Computer Hacking Forensic Investigator (CHFI)

This class is designed to provide the participants with the necessary skills to perform an effective digital forensics investigation. The course presents a methodological approach to computer forensics, including searching and seizing, chain-of-custody, acquisition, preservation, analysis, and reporting of digital evidence. It is a comprehensive course covering major forensic investigation scenarios that enables students to acquire necessary hands-on experience on various forensic investigation techniques and standard forensic tools necessary to successfully carry out a computer forensic investigation leading to the prosecution of perpetrators.

Students who successfully complete this class will be able to:

1. Understand fundamental concepts of incident response and forensic, perform electronic evidence collection, and digital forensic acquisition.

2. Understand the strict data and evidence handling procedures, maintain an audit trail (i.e., chain of custody) and/or evidence of integrity, work on technical examination, analysis, and reporting of computer-based evidence, preparing and maintaining case files.

3. Utilize forensic tools and investigative methods to find electronic data, including Internet use history, word processing documents, images, and other files, gather volatile and non-volatile information from Windows, MAC, and Linux, and recover deleted files and partitions in Windows, Mac OS X, and Linux.

4. Understand different types of disk drives and their characteristics, examine file systems using autopsy and the sleuth kit tools, and understand data acquisition fundamentals and methodology.

5. Illustrate file carving techniques and ways to recover evidence from deleted partitions and understand anti-forensic techniques that exploit CFT bugs and CFT activities, and interpret their countermeasures.

6. Search file slack space where PC type technologies are employed, file MAC times (Modified, Accessed, and Create dates and times) as evidence of access and event sequences, examine file type and file header information, review e-mail communications; including webmail and Internet Instant Messaging programs, and examine the internet browsing history.

7. Understand network forensics and its steps involved, examine the network traffic and explain how to perform incident detection and examination using SIEM tools.

8. Understand web application forensics and its architecture, interpret the steps for web attacks, Apache web server architecture, and its logs investigation. Explain how to perform and identify the traces of the Tor browser during the investigation.

9. Understand database forensics, determine the database repositories, understand the cloud concepts and attacks on the cloud. The significance of cloud forensics and distinguish their types.

10. Understand email basics, review the steps for investigating the email crimes and explain malware forensics fundamentals and identify the techniques used to spread malware.

11. Perform the mobile forensics and illustrate its architecture, determine the mobile storage and its evidence.

12. Perform the IoT forensics, examine different types of IoT threats and explain how to perform forensics on IoT devices.