Study
          3. Instructions for the Forensic Investigator to Approach the Crime Scene
          4. Why and When Do You Use Computer Forensics?
          5. Enterprise Theory of Investigation (ETI)
          6. Legal Issues
          7. Reporting the Results
        7. Reporting a Cyber Crime
          1. Why you Should Report Cybercrime?
          2. Reporting Computer-Related Crimes
          3. Person Assigned to Report the Crime
          4. When and How to Report an Incident?
          5. Who to Contact at the Law Enforcement?
          6. Federal Local Agents Contact
          7. More Contacts
          8. CIO Cyberthreat Report Form
        8. Forensics Science
        9. Computer Forensics
          1. Security Incident Report
          2. Aspects of Organizational Security
          3. Evolution of Computer Forensics
          4. Objective of Computer Forensics
          5. Need for Compute Forensics
        10. Forensics Readiness
          1. Benefits of Forensics Readiness
          2. Goals of Forensics Readiness
          3. Forensics Readiness Planning
        11. Cyber Crime
          1. Computer Facilitated Crimes
          2. Modes of Attacks
          3. Examples of Cyber Crime
          4. Types of Computer Crimes
          5. Cyber Criminals
          6. Organized Cyber Crime: Organizational Chart
          7. How Serious are Different Types of Incidents?
          8. Disruptive Incidents to the Business
          9. Cost Expenditure Responding to the Security Incident
        12. Cyber Crime Investigation
          1. Key Steps in Forensics Investigation
          2. Rules of Forensics Investigation
          3. Need for Forensics Investigator
          4. Role of Forensics Investigator
          5. Accessing Computer Forensics Resources
          6. Role of Digital Evidence
        13. Corporate Investigations
          1. Understanding Corporate Investigations
          2. Approach to Forensics Investigation: A Case Study
          3. Instructions for the Forensic Investigator to Approach the Crime Scene
          4. Why and When Do You Use Computer Forensics?
          5. Enterprise Theory of Investigation (ETI)
          6. Legal Issues
          7. Reporting the Results
        14. Reporting a Cyber Crime
          1. Why you Should Report Cybercrime?
          2. Reporting Computer-Related Crimes
          3. Person Assigned to Report the Crime
          4. When and How to Report an Incident?
          5. Who to Contact at the Law Enforcement?
          6. Federal Local Agents Contact
          7. More Contacts
          8. CIO Cyberthreat Report Form
      2. Computer Forensics Investigation Process
        1. Investigating Computer Crime
          1. Before the Investigation
          2. Build a Forensics Workstation
          3. Building the Investigation Team
          4. People Involved in Computer Forensics
          5. Review Policies and Laws
          6. Forensics Laws
          7. Notify Decision Makers and Acquire Authorization
          8. Risk Assessment
          9. Build a Computer Investigation Toolkit
        2. Steps to Prepare for a Computer Forensics Investigation
        3. Computer Forensics Investigation Methodology
        4. Obtain Search Warrant
          1. Example of Search Warrant
          2. Searches Without a Warrant
        5. Evaluate and Secure the Scene
          1. Forensics Photography
          2. Gather the Preliminary Information at the Scene
          3. First Responder
        6. Collect the Evidence
          1. Collect Physical Evidence
          2. Collect Electronic Evidence
          3. Guidelines for Acquiring Evidence
        7. Secure the Evidence
          1. Evidence Management
          2. Chain of Custody
        8. Acquire the Data
          1. Duplicate the Data (Imaging)
          2. Verify Image Integrity
          3. Recover Lost or Deleted Data
        9. Analyze the Data
          1. Data Analysis
          2. Data Analysis Tools
        10. Assess Evidence and Case
          1. Evidence Assessment
          2. Case Assessment
          3. Processing Location Assessment
          4. Best Practices to Assess the Evidence
        11. Prepare the Final Report
          1. Documentation in Each Phase
          2. Gather and Organize Information
          3. Writing the Investigation Report
          4. Sample Report
        12. Testifying as an Expert Witness
          1. Expert Witness
          2. Testifying in the Court Room
          3. Closing the Case
          4. Maintaining Professional Conduct
          5. Investigating a Company Policy Violation
          6. Computer Forensics Service Providers
        13. Investigating Computer Crime
          1. Before the Investigation
          2. Build a Forensics Workstation
          3. Building the Investigation Team
          4. People Involved in Computer Forensics
          5. Review Policies and Laws
          6. Forensics Laws
          7. Notify Decision Makers and Acquire Authorization
          8. Risk Assessment
          9. Build a Computer Investigation Toolkit
        14. Steps to Prepare for a Computer Forensics Investigation
        15. Computer Forensics Investigation Methodology
        16. Obtain Search Warrant
          1. Example of Search Warrant
          2. Searches Without a Warrant
        17. Evaluate and Secure the Scene
          1. Forensics Photography
          2. Gather the Preliminary Information at the Scene
          3. First Responder
        18. Collect the Evidence
          1. Collect Physical Evidence
          2. Collect Electronic Evidence
          3. Guidelines for Acquiring Evidence
        19. Secure the Evidence
          1. Evidence Management
          2. Chain of Custody
        20. Acquire the Data
          1. Duplicate the Data (Imaging)
          2. Verify Image Integrity
          3. Recover Lost or Deleted Data
        21. Analyze the Data
          1. Data Analysis
          2. Data Analysis Tools
        22. Assess Evidence and Case
          1. Evidence Assessment
          2. Case Assessment
          3. Processing Location Assessment
          4. Best Practices to Assess the Evidence
        23. Prepare the Final Report
          1. Documentation in Each Phase
          2. Gather and Organize Information
          3. Writing the Investigation Report
          4. Sample Report
        24. Testifying as an Expert Witness
          1. Expert Witness
          2. Testifying in the Court Room
          3. Closing the Case
          4. Maintaining Professional Conduct
          5. Investigating a Company Policy Violation
          6. Computer Forensics Service Providers
      3. Searching & Seizing Computers
        1. Searching and Seizing Computers without a Warrant
        2. Searching and Seizing Computers without a Warrant
        3. Fourth Amendment’s “Reasonable Expectation of Privacy” in Cases Involving Computers: General Principles
          1. Reasonable Expectation of Privacy in Computers as Storage Devices
          2. Reasonable Expectation of Privacy and Third-Party Possession
          3. Private Searches
          4. Use of Technology to Obtain Information
          5. Exceptions to the Warrant Requirement in Cases Involving Computers
        4. Consent
          1. Scope of Consent
          2. Third-Party Consent
          3. Implied Consent
        5. Exigent Circumstances
        6. Plain View
        7. Search Incident to a Lawful Arrest
        8. Inventory Searches
        9. Border Searches
        10. International Issues
        11. Special Case: Workplace Searches
        12. Private Sector Workplace Searches
        13. Public-Sector Workplace Searches
        14. Searching and Seizing Computers with a Warrant
          1. Searching and Seizing Computers with a Warrant
          2. A.1: Basic Strategies for Executing Computer Searches
          3. The Privacy Protection Act
          4. Drafting the Warrant and Affidavit
          5. Post-Seizure Issues
        15. The Electronic Communications Privacy Act
          1. Providers of Electronic Communication Service vs. Remote Computing Service
          2. Classifying Types of Information Held by Service Providers
          3. Compelled Disclosure Under ECPA
          4. Voluntary Disclosure
          5. Working with Network Providers
        16. Electronic Surveillance in Communications Networks
          1. Content vs. Addressing Information
          2. The Pen/Trap Statute, 18 U.S.C. §§ 3121-3127
          3. The Wiretap Statute (“Title III”), 18 U.S.C. §§ 2510-2522
          4. Remedies For Violations of Title III and the Pen/Trap Statute
        17. Evidence
          1. Authentication
          2. Hearsay
          3. Other Issues
      4. Digital Evidence
        1. Digital Data
          1. Definition of Digital Evidence
          2. Increasing Awareness of Digital Evidence
          3. Challenging Aspects of Digital Evidence
          4. The Role of Digital Evidence
          5. Characteristics of Digital Evidence
          6. Fragility of Digital Evidence
          7. Anti-Digital Forensics (ADF)
        2. Types of Digital Data
          1. Types of Digital Data
        3. Rules of Evidence
          1. Rules of Evidence
          2. Best Evidence Rule
          3. Federal Rules of Evidence
          4. International Organization on Computer Evidence (IOCE)
          5. IOCE International Principles for Digital Evidence
          6. Scientific Working Group on Digital Evidence (SWGDE)
          7. SWGDE Standards for the Exchange of Digital Evidence
        4. Electronic Devices: Types and Collecting Potential Evidence
          1. Electronic Devices: Types and Collecting Potential Evidence
        5. Digital Evidence Examination Process
          1. Evidence Assessment
          2. Evidence Acquisition
          3. Evidence Preservation
          4. Evidence Examination and Analysis
          5. Evidence Documentation and Reporting
        6. Electronic Crime and Digital Evidence Consideration by Crime Category
          1. Electronic Crime and Digital Evidence Consideration by Crime Category
      5. First Responder Procedures
        1. Electronic Evidence
        2. First Responder
        3. Roles of First Responder
        4. Electronic Devices: Types and Collecting Potential Evidence
        5. First Responder Toolkit
          1. First Responder Toolkit
          2. Creating a First Responder Toolkit
          3. Evidence Collecting Tools and Equipment
        6. First Response Basics
          1. First Response Rule
          2. Incident Response: Different Situations
          3. First Response for System Administrators
          4. First Response by Non-Laboratory Staff
          5. First Response by Laboratory Forensics Staff
        7. Securing and Evaluating Electronic Crime Scene
          1. Securing and Evaluating Electronic Crime Scene: A Checklist
          2. Securing the Crime Scene
          3. Warrant for Search and Seizure
          4. Planning the Search and Seizure
          5. Initial Search of the Scene
          6. Health and Safety Issues
        8. Conducting Preliminary Interviews
          1. Questions to Ask When Client Calls the Forensic Investigator
          2. Consent
          3. Sample of Consent Search Form
          4. Witness Signatures
          5. Conducting Preliminary Interviews
          6. Conducting Initial Interviews
          7. Witness Statement Checklist
        9. Documenting Electronic Crime Scene
          1. Documenting Electronic Crime Scene
          2. Photographing the Scene
          3. Sketching the Scene
          4. Video Shooting the Crime Scene
        10. Collecting and Preserving Electronic Evidence
          1. Collecting and Preserving Electronic Evidence
          2. Order of Volatility
          3. Dealing with Powered On Computers
          4. Dealing with Powered Off Computers
          5. Dealing with Networked Computer
          6. Dealing with Open Files and Startup Files
          7. Operating System Shutdown Procedure
          8. Computers and Servers
          9. Preserving Electronic Evidence
          10. Seizing Portable Computers
          11. Switched On Portables
          12. Collecting and Preserving Electronic Evidence
        11. Packaging and Transporting Electronic Evidence
          1. Evidence Bag Contents List
          2. Packaging Electronic Evidence
          3. Exhibit Numbering
          4. Transporting Electronic Evidence
          5. Handling and Transportation to the Forensics Laboratory
          6. Storing Electronic Evidence
          7. Chain of Custody
          8. Simple Format of the Chain of Custody Document
          9. Chain of Custody Forms
          10. Chain of Custody on Property Evidence Envelope/Bag and Sign-out Sheet
        12. Reporting the Crime Scene
          1. Reporting the Crime Scene
        13. Note Taking Checklist
        14. First Responder Common Mistakes
        15. Electronic Evidence
        16. First Responder
        17. Roles of First Responder
        18. Electronic Devices: Types and Collecting Potential Evidence
        19. First Responder Toolkit
          1. First Responder Toolkit
          2. Creating a First Responder Toolkit
          3. Evidence Collecting Tools and Equipment
        20. First Response Basics
          1. First Response Rule
          2. Incident Response: Different Situations
          3. First Response for System Administrators
          4. First Response by Non-Laboratory Staff
          5. First Response by Laboratory Forensics Staff
        21. Securing and Evaluating Electronic Crime Scene
          1. Securing and Evaluating Electronic Crime Scene: A Checklist
          2. Securing the Crime Scene
          3. Warrant for Search and Seizure
          4. Planning the Search and Seizure
          5. Initial Search of the Scene
          6. Health and Safety Issues
        22. Conducting Preliminary Interviews
          1. Questions to Ask When Client Calls the Forensic Investigator
          2. Consent
          3. Sample of Consent Search Form
          4. Witness Signatures
          5. Conducting Preliminary Interviews
          6. Conducting Initial Interviews
          7. Witness Statement Checklist
        23. Documenting Electronic Crime Scene
          1. Documenting Electronic Crime Scene
          2. Photographing the Scene
          3. Sketching the Scene
          4. Video Shooting the Crime Scene
        24. Collecting and Preserving Electronic Evidence
          1. Collecting and Preserving Electronic Evidence
          2. Order of Volatility
          3. Dealing with Powered On Computers
          4. Dealing with Powered Off Computers
          5. Dealing with Networked Computer
          6. Dealing with Open Files and Startup Files
          7. Operating System Shutdown Procedure
          8. Computers and Servers
          9. Preserving Electronic Evidence
          10. Seizing Portable Computers
          11. Switched On Portables
          12. Collecting and Preserving Electronic Evidence
        25. Packaging and Transporting Electronic Evidence
          1. Evidence Bag Contents List
          2. Packaging Electronic Evidence
          3. Exhibit Numbering
          4. Transporting Electronic Evidence
          5. Handling and Transportation to the Forensics Laboratory
          6. Storing Electronic Evidence
          7. Chain of Custody
          8. Simple Format of the Chain of Custody Document
          9. Chain of Custody Forms
          10. Chain of Custody on Property Evidence Envelope/Bag and Sign-out Sheet
        26. Reporting the Crime Scene
          1. Reporting the Crime Scene
        27. Note Taking Checklist
        28. First Responder Common Mistakes
      6. Computer Forensics Lab
        1. Setting a Computer Forensics Lab
          1. Computer Forensics Lab
          2. Planning for a Forensics Lab
          3. Budget Allocation for a Forensics Lab
          4. Physical Location Needs of a Forensics Lab
          5. Structural Design Considerations
          6. Environmental Conditions
          7. Electrical Needs
          8. Communication Needs
          9. Work Area of a Computer Forensics Lab
          10. Ambience of a Forensics Lab
          11. Ambience of a Forensics Lab: Ergonomics
          12. Physical Security Recommendations
          13. Fire-Suppression Systems
          14. Evidence Locker Recommendations
          15. Computer Forensic Investigator
          16. Law Enforcement Officer
          17. Lab Director
          18. Forensics Lab Licensing Requisite
          19. Features of the Laboratory Imaging System
          20. Technical Specification of the Laboratory-??ased Imaging System
          21. Forensics Lab
          22. Auditing a Computer Forensics Lab
          23. Recommendations to Avoid Eyestrain
        2. Investigative Services in Computer Forensics
          1. Computer Forensics Investigative Services
          2. Computer Forensic Investigative Service Sample
          3. Computer Forensics Services: PenrodEllis Forensic Data Discovery
          4. Data Destruction Industry Standards
          5. Computer Forensics Services
        3. Computer Forensics Hardware
          1. Equipment Required in a Forensics Lab
          2. Forensic Workstations
          3. Basic Workstation Requirements in a Forensics Lab
          4. Stocking the Hardware Peripherals
          5. Paraben Forensics Hardware
          6. Portable Forensic Systems and Towers: Forensic Air-Lite VI MK III laptop
          7. Portable Forensic Systems and Towers: Original Forensic Tower II and Forensic Solid Steel Tower
          8. Portable Forensic Workhorse V: Tableau 335 Forensic Drive Bay Controller
          9. Portable Forensic Systems and Towers: Forensic Air-Lite IV MK II
          10. Portable Forensic Systems and Towers: Forensic Air-Lite V MK III
          11. Portable Forensic Systems and Towers: Forensic Tower IV Dual Xeon
          12. Portable Forensic Systems and Towers: Ultimate Forensic Machine
          13. Forensic Write Protection Devices and Kits: Ultimate Forensic Write Protection Kit II-ES
          14. Tableau T3u Forensic SATA Bridge Write Protection Kit
          15. Tableau T8 Forensic USB Bridge Kit/Addonics Mini DigiDrive READ ONLY 12-in-1 Flash Media Reader
          16. Tableau TACC 1441 Hardware Accelerator
          17. Tableau TD1 Forensic Duplicator
          18. Power Supplies and Switches
          19. Digital Intelligence Forensic Hardware
          20. Wiebetech
          21. CelleBrite
          22. DeepSpar
          23. InfinaDyne Forensic Products
          24. Image MASSter
          25. Logicube
          26. VoomTech
        4. Computer Forensics Software
          1. Basic Software Requirements in a Forensic Lab
          2. Maintain Operating System and Application Inventories
          3. Imaging Software
          4. File Conversion Software
          5. File Viewer Software
          6. Analysis Software
          7. Monitoring Software
          8. Computer Forensics Software
      7. Understanding Hard Disks & File Systems
        1. Hard Disk Drive Overview
          1. Disk Drive Overview
          2. Hard Disk Drive
          3. Solid-State Drive (SSD)
          4. Physical Structure of a Hard Disk
          5. Logical Structure of Hard Disk
          6. Types of Hard Disk Interfaces
          7. Hard Disk Interfaces
          8. Disk Platter
          9. Tracks
          10. Sector
          11. Cluster
          12. Bad Sector
          13. Hard Disk Data Addressing
          14. Disk Capacity Calculation
          15. Measuring the Performance of the Hard Disk
        2. Disk Partitions and Boot Process
          1. Disk Partitions
          2. Master Boot Record
          3. What is the Booting Process?
          4. Essential Windows System Files
          5. Windows Boot Process
          6. Macintosh Boot Process
          7. http://www.bootdisk.com
        3. Understanding File Systems
          1. Understanding File Systems
          2. Types of File Systems
          3. List of Disk File Systems
          4. List of Network File Systems
          5. List of Special Purpose File Systems
          6. List of Shared Disk File Systems
          7. Popular Windows File Systems
          8. Popular Linux File Systems
          9. Mac OS X File System
        4. RAID Storage System
          1. RAID Levels
          2. Different RAID Levels
          3. Comparing RAID Levels
          4. Recover Data from Unallocated Space Using File Carving Process
        5. File System Analysis Using The Sleuth Kit (TSK)
          1. The Sleuth Kit (TSK)
      8. Windows Forensics
        1. Collecting Volatile Information
          1. Volatile Information
        2. Collecting Non-volatile Information
          1. Non-volatile Information
        3. Windows Memory Analysis
          1. Memory Dump
          2. EProcess Structure
          3. Process Creation Mechanism
          4. Parsing Memory Contents
          5. Parsing Process Memory
          6. Extracting the Process Image
          7. Collecting Process Memory
        4. Windows Registry Analysis
          1. Inside the Registry
          2. Registry Structure within a Hive File
          3. The Registry as a Log File
          4. Registry Analysis
          5. System Information
          6. TimeZone Information
          7. Shares
          8. Audit Policy
          9. Wireless SSIDs
          10. Autostart Locations
          11. System Boot
          12. User Login
          13. User Activity
          14. Enumerating Autostart Registry Locations
          15. USB Removable Storage Devices
          16. Mounted Devices
          17. Finding Users
          18. Tracking User Activity
          19. The UserAssist Keys
          20. MRU Lists
          21. Search Assistant
          22. Connecting to Other Systems
          23. Analyzing Restore Point Registry Settings
          24. Determining the Startup Locations
        5. Cache, Cookie, and History Analysis
          1. Cache, Cookie, and History Analysis in IE
          2. Cache, Cookie, and History Analysis in Firefox
          3. Cache, Cookie, and History Analysis in Chrome
          4. Analysis Tools
        6. MD5 Calculation
          1. Message Digest Function: MD5
          2. Why MD5 Calculation?
          3. MD5 Hash Calculators: HashCalc, MD5 Calculator and HashMyFiles
          4. MD5 Checksum Verifier
          5. ChaosMD5
        7. Windows File Analysis
          1. Recycle Bin
          2. System Restore Points (Rp.log Files)
          3. System Restore Points (Change.log.x Files)
          4. Prefetch Files
          5. Shortcut Files
          6. Word Documents
          7. PDF Documents
          8. Image Files
          9. File Signature Analysis
          10. NTFS Alternate Data Streams
          11. Executable File Analysis
          12. Documentation Before Analysis
          13. Static Analysis Process
          14. Search Strings
          15. PE Header Analysis
          16. Import Table Analysis
          17. Export Table Analysis
          18. Dynamic Analysis Process
          19. Creating Test Environment
          20. Collecting Information Using Tools
          21. Process of Testing the Malware
        8. Metadata Investigation
          1. Metadata
          2. Types of Metadata
          3. Metadata in Different File Systems
          4. Metadata in PDF Files
          5. Metadata in Word Documents
          6. Tool: Metadata Analyzer
        9. Text Based Logs
          1. Understanding Events
          2. Event Logon Types
          3. Event Record Structure
          4. Vista Event Logs
          5. IIS Logs
          6. Parsing FTP Logs
          7. Parsing DHCP Server Logs
          8. Parsing Windows Firewall Logs
          9. Using the Microsoft Log Parser
        10. Other Audit Events
          1. Evaluating Account Management Events
          2. Examining Audit Policy Change Events
          3. Examining System Log Entries
          4. Examining Application Log Entries
        11. Forensic Analysis of Event Logs
          1. Searching with Event Viewer
          2. Using EnCase to Examine Windows Event Log Files
          3. Windows Event Log Files Internals
        12. Windows Password Issues
          1. Understanding Windows Password Storage
          2. Cracking Windows Passwords Stored on Running Systems
          3. Exploring Windows Authentication Mechanisms
          4. Sniffing and Cracking Windows Authentication Exchanges
          5. Cracking Offline Passwords
        13. Forensic Tools
          1. Windows Forensics Tool: OS Forensics
          2. Windows Forensics Tool: Helix3 Pro
          3. Integrated Windows Forensics Software: X-Ways Forensics
          4. X-Ways Trace
          5. Windows Forensic Toolchest (WFT)
          6. Built-in Tool: Sigverif
          7. Computer Online Forensic Evidence Extractor (COFEE)
          8. System Explorer
          9. Tool: System Scanner
          10. Secret Explorer
          11. Registry Viewer Tool: Registry Viewer
          12. Registry Viewer Tool: Reg Scanner
          13. Registry Viewer Tool: Alien Registry Viewer
          14. MultiMon
          15. CurrProcess
          16. Process Explorer
          17. Security Task Manager
          18. PrcView
          19. ProcHeapViewer
          20. Memory Viewer
          21. Tool: PMDump
          22. Word Extractor
          23. Belkasoft Evidence Center
          24. Belkasoft Browser Analyzer
          25. Metadata Assistant
          26. HstEx
          27. XpoLog Center Suite
          28. LogViewer Pro
          29. Event Log Explorer
          30. LogMeister
          31. ProDiscover Forensics
          32. PyFlag
          33. LiveWire Investigator
          34. ThumbsDisplay
          35. DriveLook
      9. Data Acquisition & Duplication
        1. Data Acquisition and Duplication Concepts
          1. Data Acquisition
          2. Forensic and Procedural Principles
          3. Types of Data Acquisition Systems
          4. Data Acquisition Formats
          5. Bit Stream vs. Backups
          6. Why to Create a Duplicate Image?
          7. Issues with Data Duplication
          8. Data Acquisition Methods
          9. Determining the Best Acquisition Method
          10. Contingency Planning for Image Acquisitions
          11. Data Acquisition Mistakes
        2. Data Acquisition Types
          1. Rules of Thumb
          2. Static Data Acquisition
          3. Live Data Acquisition
        3. Disk Acquisition Tool Requirements
          1. Disk Imaging Tool Requirements
          2. Disk Imaging Tool Requirements: Mandatory
          3. Disk Imaging Tool Requirements: Optional
        4. Validation Methods
          1. Validating Data Acquisitions
          2. Linux Validation Methods
          3. Windows Validation Methods
        5. RAID Data Acquisition
          1. Understanding RAID Disks
          2. Acquiring RAID Disks
          3. Remote Data Acquisition
        6. Acquisition Best Practices
          1. Acquisition Best Practices
        7. Data Acquisition Software Tools
          1. Acquiring Data on Windows
          2. Acquiring Data on Linux
          3. dd Command
          4. dcfldd Command
          5. Extracting the MBR
          6. Netcat Command
          7. EnCase Forensic
          8. Analysis Software: DriveSpy
          9. ProDiscover Forensics
          10. AccessData FTK Imager
          11. Mount Image Pro
          12. Data Acquisition Toolbox
          13. SafeBack
          14. ILookPI
          15. RAID Recovery for Windows
          16. R-Tools R-Studio
          17. F-Response
          18. PyFlag
          19. LiveWire Investigator
          20. ThumbsDisplay
          21. DataLifter
          22. X-Ways Forensics
          23. R-drive Image
          24. DriveLook
          25. DiskExplorer
          26. P2 eXplorer Pro
          27. Flash Retriever Forensic Edition
        8. Data Acquisition Hardware Tools
          1. US-LATT
          2. Image MASSter: Solo-4 (Super Kit)
          3. Image MASSter: RoadMASSter- 3
          4. Tableau TD1 Forensic Duplicator
          5. Logicube: Forensic MD5
          6. Logicube: Portable Forensic Lab™
          7. Logicube: Forensic Talon®
          8. Logicube: RAID I/O Adapter™
          9. DeepSpar: Disk Imager Forensic Edition
          10. Logicube: USB Adapter
          11. Disk Jockey PRO
          12. Logicube: Forensic Quest-2®
          13. Logicube: CloneCard Pro
          14. Logicube: EchoPlus
          15. Paraben Forensics Hardware: Chat Stick
          16. Image MASSter: Rapid Image 7020CS IT
          17. Digital Intelligence Forensic Hardware: UltraKit
          18. Digital Intelligence Forensic Hardware: UltraBay II
          19. Digital Intelligence Forensic Hardware: UltraBlock SCSI
          20. Digital Intelligence Forensic Hardware: HardCopy 3P
          21. Wiebetech: Forensics DriveDock v4
          22. Wiebetech: Forensics UltraDock v4
          23. Image MASSter: WipeMASSter
          24. Image MASSter: WipePRO
          25. Portable Forensic Systems and Towers: Forensic Air-Lite V MK III
          26. Forensic Tower IV Dual Xeon
          27. Digital Intelligence Forensic Hardware: FREDDIE
          28. DeepSpar: 3D Data Recovery
          29. Logicube
          30. Paraben Forensics Hardware
          31. CelleBrite
          32. Data Acquisition and Duplication Concepts
          33. Data Acquisition Types
          34. Disk Acquisition Tool Requirements
          35. Validation Methods
          36. RAID Data Acquisition
          37. Acquisition Best Practices
          38. Data Acquisition Software Tools
          39. Data Acquisition Hardware Tools
      10. Recovering Delete Files & Deleted Partitions
        1. Recovering the Deleted Files
          1. Deleting Files
          2. What Happens When a File is Deleted in Windows?
          3. Recycle Bin in Windows
        2. File Recovery Tools for Windows
          1. Recover My Files
          2. EASEUS Data Recovery Wizard
          3. PC INSPECTOR File Recovery
          4. Recuva
          5. DiskDigger
          6. Handy Recovery
          7. Quick Recovery
          8. Stellar Phoenix Windows Data Recovery
          9. Tools to Recover Deleted Files
        3. File Recovery Tools for MAC
          1. MAC File Recovery
          2. MAC Data Recovery
          3. Boomerang Data Recovery Software
          4. VirtualLab
          5. File Recovery Tools for MAC OS X
        4. File Recovery Tools for Linux
          1. R-Studio for Linux
          2. Quick Recovery for Linux
          3. Kernal for Linux Data Recovery
          4. TestDisk for Linux
        5. Recovering the Deleted Partitions
          1. Disk Partition
          2. Deletion of Partition
          3. Recovery of the Deleted Partition
        6. Partition Recovery Tools
          1. Active@ Partition Recovery for Windows
          2. Acronis Recovery Expert
          3. DiskInternals Partition Recovery
          4. NTFS Partition Data Recovery
          5. GetDataBack
          6. EASEUS Partition Recovery
          7. Advanced Disk Recovery
          8. Power Data Recovery
          9. Remo Recover (MAC) – Pro
          10. MAC Data Recovery Software
          11. Quick Recovery for Linux
          12. Stellar Phoenix Linux Data Recovery Software
          13. Tools to Recover Deleted Partitions
        7. Recovering the Deleted Files
          1. Deleting Files
          2. What Happens When a File is Deleted in Windows?
          3. Recycle Bin in Windows
          4. File Recovery in MAC OS X
          5. File Recovery in Linux
        8. File Recovery Tools for Windows
          1. Recover My Files
          2. EASEUS Data Recovery Wizard
          3. PC INSPECTOR File Recovery
          4. Recuva
          5. DiskDigger
          6. Handy Recovery
          7. Quick Recovery
          8. Stellar Phoenix Windows Data Recovery
          9. Tools to Recover Deleted Files
        9. File Recovery Tools for MAC
          1. MAC File Recovery
          2. MAC Data Recovery
          3. Boomerang Data Recovery Software
          4. VirtualLab
          5. File Recovery Tools for MAC OS X
        10. File Recovery Tools for Linux
          1. R-Studio for Linux
          2. Quick Recovery for Linux
          3. Kernal for Linux Data Recovery
          4. TestDisk for Linux
        11. Recovering the Deleted Partitions
          1. Disk Partition
          2. Deletion of Partition
          3. Recovery of the Deleted Partition
        12. Partition Recovery Tools
          1. Active@ Partition Recovery for Windows
          2. Acronis Recovery Expert
          3. DiskInternals Partition Recovery
          4. NTFS Partition Data Recovery
          5. GetDataBack
          6. EASEUS Partition Recovery
          7. Advanced Disk Recovery
          8. Power Data Recovery
          9. Remo Recover (MAC) – Pro
          10. MAC Data Recovery Software
          11. Quick Recovery for Linux
          12. Stellar Phoenix Linux Data Recovery Software
          13. Tools to Recover Deleted Partitions
      11. Forensics Investigation Using Access Data FTK
        1. Overview and Installation of FTK
          1. Overview of Forensic Toolkit (FTK)
          2. Features of FTK
          3. Software Requirement
          4. Configuration Option
          5. Database Installation
          6. FTK Application Installation
        2. FTK Case Manager User Interface
          1. Case Manager Window
        3. FTK Examiner User Interface
          1. FTK Examiner User Interface
        4. Starting with FTK
          1. Creating a case
          2. Selecting Detailed Options: Evidence Processing
          3. Selecting Detailed Options: Fuzzy Hashing
          4. Selecting Detailed Options: Data Carving
          5. Selecting Detailed Options: Custom File Identification
          6. Selecting Detailed Options: Evidence Refinement (Advanced)
          7. Selecting Detailed Options: Index Refinement (Advanced)
        5. FTK Interface Tabs
          1. FTK Interface Tabs
        6. Adding and Processing Static, Live, and Remote Evidence
          1. Adding Evidence to a Case
          2. Evidence Groups
          3. Acquiring Local Live Evidence
          4. FTK Role Requirements For Remote Acquisition
          5. Types of Remote Information
          6. Acquiring Data Remotely Using Remote Device Management System (RDMS)
          7. Imaging Drives
          8. Mounting and Unmounting a Device
        7. Using and Managing Filters
          1. Accessing Filter Tools
          2. Using Filters
          3. Customizing Filters
          4. Using Predefined Filters
        8. Using Index Search and Live Search
          1. Conducting an Index Search
          2. Conducting a Live Search: Live Text Search
          3. Conducting a Live Search: Live Hex Search
          4. Conducting a Live Search: Live Pattern Search
        9. Decrypting EFS and other Encrypted Files
          1. Decrypting EFS Files and Folders
          2. Decrypting MS Office Files
          3. Viewing Decrypted Files
          4. Decrypting Domain Account EFS Files from Live Evidence
          5. Decrypting Credant Files
          6. Decrypting Safeboot Files
        10. Working with Reports
          1. Creating a Report
          2. Entering Case Information
          3. Managing Bookmarks in a Report
          4. Managing Graphics in a Report
          5. Selecting a File Path List
          6. Adding a File Properties List
          7. Making Registry Selections
          8. Selecting the Report Output Options
          9. Customizing the Formatting of Reports
          10. Viewing and Distributing a Report
      12. Forensic Investigation Using EnCase
        1. Overview of EnCase Forensic
          1. Overview of EnCase Forensic
          2. EnCase Forensic Features
          3. EnCase Forensic Platform
          4. EnCase Forensic Modules
        2. Installing EnCase Forensic
          1. Minimum Requirements
          2. Installing the Examiner
          3. Installed Files
          4. Installing the EnCase Modules
          5. Configuring EnCase
        3. EnCase Interface
          1. Main EnCase Window
        4. Case Management
          1. Overview of Case Structure
          2. Case Management
          3. Indexing a Case
          4. Case Backup
          5. Options Dialog Box
          6. Logon Wizard
          7. New Case Wizard
          8. Setting Time Zones for Case Files
          9. Setting Time Zone Options for Evidence Files
        5. Working with Evidence
          1. Types of Entries
          2. Adding a Device
          3. Performing a Typical Acquisition
          4. Acquiring a Device
          5. Canceling an Acquisition
          6. Acquiring a Handsprings PDA
          7. Delayed Loading of Internet Artifacts
          8. Hashing the Subject Drive
          9. Logical Evidence File (LEF)
          10. Creating a Logical Evidence File
          11. Recovering Folders on FAT Volumes
          12. Restoring a Physical Drive
        6. Source Processor
          1. Source Processor
          2. Starting to Work with Source Processor
          3. Setting Case Options
          4. Collection Jobs
          5. Analysis Jobs
          6. Creating a Report
        7. Analyzing and Searching Files
          1. Viewing the File Signature Directory
          2. Performing a Signature Analysis
          3. Hash Analysis
          4. Hashing a New Case
          5. Creating a Hash Set
          6. Keyword Searches
          7. Creating Global Keywords
          8. Adding Keywords
          9. Importing and Exporting Keywords
          10. Searching Entries for Email and Internet Artifacts
          11. Viewing Search Hits
          12. Generating an Index
          13. Tag Records
        8. Viewing File Content
          1. Viewing Files
          2. Copying and Unerasing Files
          3. Adding a File Viewer
          4. Viewing File Content Using View Pane
          5. Viewing Compound Files
          6. Viewing Base64 and UUE Encoded Files
        9. Bookmarking Items
          1. Bookmarks Overview
          2. Creating a Highlighted Data Bookmark
          3. Creating a Note Bookmark
          4. Creating a Folder Information/ Structure Bookmark
          5. Creating a Notable File Bookmark
          6. Creating a File Group Bookmark
          7. Creating a Log Record Bookmark
          8. Creating a Snapshot Bookmark
          9. Organizing Bookmarks
          10. Copying/Moving a Table Entry into a Folder
          11. Viewing a Bookmark on the Table Report Tab
          12. Excluding Bookmarks
          13. Copying Selected Items from One Folder to Another
        10. Reporting
          1. Reporting
          2. Report User Interface
          3. Creating a Report Using the Report Tab
          4. Report Single/Multiple Files
          5. Viewing a Bookmark Report
          6. Viewing an Email Report
          7. Viewing a Webmail Report
          8. Viewing a Search Hits Report
          9. Creating a Quick Entry Report
          10. Creating an Additional Fields Report
          11. Exporting a Report
      13. Steganography & Image File Forensics
        1. Steganography
          1. What is Steganography?
          2. How Steganography Works
          3. Legal Use of Steganography
          4. Unethical Use of Steganography
        2. Steganography Techniques
          1. Steganography Techniques
          2. Application of Steganography
          3. Classification of Steganography
          4. Technical Steganography
          5. Linguistic Steganography
          6. Types of Steganography
        3. Steganalysis
          1. How to Detect Steganography
          2. Detecting Text, Image, Audio, and Video Steganography
          3. Steganalysis Methods/Attacks on Steganography
          4. Disabling or Active Attacks
          5. Steganography Detection Tool: Stegdetect
          6. Steganography Detection Tools
        4. Image Files
          1. Image Files
          2. Common Terminologies
          3. Understanding Vector Images
          4. Understanding Raster Images
          5. Metafile Graphics
          6. Understanding Image File Formats
          7. GIF (Graphics Interchange Format)
          8. JPEG (Joint Photographic Experts Group)
          9. JPEG File Structure
          10. JPEG 2000
          11. BMP (Bitmap) File
          12. BMP File Structure
          13. PNG (Portable Network Graphics)
          14. PNG File Structure
          15. TIFF (Tagged Image File Format)
          16. TIFF File Structure
        5. Data Compression
          1. Understanding Data Compression
          2. How Does File Compression Work?
          3. Lossless Compression
          4. Huffman Coding Algorithm
          5. Lempel-Ziv Coding Algorithm
          6. Lossy Compression
          7. Vector Quantization
        6. Locating and Recovering Image Files
          1. Best Practices for Forensic Image Analysis
          2. Forensic Image Processing Using MATLAB
          3. Locating and Recovering Image Files
          4. Analyzing Image File Headers
          5. Repairing Damaged Headers
          6. Reconstructing File Fragments
          7. Identifying Unknown File Formats
          8. Identifying Image File Fragments
          9. Identifying Copyright Issues on Graphics
          10. Picture Viewer: IrfanView
          11. Picture Viewer: ACDSee Photo Manager 12
          12. Picture Viewer: Thumbsplus
          13. Picture Viewer: AD Picture Viewer Lite
          14. Picture Viewer Max
          15. Picture Viewer: FastStone Image Viewer
          16. Picture Viewer: XnView
          17. Faces – Sketch Software
          18. Digital Camera Data Discovery Software: File Hound
        7. Image File Forensics Tools
          1. Hex Workshop
          2. GFE Stealth™ – Forensics Graphics File Extractor
          3. Ilook
          4. Adroit Photo Forensics 2011
          5. Digital Photo Recovery
          6. Stellar Phoenix Photo Recovery Software
          7. Zero Assumption Recovery (ZAR)
          8. Photo Recovery Software
          9. Forensic Image Viewer
          10. File Finder
          11. DiskGetor Data Recovery
          12. DERescue Data Recovery Master
          13. Recover My Files
          14. Universal Viewer
      14. Application Password Crackers
        1. Password Cracking Concepts
          1. Password – Terminology
          2. Password Types
          3. Password Cracker
          4. How Does a Password Cracker Work?
          5. How Hash Passwords are Stored in Windows SAM
        2. Types of Password Attacks
          1. Password Cracking Techniques
          2. Types of Password Attacks
          3. Passive Online Attacks: Wire Sniffing
          4. Password Sniffing
          5. Passive Online Attack: Man-in-the-Middle and Replay Attack
          6. Active Online Attack: Password Guessing
          7. Active Online Attack: Trojan/Spyware/keylogger
          8. Active Online Attack: Hash Injection Attack
          9. Rainbow Attacks: Pre-Computed Hash
          10. Distributed Network Attack
          11. Non-Electronic Attacks
          12. Manual Password Cracking (Guessing)
          13. Automatic Password Cracking Algorithm
          14. Time Needed to Crack Passwords
        3. Classification of Cracking Software
        4. Systems Software vs. Applications Software
        5. System Software Password Cracking
          1. Bypassing BIOS Passwords
          2. Tool to Reset Admin Password: Windows Key
        6. Application Software Password Cracking
          1. Passware Kit Forensic
          2. Accent Keyword Extractor
          3. Distributed Network Attack
          4. Password Recovery Bundle
          5. Advanced Office Password Recovery
          6. Office Password Recovery
          7. Office Password Recovery Toolbox
          8. Office Multi-document Password Cracker
          9. Word Password Recovery Master
          10. Accent WORD Password Recovery
          11. Word Password
          12. PowerPoint Password Recovery
          13. PowerPoint Password
          14. Powerpoint Key
          15. Stellar Phoenix Powerpoint Password Recovery
          16. Excel Password Recovery Master
          17. Accent EXCEL Password Recovery
          18. Excel Password
          19. Advanced PDF Password Recovery
          20. PDF Password Cracker
          21. PDF Password Cracker Pro
          22. Atomic PDF Password Recovery
          23. PDF Password
          24. Recover PDF Password
          25. Appnimi PDF Password Recovery
          26. Advanced Archive Password Recovery
          27. KRyLack Archive Password Recovery
          28. Zip Password
          29. Atomic ZIP Password Recovery
          30. RAR Password Unlocker
          31. Default Passwords
          32. http://www.defaultpassword.com
          33. http://www.cirt.net/passwords
          34. http://default-password.info
          35. http://www.defaultpassword.us
          36. http://www.passwordsdatabase.com
          37. http://www.virus.org
        7. Password Cracking Tools
          1. L0phtCrack
          2. OphCrack
          3. Cain & Abel
          4. RainbowCrack
          5. Windows Password Unlocker
          6. Windows Password Breaker
          7. SAMInside
          8. PWdump7 and Fgdump
          9. PCLoginNow
          10. KerbCrack
          11. Recover Keys
          12. Windows Password Cracker
          13. Proactive System Password Recovery
          14. Password Unlocker Bundle
          15. Windows Password Reset Professional
          16. Windows Password Reset Standard
          17. Krbpwguess
          18. Password Kit
          19. WinPassword
          20. Passware Kit Enterprise
          21. Rockxp
          22. PasswordsPro
          23. LSASecretsView
          24. LCP
          25. MessenPass
          26. Mail PassView
          27. Messenger Key
          28. Dialupass
          29. Protected Storage PassView
          30. Network Password Recovery
          31. Asterisk Key
          32. IE PassView
      15. Log Capturing & Event Correlation
        1. Computer Security Logs
          1. Computer Security Logs
          2. Operating System Logs
          3. Application Logs
          4. Security Software Logs
          5. Router Log Files
          6. Honeypot Logs
          7. Linux Process Accounting
          8. Logon Event in Window
          9. Windows Log File
          10. IIS Logs
          11. Log File Accuracy
          12. Log Everything
          13. Keeping Time
          14. UTC Time
          15. View the DHCP Logs
          16. ODBC Logging
        2. Logs and Legal Issues
          1. Legality of Using Logs
          2. Records of Regularly Conducted Activity as Evidence
          3. Laws and Regulations
        3. Log Management
          1. Log Management
        4. Centralized Logging and Syslogs
          1. Centralized Logging
          2. Syslog
          3. IIS Centralized Binary Logging
        5. Time Synchronization
          1. Why Synchronize Computer Times?
          2. What is NTP?
          3. NIST Time Servers
          4. Configuring Time Server in Windows Server
        6. Event Correlation
          1. Event Correlation
        7. Log Capturing and Analysis Tools
          1. GFI EventsManager
          2. Activeworx Security Center
          3. EventLog Analyzer
          4. Syslog-ng OSE
          5. Kiwi Syslog Server
          6. WinSyslog
          7. Firewall Analyzer: Log Analysis Tool
          8. Activeworx Log Center
          9. EventReporter
          10. Kiwi Log Viewer
          11. Event Log Explorer
          12. WebLog Expert
          13. XpoLog Center Suite
          14. ELM Event Log Monitor
          15. EventSentry
          16. LogMeister
          17. LogViewer Pro
          18. WinAgents EventLog Translation Service
          19. EventTracker Enterprise
          20. Corner Bowl Log Manager
          21. Ascella Log Monitor Plus
          22. FLAG – Forensic and Log Analysis GUI
          23. Simple Event Correlator (SEC)
          24. OSSEC
      16. Network Forensics, Investigating Logs & Investigating Network Traffic
        1. Network Forensics
          1. Network Forensics
          2. Network Forensics Analysis Mechanism
          3. Network Addressing Schemes
          4. Overview of Network Protocols
          5. Overview of Physical and Data-Link Layer of the OSI Model
          6. Overview of Network and Transport Layer of the OSI Model
          7. OSI Reference Model
          8. TCP/ IP Protocol
          9. Intrusion Detection Systems (IDS) and ??heir Placement
          10. Firewall
          11. Honeypot
        2. Network Attacks
          1. Network Vulnerabilities
          2. Types of Network Attacks
        3. Log Injection Attacks
          1. New Line Injection Attack
          2. Separator Injection Attack
          3. Timestamp Injection Attack
          4. Word Wrap Abuse Attack
          5. HTML Injection Attack
          6. Terminal Injection Attack
          7. Investigating and Analyzing Logs
          8. Investigating Network Traffic
          9. Traffic Capturing and Analysis Tools
          10. Documenting the Evidence Gathered on a Network
      17. Investigating Wireless Attacks
        1. Network Forensics
          1. Network Forensics
          2. Network Forensics Analysis Mechanism
          3. Network Addressing Schemes
          4. Overview of Network Protocols
          5. Overview of Physical and Data-Link Layer of the OSI Model
          6. Overview of Network and Transport Layer of the OSI Model
          7. OSI Reference Model
          8. TCP/ IP Protocol
          9. Intrusion Detection Systems (IDS) and ??heir Placement
          10. Firewall
          11. Honeypot
        2. Network Attacks
          1. Network Vulnerabilities
          2. Types of Network Attacks
        3. Log Injection Attacks
          1. New Line Injection Attack
          2. Separator Injection Attack
          3. Timestamp Injection Attack
          4. Word Wrap Abuse Attack
          5. HTML Injection Attack
          6. Terminal Injection Attack
          7. Investigating and Analyzing Logs
          8. Investigating Network Traffic
          9. Traffic Capturing and Analysis Tools
          10. Documenting the Evidence Gathered on a Network
      18. Investigating Web Attacks
        1. Introduction to Web Applications and Webservers
          1. Introduction to Web Applications
          2. Web Application Components
          3. How Web Applications Work
          4. Web Application Architecture
          5. Open Source Webserver Architecture
          6. Indications of a Web Attack
          7. Web Attack Vectors
          8. Why Web Servers are Compromised
          9. Impact of Webserver Attacks
          10. Website Defacement
          11. Case Study
        2. Web Logs
          1. Overview of Web Logs
          2. Application Logs
          3. Internet Information Services (IIS) Logs
          4. Apache Webserver Logs
          5. DHCP Server Logs
        3. Web Attacks
          1. Web Attacks – 1
          2. Web Attacks – 2
        4. Web Attack Investigation
          1. Investigating Web Attacks
          2. Investigating Web Attacks in Windows-Based Servers
          3. Investigating IIS Logs
          4. Investigating Apache Logs
          5. Example of FTP Compromise
          6. Investigating FTP Servers
          7. Investigating Static and Dynamic IP Addresses
          8. Sample DHCP Audit Log File
          9. Investigating Cross-Site Scripting (XSS)
          10. Investigating SQL Injection Attacks
          11. Pen-Testing CSRF Validation Fields
          12. Investigating Code Injection Attack
          13. Investigating Cookie Poisoning Attack
          14. Detecting Buffer Overflow
          15. Investigating Authentication Hijacking
          16. Web Page Defacement
          17. Investigating DNS Poisoning
          18. Intrusion Detection
          19. Security Strategies to Web Applications
          20. Checklist for Web Security
        5. Web Attack Detection Tools
          1. Web Application Security Tools
          2. Web Application Firewalls
          3. Web Log Viewers
          4. Web Attack Investigation Tools
          5. Tools for Locating IP Address
      19. Tracking Emails and Investigating Email Crimes
        1. Email System Basics
          1. Email Terminology
          2. Email System
          3. Email Clients
          4. Email Server
          5. SMTP Server
          6. POP3 and IMAP Servers
          7. Email Message
          8. Importance of Electronic Records Management
        2. Email Crimes
          1. Email Crime
          2. Email Spamming
          3. Mail Bombing/Mail Storm
          4. Phishing
          5. Email Spoofing
          6. Crime via Chat Room
          7. Identity Fraud/Chain Letter
        3. Email Headers
          1. Examples of Email Headers
          2. List of Common Headers
        4. Steps to Investigate
          1. Why to Investigate Emails
          2. Investigating Email Crime and Violation
        5. Email Forensics Tools
          1. Stellar Phoenix Deleted Email Recovery
          2. Recover My Email
          3. Outlook Express Recovery
          4. Zmeil
          5. Quick Recovery for MS Outlook
          6. Email Detective
          7. Email Trace – Email Tracking
          8. R-Mail
          9. FINALeMAIL
          10. eMailTrackerPro
          11. Forensic Tool Kit (FTK)
          12. Paraben’s email Examiner
          13. Network Email Examiner by Paraben
          14. DiskInternal’s Outlook Express Repair
          15. Abuse.Net
          16. MailDetective Tool
        6. Laws and Acts against Email Crimes
          1. U.S. Laws Against Email Crime: CAN-SPAM Act
          2. 18 U.S.C. § 2252A
          3. 18 U.S.C. § 2252B
        7. Email Crime Law in Washington: RCW 19.190.020
          1. Email System Basics
          2. Email Terminology
          3. Email System
          4. Email Clients
          5. Email Server
          6. SMTP Server
          7. POP3 and IMAP Servers
          8. Email Message
          9. Importance of Electronic Records Management
      20. Mobile Forensics
        1. Mobile Phone
          1. Mobile Phone
          2. Different Mobile Devices
          3. Hardware Characteristics of Mobile Devices
          4. Software Characteristics of Mobile Devices
          5. Components of Cellular Network
          6. Cellular Network
          7. Different Cellular Networks
        2. Mobile Operating Systems
          1. Mobile Operating Systems
          2. Types of Mobile Operating Systems
          3. WebOS
          4. Symbian OS
          5. Android OS
          6. RIM BlackBerry OS
          7. Windows Phone 7
          8. Apple iOS
        3. Mobile Forensics
          1. What a Criminal can do with Mobiles Phones?
          2. Mobile Forensics
          3. Mobile Forensics Challenges
          4. Forensics Information in Mobile Phones
          5. Memory Considerations in Mobiles
          6. Subscriber Identity Module (SIM)
          7. SIM File System
          8. Integrated Circuit Card Identification (ICCID)
          9. International Mobile Equipment Identifier (IMEI)
          10. Electronic Serial Number (ESN)
          11. Precautions to be Taken Before Investigation
        4. Mobile Forensic Process
          1. Mobile Forensic Process
        5. Mobile Forensics Software Tools
          1. Oxygen Forensic Suite 2011
          2. MOBILedit! Forensic
          3. BitPim
          4. SIM Analyzer
          5. SIMCon
          6. SIM Card Data Recovery
          7. Memory Card Data Recovery
          8. Device Seizure
          9. SIM Card Seizure
          10. ART (Automatic Reporting Tool)
          11. iPod Data Recovery Software
          12. Recover My iPod
          13. PhoneView
          14. Elcomsoft Blackberry Backup Explorer
          15. Oxygen Phone Manager II
          16. Sanmaxi SIM Recoverer
          17. USIMdetective
          18. CardRecovery
          19. Stellar Phoenix iPod Recovery Software
          20. iCare Data Recovery Software
          21. Cell Phone Analyzer
          22. iXAM
          23. BlackBerry Database Viewer Plus
          24. BlackBerry Signing Authority Tool
        6. Mobile Forensics Hardware Tools
          1. Secure View Kit
          2. Deployable Device Seizure (DDS)
          3. Paraben’s Mobile Field Kit
          4. PhoneBase
          5. XACT System
          6. Logicube CellDEK
          7. Logicube CellDEK TEK
          8. RadioTactics ACESO
          9. UME-36Pro – Universal Memory Exchanger
          10. Cellebrite UFED System – Universal Forensic Extraction Device
          11. ZRT 2
          12. ICD 5200
          13. ICD 1300
      21. Investigative Reports
        1. Computer Forensics Report
          1. Computer Forensics Report
          2. Salient Features of a Good Report
          3. Aspects of a Good Report
        2. Computer Forensics Report Template
          1. Computer Forensics Report Template
          2. Simple Format of the Chain of Custody Document
          3. Chain of Custody Forms
          4. Evidence Collection Form
          5. Computer Evidence Worksheet
          6. Hard Drive Evidence Worksheet
          7. Removable Media Worksheet
        3. Investigative Report Writing
          1. Report Classification
          2. Layout of an Investigative Report
          3. Report Specifications
          4. Guidelines for Writing a Report
          5. Use of Supporting Material
          6. Importance of Consistency
          7. Investigative Report Format
          8. Attachments and Appendices
          9. Include Metadata
          10. Signature Analysis
          11. Investigation Procedures
          12. Collecting Physical and Demonstrative Evidence
          13. Collecting Testimonial Evidence
          14. Do’s and Don’ts of Forensics Computer Investigations
          15. Case Report Writing and Documentation
          16. Create a Report to Attach to the Media Analysis Worksheet
          17. Best Practices for Investigators
        4. Sample Forensics Report
          1. Sample Forensics Report
        5. Report Writing Using Tools
          1. Writing Report Using FTK
          2. Writing Report Using ProDiscover
      22. Becoming an Expert Witness
        1. Expert Witness
        2. What is an Expert Witness?
        3. Role of an Expert Witness
        4. What Makes a Good Expert Witness?
        5. Types of Expert Witnesses
        6. Types of Expert Witnesses
          1. Computer Forensics Experts
          2. Medical & Psychological Experts
          3. Civil Litigation Experts
          4. Construction & Architecture Experts
          5. Criminal Litigation Experts
        7. Scope of Expert Witness Testimony
        8. Scope of Expert Witness Testimony
        9. Technical Witness vs. Expert Witness
        10. Preparing for Testimony
        11. Evidence Processing
        12. Evidence Preparation and Documentation
        13. Evidence Processing Steps
        14. Checklists for Processing Evidence
        15. Examining Computer Evidence
        16. Prepare the Report
        17. Evidence Presentation
        18. Rules for Expert Witness
        19. Rules Pertaining to an Expert Witness’s Qualification
        20. Daubert Standard
        21. Frye Standard
        22. Importance of Resume
        23. Testifying in the Court
        24. The Order of Trial Proceedings
        25. General Ethics While Testifying
        26. General Ethics While Testifying
        27. Importance of Graphics in a Testimony
        28. Helping your Attorney
        29. Avoiding Testimony Issues
        30. Testifying during Direct Examination
        31. Testifying during Cross-Examination
        32. Deposing
        33. Recognizing Deposition Problems
        34. Guidelines to Testifying at a Deposition
        35. Dealing with Media
        36. Finding a Computer Forensics Expert

Back to Top

This training prepares students for the following exam(s):

  • » 312-49 : Computer Hacking Forensic Investigator (CHFI)

Back to Top

Do you have the right background for EC-Council Computer Hacking Forensic Investigator (CHFI) iClass|iLearn?

Skills Assessment

We ensure your success by asking all students to take a FREE Skill Assessment test. These short, instructor-written tests are an objective measure of your current skills that help us determine whether or not you will be able to meet your goals by attending this course at your current skill level. If we determine that you need additional preparation or training in order to gain the most value from this course, we will recommend cost-effective solutions that you can use to get ready for the course.

Our required skill-assessments ensure that:

  1. All students in the class are at a comparable skill level, so the class can run smoothly without beginners slowing down the class for everyone else.
  2. NetCom students enjoy one of the industry's highest success rates, and pass rates when a certification exam is involved.
  3. We stay committed to providing you real value. Again, your success is paramount; we will register you only if you have the skills to succeed.
This assessment is for your benefit and best taken without any preparation or reference materials, so your skills can be objectively measured.

Take your FREE Skill Assessment test »

Back to Top

Award winning, world-class Instructors

Emilio G.
- Vastly experienced working within multinational environments and capable of connecting to different audiences - In-depth expertise in the implementation, troubleshooting and documentation of networks and security systems, with strong "hands on" technical knowledge of CISSP, CEH and CHFI. - Master of Science in Electronics Engineering, and holder of several technical certifications. - Highly-skilled in diverse fields ranging from Security, Computer Forensics, Networking, Routing Protocols, Programming, Databases and Applications to name a few. Bio: With over 25 years of technical experience, Emilio brings a dynamic set of skills supported by a Masters Degree in Electronics Engineering and on-the-field experience working in multinational environments. He also holds more than 12 Cisco, CompTIA, and Microsoft certifications. Although he is well versed and thorough in multiple technological fields, his technical forte lies in the security domain, specifically CISSP, CEH and CHFI. Emilio's skills have evolved over time, studying closely and constantly staying well informed of the growing cyber threats. These are just some of the few reasons why Emilio brings to his classes more than just what's in the books.
Larry G.
- More than 14 years of experience as a Security Subject Matter Expert as well as black belt in a variety of martial arts.
- Numerous Challenge Coins from the US Government including the US Army, and the Criminal Investigation Command.
- Much acclaimed instructor at NetCom Learning, with evaluation scores of 8.8 out of 9.

Bio:

Larry is a unique instructor and IT security expert. If you sit in one of his classes you might get the feeling of being in a martial arts class - That's exactly how Larry wants it! "The principles behind IT security are the same as those in a variety of martial arts," Larry says. In addition to teaching IT security for over 14 years, he has practiced martial arts since he was 13 years old and holds black belts in multiple disciplines including Tai Chi, Kung Fu, and Kick Boxing. "All of these techniques are like tools for different types of attacks," Larry explains.

Larry's excellence in certification training and passion for IT security has earned him numerous Challenge Coins from the US Government including the US Army, and the Criminal Investigation Command. He is also a much acclaimed instructor at NetCom Learning, with evaluation scores of 8.8 out of 9.
Richard L.
- Over 20 years experience in the IT industry.
- CEH and Microsoft training for many government agencies, including the United States Department of Homeland Security, and the Federal Bureau of Investigation.
- CEH and Microsoft training for Fortune corporations such as Merrill Lynch and ADP.

Bio:

Richard is a premier Microsoft Certified Trainer and Certified EC-Council Instructor. He has over 20 years of experience as a network administrator, security consultant, vulnerability assessor, and penetration tester for assorted Fortune companies.

Richard??s knowledge on the development and implementation of policies and procedures concerning the security of network data is unsurpassed. He has conducted successful CEH and Microsoft training classes for many government agencies including the United States Department of Homeland Security, the Department of Justice and the Federal Bureau of Investigation, as well as Fortune enterprises such as Merrill Lynch and ADP.

See more...   See more instructors...

Back to Top

Recent Client Testimonials & Reviews

Highly professional, engaging and informative!

- Chris A.
Course(s) Taken

» Technical Webinar: Raise your defenses against Malware & Ransomware attacks

  More testimonials »  

Back to Top

Ways to contact us

Back to Top