5 days


This five-day course covers a detailed methodological approach to forensic analysis including searching, seizing, chain of custody, acquisition, preservation, analysis and reporting of digital evidence. All major tools and theories adopted by forensic investigators are covered in this course.

The program comes with cloud-based virtual labs enabling students to practice various investigation techniques in a real-time and simulated environment.

Exam vouchers are included with the course. Exams are not taken at the conclusion of the course. Exam candidates are required to book their exam after completion of the course. Your EC-Council Exam Centre Voucher will come with an expiry date. Please refer to the DDLS booking Terms and Conditions regarding exam voucher validity.

Please note there are strict conditions applied to attendance at EC-Council Certified Hacking Investigator courses. On the first day of the course, students are required to sign a Liability Agreement form. A copy of this form and relevant links may be found here.

Key Topics

Detailed Info
  • Computer Forensics in Today’s World
  • Computer Forensics Investigation Process
  • Understanding Hard Disks and File Systems
  • Data Acquisition and Duplication
  • Defeating Anti-forensics Techniques
  • Operating System Forensics (Windows, Mac, Linux)
  • Network Forensics
  • Investigating Web Attacks
  • Database Forensics
  • Cloud Forensics
  • Malware Forensics
  • Investigating Email Crimes
  • Mobile Phone Forensics
  • Forensics Report Writing and Presentation
Skills Gained
Key Topics
Target Audience

Skills Gained

After attending this course you will be able to identify footprints and gather all necessary evidence for a prosecution of an intruder. CHFI has detailed labs for hands-on learning experience. On average, approximately 50% of training time is dedicated to labs.

After attending this course you will have covered all the relevant knowledge-bases and skills required to meet regulatory standards such as ISO 27001, PCI DSS, SOX, HIPPA, etc.

Key Topics

Module 1: Computer Forensics in Today’s World

  • Understanding Computer Forensics
  • Why and When Do You Use Computer Forensics?
  • Cyber Crime (Types of Computer Crimes)
  • Case Study
  • Challenges Cyber Crimes Present For Investigators
  • Cyber Crime Investigation
  • Rules of Forensics Investigation
  • Understanding Digital Evidence
  • Types of Digital Evidence
  • Characteristics of Digital Evidence
  • Role of Digital Evidence
  • Sources of Potential Evidence
  • Rules of Evidence
  • Forensics Readiness
  • Computer Forensics as part of an Incident Response Plan
  • Need for Forensic Investigator
  • Roles and Responsibilities of Forensics Investigator
  • What makes a Good Computer Forensics Investigator?
  • Investigative Challenges
  • Legal and Privacy Issues
  • Code of Ethics
  • Accessing Computer Forensics Resources

Module 2: Computer Forensics Investigation Process

  • Importance of Computer Forensics Process
  • Phases Involved in the Computer Forensics Investigation Process
  • Pre-investigation Phase
  • Investigation Phase
  • Post-investigation Phase

Module 3: Understanding Hard Disks and File Systems

  • Hard Disk Drive Overview
  • Disk Partitions and Boot Process
  • Understanding File Systems
  • RAID Storage System
  • File System Analysis

Module 4: Data Acquisition and Duplication

  • Data Acquisition and Duplication Concepts
  • Static Acquisition
  • Validate Data Acquisitions
  • Acquisition Best Practices

Module 5: Defeating Anti-forensics Techniques

  • What is Anti-Forensics?
  • Anti-Forensics techniques

Module 6: Operating System Forensics (Windows, Mac, Linux)
Introduction to OS Forensics
Windows Forensics

  • Collecting Volatile Information
  • Collecting Non-Volatile Information
  • Analyse the Windows thumbcaches
  • Windows Memory Analysis
  • Windows Registry Analysis
  • Cache, Cookie, and History Analysis
  • Windows File Analysis
  • Metadata Investigation
  • Text Based Logs
  • Other Audit Events
  • Forensic Analysis of Event Logs
  • Windows Forensics Tools

Linux Forensics

  • Shell Commands
  • Linux Log files
  • Collecting Volatile Data
  • Collecting Non-Volatile Data

MAC Forensics

  • Introduction to MAC Forensics
  • MAC Forensics Data
  • MAC Log Files
  • MAC Directories
  • MAC Forensics Tools

Module 7: Network Forensics

  • Introduction to Network Forensics
  • Fundamental Logging Concepts
  • Event Correlation Concepts
  • Network Forensic Readiness
  • Network Forensics Steps
  • Network Traffic Investigation
  • Network Packet Analyser: Capsa Portable Network Analyser
  • Documenting the Evidence
  • Evidence Reconstruction

Module 8: Investigating Web Attacks

  • Introduction to Web Application Forensics
  • Web Attack Investigation
  • Investigating Web Server Logs
  • Web Attack Detection Tools
  • Tools for Locating IP Address
  • WHOIS Lookup Tools

Module 9: Database Forensics

  • Database Forensics and Its Importance
  • MSSQL Forensics
  • MySQL Forensics

Module 10: Cloud Forensics

  • Introduction to Cloud Computing
  • Cloud Forensics

Module 11: Malware Forensics

  • Introduction to Malware
  • Introduction to Malware Forensics
  • Analysis of Malicious Documents
  • Malware Analysis Challenges

Module 12: Investigating Email Crimes

  • Email System
  • Email Crimes (Email Spamming, Mail Bombing/Mail Storm, Phishing, Email Spoofing, Crime via Chat Room, Identity Fraud/Chain Letter)
  • Email Message
  • Steps to Investigate Email Crimes and Violation
  • Email Forensics Tools
  • Laws and Acts against Email Crimes

Module 13: Mobile Phone Forensics

  • Why Mobile Forensics?
  • Top Threats Targeting Mobile Devices
  • Mobile Hardware and Forensics
  • Mobile OS and Forensics
  • What Should You Do Before the Investigation?
  • Mobile Forensics Process

Module 14: Forensics Report Writing and Presentation

  • Writing Investigation Reports
  • Expert Witness Testimony

Target Audience

  • Law enforcement officers
  • system administrators
  • security officers
  • network security professionals
  • auditors

We can also deliver and customise this training course for larger groups – saving your organisation time, money and resources. For more information, please contact us on [email protected].


Basic knowledge on IT cyber-security, computer forensics and incident response. Certified Ethical Hacker would be advantageous.

Print course details

The supply of this course by DDLS is governed by the booking terms and conditions. Please read the terms and conditions carefully before enrolling in this course, as enrolment in the course is conditional on acceptance of these terms and conditions.

Request Course Information

Email Course Outline
Request a Callback

Enter your details below and we'll email you a pdf of the course outline.

Enter your details below and one of our team will give you a call to answer any questions you may have.

Pre-Course Requirements

This course has requirements which must be completed before commencing.
Please click here to view.