EC-Council Certified Computer Hacking Forensic Investigator (C|HFI)

Price
Net
VAT

Price
Price on Request

Duration
5 days

For companies and job seekers:
this course is 100% fundable!
 

Location

Course Language
English

Training Solutions
Online Live

Request a consultation Add to favorites Print as PDF

Digital attacks are dynamic, and their traces are often hidden. What matters most is the ability to systematically collect, interpret, and contextualize data. The course content combines cutting-edge technologies with proven forensic methods.

Key Topics

  • Securing and analyzing digital evidence
  • Investigation of cyberattacks and incidents
  • Forensic analysis of networks and systems
  • Dealing with obfuscation techniques
  • Legally compliant evaluation and reporting

Prerequisites
Fundamentals of IT security and system understanding

Target Audience
Cybersecurity teams, IT forensic experts, technical auditors

Digital forensics is becoming an indispensable discipline for modern organizations. Those who can identify and correctly interpret digital traces strengthen security, transparency, and the ability to act in a connected world.

Print as PDF
Course Content
  • Understanding the Basics of Computer Forensics
  • Understanding cybercrime and related investigative procedures
  • Understanding digital evidence
  • Understanding forensic readiness, incident response, and the role of a SOC (Security Operations Center) in computer forensics
  • Identifying the roles and responsibilities of a forensic investigator
  • Understanding the challenges of investigating cybercrime
  • Understanding the legal requirements in computer forensics
  • Understanding the forensic investigation process and its significance
  • Understanding the preliminary investigation phase
  • Understanding the initial response
  • Understanding the investigation phase
  • Understanding the post-investigation phase
  • Describe the different types of drives and their characteristics
  • Explain the logical structure of a hard drive
  • Understand the boot process of Windows, Linux, and Mac operating systems
  • Understand the different file systems of Windows, Linux, and Mac operating systems
  • Examine file systems using the Autopsy and The Sleuth Kit tools
  • Understand storage systems
  • Understand encoding standards and hex editors
  • Analyzing common file formats with a hex editor
  • Understanding the basics of data collection
  • Understanding data collection methodology
  • Preparing an image file for analysis
  • Understanding Anti-Forensic Techniques
  • Discussion of data deletion and Recycle Bin forensics
  • Demonstration of file carving techniques and methods for recovering evidence from deleted partitions
  • Examination of password cracking and bypass techniques
  • Detection of steganography, hidden data in file system structures, trace obfuscation, and file extension discrepancies
  • Understanding of techniques for artifact deletion, detection of overwritten data/metadata, and encryption
  • Detection of program packers and techniques for minimizing traces
  • Understanding of countermeasures against anti-forensic techniques
  • Collection of volatile and non-volatile information
  • Performing Windows memory and registry analyses
  • Examination of cache, cookie, and history data in web browsers
  • Analysis of Windows files and metadata
  • Understanding of ShellBags, LNK files, and Jump Lists
  • Understanding text-based logs and Windows event logs
  • Understanding Volatile and Non-Volatile Data in Linux
  • Analysis of file system images with The Sleuth Kit
  • Performing memory forensics with Volatility and PhotoRec
  • Understanding Mac forensics
  • Understanding Network Forensics
  • Explain the basics of logging and network forensics readiness
  • Summarize concepts of event correlation
  • Identify Indicators of Compromise (IoCs) from network protocols
  • Examine network traffic
  • Detect and analyze incidents using SIEM tools
  • Monitor and detect wireless network attacks
  • Understanding Web Application Forensics
  • Understanding Internet Information Services (IIS) Logs
  • Understanding Apache Web Server Logs
  • Understanding how intrusion detection systems (IDS) work
  • Understanding how Web Application Firewalls (WAF) work
  • Investigating Web Attacks on Windows-Based Servers
  • Identifying and analyzing various attacks on web applications
  • Understanding the Dark Web
  • Determining how to identify traces of the Tor browser during an investigation
  • Performing a forensic analysis of the Tor browser
  • Understanding Database Forensics and Its Importance
  • Identifying data storage and database evidence sources in MSSQL Server
  • Collecting evidence files on MSSQL Server
  • Performing MSSQL forensics
  • Understanding the internal architecture of MySQL and the structure of the data directory
  • Understanding the Information Schema and listing MySQL utilities for performing forensic analysis
  • Performing MySQL forensics on the database of a WordPress web application
  • Understanding the basic concepts of cloud computing
  • Understanding cloud forensics
  • Understanding the basics of Amazon Web Services (AWS)
  • Determining how security incidents are investigated in AWS
  • Understanding the basics of Microsoft Azure
  • Determine how security incidents are investigated in Azure
  • Understanding forensic methods for containers and microservices
  • Understanding the Basics of Email
  • Investigating Email Crimes and Understanding the Steps Involved
  • U.S. laws against email crime
  • Define malware and identify the common techniques attackers use to spread malware
  • Understand the basics of malware forensics and recognize types of malware analysis
  • Understand and perform static analysis of malware
  • Analyze suspicious Word and PDF documents
  • Understand the fundamentals and approaches of dynamic malware analysis
  • Analyze the behavior of malware on system properties in real time
  • Analyze the behavior of malware on the network in real time
  • Describe fileless malware attacks and how they work
  • Perform an analysis of fileless malware – Emotet
  • Understanding the Importance of Mobile Device Forensics
  • Overview of the architectural layers and boot processes of Android and iOS devices
  • Explanation of the steps in the mobile forensic process
  • Examining data from mobile networks
  • Understanding the SIM file system and its data collection methods
  • Overview of phone locks and discussion of rooting on Android and jailbreaking on iOS devices
  • Performing a logical data backup on Android and iOS devices
  • Performing a physical data backup on Android and iOS devices
  • Discussion of challenges in mobile forensics and preparation of an investigation report
  • Understanding the IoT and IoT Security Issues
  • Identifying Different Types of IoT Threats
  • Understanding IoT forensics
  • Conducting forensic investigations on IoT devices

Frequently Asked Questions

  • It demonstrates proven expertise in digital forensics—from evidence preservation to analysis—and opens doors to roles in security, IT forensics, and incident response.
  • Reconstructing cyberattacks, securing evidence of the perpetrators, and generating legally compliant reports—exactly what companies urgently need after an incident.
  • Work with leading forensic tools for disk, network, and memory analysis, including case management and reporting under realistic conditions.
  • Instead of theory: real-world scenarios, building chains of evidence, recovering data, analyzing logs—skills that work directly in everyday situations.
  • Attacks happen every day—if you don’t thoroughly investigate incidents, you’ll lose data, money, and trust. Forensics is the key to getting to the bottom of them.
  • Independent analysis of security incidents, structured evidence collection, and reliable reports for internal teams or legal purposes.
  • Ideal for IT security professionals, administrators, and analysts who want to shift from reactive protection to proactive intelligence gathering.
  • The focus is not on offense or defense, but on what comes next: analyzing evidence, identifying patterns, and thoroughly investigating incidents.
Berlin
Bremen
Dortmund
Dusseldorf
Frankfurt
Hamburg
Hanover
Cologne
Leipzig
Munich
Nuremberg
Stuttgart
29. Jun - 03. Jul 2026
09:00 - 17:00
Request Course 3.495,00 € VAT: 664,05 €
Physical
29. Jun - 03. Jul 2026
09:00 - 17:00
Request Course 3.845,00 € VAT: 730,55 €
Physical
29. Jun - 03. Jul 2026
09:00 - 17:00
Request Course Price on Request
Physical
29. Jun - 03. Jul 2026
09:00 - 17:00
Request Course 3.845,00 € VAT: 730,55 €
Physical
29. Jun - 03. Jul 2026
09:00 - 17:00
Request Course 3.845,00 € VAT: 730,55 €
Physical
29. Jun - 03. Jul 2026
09:00 - 17:00
Request Course 3.845,00 € VAT: 730,55 €
Physical
29. Jun - 03. Jul 2026
09:00 - 17:00
Request Course 3.845,00 € VAT: 730,55 €
Physical
29. Jun - 03. Jul 2026
09:00 - 17:00
Request Course 3.845,00 € VAT: 730,55 €
Physical
29. Jun - 03. Jul 2026
09:00 - 17:00
Request Course 3.845,00 € VAT: 730,55 €
Physical
29. Jun - 03. Jul 2026
09:00 - 17:00
Request Course 3.845,00 € VAT: 730,55 €
Physical
29. Jun - 03. Jul 2026
09:00 - 17:00
Request Course Price on Request
Physical
29. Jun - 03. Jul 2026
09:00 - 17:00
Request Course Price on Request
Physical

Do you have any further questions? Please contact us.