EC-Council CHFI (CHFI v9) Exam Syllabus

CHFI PDF, 312-49 Dumps, 312-49 PDF, CHFI VCE, 312-49 Questions PDF, EC-Council 312-49 VCE, , EC-Council CHFI v9 Dumps, EC-Council CHFI v9 PDFUse this quick start guide to collect all the information about EC-Council CHFI (312-49) Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the 312-49 EC-Council Computer Hacking Forensic Investigator exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual EC-Council CHFI v9 certification exam.

The EC-Council CHFI certification is mainly targeted to those candidates who want to build their career in Cyber Security domain. The EC-Council Computer Hacking Forensic Investigator (CHFI) exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of EC-Council CHFI v9.

EC-Council CHFI Exam Summary:

Exam Name EC-Council Computer Hacking Forensic Investigator (CHFI)
Exam Code 312-49
Exam Price $600 (USD)
Duration 240 mins
Number of Questions 150
Passing Score 70%
Books / Training Courseware
Schedule Exam Pearson VUE
Sample Questions EC-Council CHFI Sample Questions
Practice Exam EC-Council 312-49 Certification Practice Exam

EC-Council 312-49 Exam Syllabus Topics:

Topic Details Weights
Forensic Science - Computer Forensics Objective and Need
  • Understand computer forensics, and explain the objectives and benefits of computer forensics
  • Apply the key concepts of Enterprise Theory of Investigation (ETI)

- Forensics Readiness

  • Fuse computer network attack analyses with criminal and counterintelligence investigations and operations

- Cyber Crime

  • Identify elements of the crime
  • Examine various computer crimes

- Web Applications and Webservers Attacks

  • Understand various types of Web attacks

- Email Crimes

  • Understand various types of email attacks

- Network Attacks

  • Understand various types of network attacks

- Forensics and Mobile Devices

  • Understand mobile based operating systems, their architectures, boot process, password/pin/pattern lock bypass mechanisms

- Cyber Crime Investigation

  • Understand the importance of cybercrime investigation

- Computer Forensics Investigation Methodology

  • Understand the methodology involved in Forensic Investigation

- Reporting a Cyber Crime

  • Serve as technical experts and liaisons to law enforcement personnel and explain incident details, provide testimony, etc.

- Expert Witness

  • Understand the role of expert witness in computer forensics
15%
Regulations, Policies and Ethics - Searching and Seizing Computers with and without a Warrant
  • Identify legal issues and reports related to computer forensic investigations

- Laws and Acts against Email Crimes

  • Identify legal issues and reports related to computer forensic investigations

- Laws pertaining to Log Management

  • Identify legal issues and reports related to log management

- Policies Pertaining to Mobile Forensics

  • Identify internal BYOD and information security policies of the organization

- Laws and Acts against Email Crimes

  • Identify and/or determine whether a security incident is indicative of a violation of law that requires specific legal action

- General Ethics While Testifying

  • Identify legal issues and reports related to computer forensic investigations
10%
Digital Evidence - Digital Evidence
  • Apply the key concepts of Enterprise Theory of Investigation (ETI)

- Types of Digital Evidence

  • Understand various types and nature of digital evidence

- Rules of Evidence

  • Understand the best evidence rule

- Electronic Evidence: Types and Collecting Potential Evidence

  • Secure the electronic device of information source, use specialized equipment and techniques to catalog, document, extract, collect, package, and preserve digital evidence

- Electronic Crime and Digital Evidence Consideration by Crime Category

  • Electronic Crime and Digital Evidence Consideration by Crime Category

- Computer Forensics Lab

  • Create a forensically sound duplicate of the evidence (forensic image) that ensures the original evidence is not unintentionally modified, to use for data recovery and analysis processes. This includes HDD SSD, CD/DVD, PDA, mobile phones, GPS, and all tape formats.

- Understanding Hard Disks

  • Perform MAC timeline analysis on a file system

- Disk Partitions and Boot Process

  • Understand the Windows and Macintosh boot process, and handling volatile data

- Understanding File Systems

  • Understand File Systems and help in digital forensic investigations

- Windows File Systems

  • Understanding Windows File Systems and help in digital forensic investigations

- Linux File Systems

  • Understand Linux File Systems and help in digital forensic investigations

- Mac OS X File Systems

  • Understand Mac OS X File Systems and help in digital forensic investigations

- RAID Storage System

  • Understand RAID Storage System and help in digital forensic investigations

- File Carving

  • Understand Carving Process and help in digital forensic investigations

- Image Files

  • Understand Image File Formats

- Analyze Logs

  • Understand Computer Security Logs

- Database Forensics

  • Perform MySQL Forensics
  • Perform MSSQL Forensics

- Email Headers

  • Perform various steps involved in investigation of Email crimes

- Analyzing Email headers

  • Perform analysis of email headers and gather evidential information

- Malware Analysis

  • Perform static and dynamic malware analysis

- Mobile Operating Systems

  • Understand the hardware and software characteristics of mobile devices
  • Understand the different precautions to be taken before investigation
  • Perform various processes involved in mobile forensics
20%
Procedures and Methodology - Investigating Computer Crime
  • Exploit information technology systems and digital storage media to solve and prosecute cybercrimes and fraud committed against people and property
  • Identify, collect, and seize documentary or physical evidence, to include digital media and logs associated with cyber intrusion incidents, investigations, and operations

- Computer Forensics Investigation Methodology

  • Write and public Computer Network Defense guidance and reports on incident findings to appropriate constituencies
  • Determine and develop leads and identify sources of information in order to identify and prosecute the responsible parties to an intrusion investigation
  • Process crime scenes
  • Track and document Computer Network Defense incidents from initial detection through final resolution
  • Develop an investigative plan to investigate alleged crime, violation, or suspicious activity using computers and the internet
  • Identify outside attackers accessing the system from Internet or insider attackers, that is, authorized users attempting to gain and misuse non-authorized privileges
  • Coordinate with intelligence analysts to correlate threat assessment data

- Digital Evidence Examination Process

  • Ensure chain of custody is followed for all digital media acquired (e.g. indications, analysis, and warning standard operating procedure)
  • Identify digital evidence for examination and analysis in such a way as to avoid unintentional alteration
  • Assist in the gathering and preservation of evidence used in the prosecution of computer crimes
  • Prepare digital media for imaging by ensuring data integrity (e.g., write blockers in accordance with standard operating procedures)
  • Prepare reports to document analysis

- Encryption

  • Decrypt seized data using technical means

- First Responder

  • Establish relationships, if applicable, between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law enforcement agencies, vendors, and public relations professionals)
  • Coordinate with and provide expert technical support to enterprise-wide Computer Network Defense technicians to resolve Computer Network Defense incidents

- First Response Basics

  • Perform Computer Network Defense incident triage to include determining scope, urgency, and potential impact; identify the specific vulnerability and make recommendations which enable expeditious remediation

- Roles of First Responder

  • Document original condition of digital and/or associated evidence (e.g., via digital photographs, written reports, etc.)
  • Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems
  • Perform real-time Computer Network
  • Defense Incident Handling (e.g., forensic collections, intrusion correlation/tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs)
  • Provide technical assistance on digital evidence matters to appropriate personnel
  • Conduct interviews and interrogations of victims, witnesses and suspects
  • Use specialized equipment and techniques to catalog, document, extract, collect, package, and preserve digital evidence
  • Document original condition of digital and/or associated evidence (e.g., via digital photographs, written reports, etc.)
  • Independently conducts large-scale investigations of criminal activities involving complicated computer programs and networks

- Data Acquisition and Duplication

  • Examine recovered data for items of relevance to the issue at hand
  • Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation
  • Perform static media analysis
  • Review forensic images and other data sources for recovery of potentially relevant information
  • Identify digital evidence for examination and analysis in such a way as to avoid unintentional alteration
  • Identify data of intelligence to evidentiary value to support counterintelligence and criminal investigations
  • Monitor external data sources (e.g., Computer Network Defense vendor sites, Computer Emergency Response Teams, SANS, Security Focus) to maintain currency of Computer Network Defense threat condition and determine which security issues may have an impact on the enterprise

- Defeating Anti-forensics Techniques

  • Identify Anti-Forensics Techniques
  • Recover Deleted Files and Partitions
  • Bypass Windows’ and Applications’ passwords
  • Detect steganography and identify the hidden content

- Log Management and Event Correlation

  • Perform command and control functions in response to incidents
  • Analyze computer generated threats

- Network Forensics (Intrusion Detection Systems (IDS))

  • Perform Computer Network Defense trend analysis and reporting
  • Confirm what is known about an intrusion and discover new information, if possible, after identifying intrusion via dynamic analysis

- Computer Forensics Reports and Investigative Report Writing

  • Develop reports which organize and document recovered evidence and forensic processes used
  • Write and publish Computer Network Defense guidance and reports on incident findings to appropriate constituencies
20%
Digital Forensics - Recover Data
  • Perform file signature analysis, Perform tier 1, 2, and 3 malware analysis

- File System Analysis

  • Analyze the file systems contents in FAT, NTFS, Ext2, Ext3, UFS1, and UFS2

- Windows Forensics

  • Collect Volatile and Non-Volatile Information
  • Perform Windows registry analysis
  • Perform Cache, Cookie, and History Analysis
  • Perform Windows File Analysis
  • Perform Metadata Investigation
  • Analyze Windows Event Logs

- Linux Forensics

  • Collect Volatile and Non-Volatile Information
  • Use various Shell Commands
  • Examine Linux Log files

- MAC Forensics

  • Examine MAC Forensics Data
  • Examine MAC Log Files
  • Analyze MAC Directories

- Recovering the Deleted Files and Partitions

  • Examine MAC Forensics Data
  • Examine MAC Log Files
  • Analyze MAC Directories

- Steganography and Image File Forensics

  • Detect steganography
  • Process images in a forensically sound manner

- Steganalysis

  • Perform steganalysis to recover the data hidden using steganography

- Application Password Crackers

  • Understand various password cracking techniques
  • crack the password to recover protected information and data

- Investigating and Analyzing Logs

  • Conduct analysis of log files, evidence, and other information in order to determine best methods for identifying the perpetrator(s) of a network intrusion
  • Conduct analysis of log files, evidence, and other information in order to determine best methods for identifying the perpetrator(s) of a network intrusion

- Investigating Network Traffic

  • Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts

- Investigating Wireless Attacks

  • Investigate wireless attacks

- Web Attack Investigation

  • Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats to network security

- Investigating Email Crime and Violation

  • Perform various steps involved in investigation of email crimes

- Mobile Forensic Process

  • Perform various processes involved in mobile forensics

- Cloud Forensics

  • Perform investigation on cloud storage services such as Google Drive and Dropbox

- Malware Forensics

  • Understand and perform static and dynamic malware analysis

- Defeating Anti-Forensic Techniques

  • Bypass anti-forensic techniques and access the required resources
25%
Tools/Systems/ Programs - First Responder Toolkit
Maintain deployable Computer Network Defense toolkit (e.g., specialized Computer Network Defense software/hardware) to support incident response team mission

- Windows Forensic Tools (Helix3 Pro, X-Ways Forensics, Windows Forensic Toolchest (WFT), Autopsy, The Sleuth Kit (TSK), etc.)

  • Recognize and accurately report forensic artifact indicative of a particular operating system
  • Perform live forensic analysis (e.g., using Helix in conjunction with LiveView)
  • Perform dynamic analysis to boot an “image” of a drive (without necessarily having theoriginal drive) to see the intrusion as the user may have seen it, in a native environment
  • Use data carving techniques (e.g., Autopsy) to extract data for further analysis
  • Decrypt seized data using technical means

- Data Acquisition Software Tools UltraKit Forensic Falcon, etc.)

  • Perform data acquisition (using UltraKit, Active@ Disk Image, DriveSpy, etc.)

- Tools to defeat Anti-Forensics

  • Use File Recovery Tools (e.g., Recover My Files, EaseUS Data Recovery Wizard, etc.), Partition Recovery Tools (e.g., Active@ Partition Recovery, 7-Data Partition Recovery, Acronis Disk Director Suite, etc.), Rainbow Tables Generating Tools (e.g., rtgen, Winrtgen), Windows Admin Password Resetting Tools (e.g., Active@ Password Changer, Windows Password Recovery Bootdisk, etc.).
  • Understand the usage of Application Password Cracking Tools (e.g., Passware Kit Forensic, SmartKey Password Recovery Bundle Standard, etc.), Steganography Detection Tools (e.g., Gargoyle Investigator™ Forensic Pro, StegSecret, etc.)

- Steganography Tools

  • Use tools to locate and recover image files

- Database Forensics Tools

  • Use tools to perform database forensics (e.g., Database Forensics Using ApexSQL DBA, SQL Server Management Studio, etc.)

- Password Cracking Tools

  • Use tools to recover obstructed evidence

- Network Forensics Tools

  • Use network monitoring tools to capturer real-time traffic spawned by any running malicious code after identifying intrusion via dynamic analysis
  • Understand the working of wireless forensic tools (e.g., NetStumbler, NetSurveyor, Vistumbler, WirelessMon, Kismet, OmniPeek, CommView for Wi-Fi, Wi-Fi USB Dongle: AirPcap, tcpdump, KisMAC, Aircrack-ng SuiteAirMagnet WiFi Analyzer, MiniStumbler, WiFiFoFum, NetworkManager, KWiFiManager, Aironet Wireless LAN, AirMagnet WiFi Analyzer, Cascade Pilot Personal Edition,Network Observer, Ufasoft Snif, etc.)

- Web Security Tools, Firewalls, Log Viewers, and Web Attack Investigation Tools

  • Understand the working of web Security Tools, Firewalls, Log Viewers, and Web Attack Investigation Tools (e.g., Acunetix Web Vulnerability Scanner, Falcove Web Vulnerability Scanner, Netsparker, N-Stalker Web Application Security Scanner, Sandcat, Wikto, WebWatchBot, OWASP ZAP, dotDefender, IBM AppScan, ServerDefender, Deep Log Analyzer, WebLog Expert, etc.)

- Cloud Forensics Tools

  • Use Cloud Forensics Tools (e.g., UFED Cloud Analyzer, WhatChanged Portable, WebBrowserPassView, etc.)

- Malware Forensics Tools

  • Use Malware Analysis Tools (e.g., VirusTotal, Autoruns for Windows, RegScanner, MJ Registry Watcher, etc.)

- Email Forensics Tools

  • Use email forensic tools (e.g., StellarPhoenix Deleted Email Recovery, Recover My Email, Outlook Express Recovery, Zmeil, Quick Recovery for MS Outlook, Email Detective, Email Trace-Email Tracking, R-Mail, FINALeMAIL, eMailTrackerPro, Paraben’s email Examiner, Network Email Examiner by Paraben, DiskInternal’s Outlook Express Repair, Abuse.Net, MailDetective Tool, etc.)

- Mobile Forensics Software and Hardware Tools

  • Use mobile forensic software tools (e.g., Oxygen Forensic Suite 2011, MOBILedit! Forensic, BitPim, SIM Analyzer, SIMCon, SIM Card Data Recovery, Memory Card Data Recovery, Device Seizure, Oxygen Phone Manager II, etc.)

- Report Writing Tools

  • Create well formatted computer forensic reports
10%

To ensure success in EC-Council CHFI v9 certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for EC-Council Computer Hacking Forensic Investigator (312-49) exam.

Rating: 4.7 / 5 (40 votes)