Certified Hacking Forensic Investigator (CHFI) (Exame incluído)

Module 1: Computer Forensics in Today’s World

Lessons:

• Fundamentals of Computer Forensics
• Cybercrimes and their Investigation Procedures
• Digital Evidence and eDiscovery
• Forensic Readiness
• Role of Various Processes and Technologies in Computer Forensics
• Roles and Responsibilities of a Forensic Investigator
• Challenges Faced in Investigating Cybercrimes
• Standards and Best Practices Related to Computer Forensics
• Laws and Legal Compliance in Computer Forensics

Module 2: Computer Forensics Investigation Process

Lessons:

• Forensic Investigation Process and its Importance
• First Response
• Pre-Investigation Phase
• Investigation Phase
• Post-Investigation Phase

Labs:

• Create a hard disk image file for forensics investigation and recover the data.

Module 3: Understanding Hard Disks and File Systems

Lessons:

• Disk Drives and their Characteristics
• Logical Structure of a Disk
• Booting Process of Windows, Linux, and macOS Operating Systems
• File Systems of Windows, Linux, and macOS Operating Systems
• File System Analysis
• Storage Systems
• Encoding Standards and Hex Editors
• Analyze Popular File Formats

Labs:

• Analyze file system of Linux and Windows evidence images and recover the deleted files.
• Analyze file formats.

Module 4: Data Acquisition and Duplication

Lessons:

• Data Acquisition
• eDiscovery
• Data Acquisition Methodology
• Preparing an Image File for Examination

Labs:

• Create a forensics image for examination and convert it into various supportive formats for data acquisition.

Module 5: Defeating Anti-Forensics Techniques

Lessons:

• Anti-Forensics Techniques
• Data Deletion and Recycle Bin Forensics
• File Carving Techniques and Ways to Recover Evidence from Deleted Partitions
• Password Cracking/Bypassing Techniques
• Steganography, Hidden Data in File System Structures, Trail Obfuscation, and File Extension
• Mismatch
• Techniques of Artifact Wiping, Overwritten Data/Metadata Detection, and Encryption
• Program Packers and Footprint Minimizing Techniques

Labs:

• Perform Solid-state drive (SSD) file carving on Windows and Linux file systems.
• Recover lost/deleted partitions and their contents.
• Crack passwords of various applications.
• Detect hidden data streams and unpack program packers.

Module 6: Windows Forensics

Lessons:

• Windows Forensics
• Collect Volatile Information
• Collect Non-volatile Information
• Windows Memory Analysis
• Windows Registry Analysis
• Electron Application Analysis
• Web Browser Forensics
• Examine Windows Files and Metadata
• ShellBags, LNK Files, and Jump Lists
• Text-based Logs and Windows Event Logs

Labs:

• Acquire and investigate RAM and Windows registry contents.
• Examine forensic artifacts from web browsers.
• Identify and extract forensic evidence from computers.

Module 7: Linux and Mac Forensics

Lessons:

• Collect Volatile Information in Linux
• Collect Non-Volatile Information in Linux
• Linux Memory Forensics
• Mac Forensics
• Collect Volatile Information in Mac
• Collect Non-Volatile Information in Mac
• Mac Memory Forensics and Mac Forensics Tools

Labs:

• Perform volatile and non-volatile data acquisition on Linux and Mac computers.
• Perform memory forensics on a Linux machine.

Module 8: Network Forensics

Lessons:

• Network Forensics
• Event Correlation
• Indicators of Compromise (IoCs) from Network Logs
• Investigate Network Traffic
• Incident Detection and Examination
• Wireless Network Forensics
• Detect and Investigate Wireless Network Attacks

Labs:

• Identify and investigate network attacks.
• Analyze network traffic for artifacts.

Module 9: Malware Forensics

Lessons:

• Malware
• Malware Forensics
• Static Malware Analysis
• Analyze Suspicious Documents
• System Behavior Analysis
• Network Behavior Analysis
• Ransomware Analysis

Labs:

• Perform static malware analysis.
• Analyze a suspicious PDF file and Microsoft Office document.
• Emotet malware analysis.

Module 10: Investigating Web Attacks

Lessons:

• Web Application Forensics
• Internet Information Services (IIS) Logs
• Apache Web Server Logs
• Detect and Investigate Various Attacks on Web Applications

Labs:

• Identify and investigate web application attacks.

Module 11: Dark Web Forensics

Lessons:

• Dark Web and Dark Web Forensics
• Identify the Traces of Tor Browser during Investigation
• Tor Browser Forensics

Labs:

• Detect Tor Browser Activity and examine RAM dumps to discover Tor Browser artifacts.

Module 12: Cloud Forensics

Lessons:

• Cloud Computing
• Cloud Forensics
• Amazon Web Services (AWS) Fundamentals
• AWS Forensics
• Microsoft Azure Fundamentals
• Microsoft Azure Forensics
• Google Cloud Fundamentals
• Google Cloud Forensics

Labs:

• Forensic acquisition and examination of an Amazon EC2 Instance, Azure VM, and GCP VM.

Module 13: Email and Social Media Forensics

Lessons:

• Email Basics
• Email Crime Investigation and its Steps
• U.S. Laws Against Email Crime
• Social Media Forensics

Labs:

• Investigate a suspicious email to extract forensic evidence.

Module 14: Mobile Forensics

Lessons:

• Mobile Device Forensics
• Android and iOS Architecture and Boot Process
• Mobile Forensics Process
• Investigate Cellular Network Data
• File System Acquisition
• Phone Locks, Rooting, and Jailbreaking of Mobile Devices
• Logical Acquisition on Mobile Devices
• Physical Acquisition of Mobile Devices
• Android and iOS Forensic Analysis

Labs:

• Examine an Android image file and carve deleted files.

Module 15: IoT Forensics

Lessons:

• IoT Concepts
• IoT Devices Forensics