AS the stage has been set for sophisticated cyber-attacks due to continuing misuse of the internet, the need for advanced cyber security and investigation training is a mandate in the present day. If a corporation or an organization requires the knowledge or technique to recognize, track, and punish the cybercriminals, then this course will pave a way for all the cyber related officials entrusted with law enforcement. This course helps students and professionals to excel in digital evidence acquisition, handling and analysis in a forensically sound manner. Skills developed after learning this course will lead to successful prosecutions in varieties of security incidents such as data breaches, corporate espionage, insider threats and other cases involving computer and network systems.

  • The CHFI or the Computer Hacking Forensic Investigators offers official recognition for people who have passed a rigorous training program learning to trace minute clues left in information systems after hacking infiltration.
  • CHFI certification enables graduates to uncover signs of fraud,
  • Compilation of legal evidence of cybercrimes, and trace of the source of viruses or spam mails used for degrading a personality’s public image.

Course Details

Course Outline

Computer hacking forensic investigation is the course of detecting hacking attacks and properly extracting evidence to report the crime and take measures to prevent similar future activities. Computer forensics enables the systematic and careful identification of evidence in computer related crime and abuse cases. This may vary from tracing the tracks of a hacker through a client’s systems, to tracing the originator of defamatory emails, to recovering signs of fraud. The CHFI course will provide participants the necessary skills to identify a cybercriminals footprint and to properly gather the necessary evidence to prosecute before the judge in the court of law. URSE OUTLINEIt is based upon: It is based upon:

  • It teaches the participant the methods to use the mistakes committed by the cybercriminal and to exploit it to the best in interest of the case.
  • It imparts the necessary skills for steganalysis.
  • How to recover deleted files?
  • It teaches log management.
  • Most importantly it ensures forensic investigation to be well taught.
  • Digital evidence and password cracking concepts.

Best Suited For

The CHFI job is best suited for people those who are involved in the field of cyber security with the aim of catching the cyber criminals. These days’ cybercrimes such as Computer break-ins, websites page hacking, distribution of restricted pornography, email fraud, data theft and espionage in companies are occurring for which the government and private agencies are offering the best payable and repudiated jobs. The following are the career roles which may be best suitable for the people opting for CHFI as a course:

  • Computer Forensics Investigator
  • Licensed Penetration Tester
  • Systems Engineer
  • Systems Architect

People who are involved in the field of Network Security Speciality. (A large amount of professionals are already in this field) A person may also follow on the following courses in order to enhance their career as well as job abilities:

  • ECSA (EC-Council Certified     Security Analyst)


In order to be eligible to attempt an EC-Council certification examination, candidate will have to choose either of the following ways:- If a person has attended an official training then the following step has to take:

  • If a candidate has attended an official instructor-led training (ILT), computer-based training (CBT), online live training, or any other academic learning related to the field of security, candidate is eligible to attempt the     relevant EC-Council exam.

Attempt Exam without any sort of official training, then the following steps is to followed:

  • In order to be considered for the EC-Council certification exam without attending official training, candidate must the following requisites:
  • He should have at least two     years of information security related experience.
  • Remit a non-refundable eligibility application fee
  • Submit a completed Exam Eligibility Application Form.
  • Pay the fees and then purchase an official exam voucher direct from the official website of EC-Council

It is strongly recommended to take a CEH course before pursuing the CHFI course.


CHFI is a certification that gives a complete overview of the process that a forensic investigator generally follows when investigating a cybercrime. It includes not only the right treatment of the digital evidence in order to be accepted in the Courts but also useful tools and techniques that can be applied to investigate an incident occurred related to cyber world. Following are mentioned some of the points which tell why certification is necessary for and what are its use.

  • How to recover deleted files and deleted partitions in Windows, Mac OS X, and Linux
  • He also learns the process and uses it after his certification for cases     involved in forensic investigation using Access Data FTK and Encase     Steganography and its techniques, Ste analysis, and image file forensics
  • Password Cracking Concepts, tools, types of password attacks and how to investigate password protected file breach
  • Different types of log capturing techniques, log management, time synchronization, log     capturing tools
  • How to investigate logs, network traffic, wireless attacks, and web attacks
  • How to track e-mails and investigate e-mail crimes and many more.


CHFI certification is granted to a student after passing a lengthy four-hour examination called the ECO 312-49, and students must score more than 70 per cent to pass. The test has 150 questions that test their knowledge of advanced hardware and software processes. The CHFI Certification is an incredible asset to a company which leads to better understanding of security issues, especially concerning vulnerability. Once certified, forensic investigators have remarkable flexibility in finding lucrative jobs in the following areas:

  • Defence Department and military agencies
  • Federal, state, and local law enforcement
  • Systems administrators for IT companies
  • Banking, insurance and financial industries
  • Science, research and engineering
  • Medical industry
  • Legal and judicial departments

A person after getting the certification from EC-Council can undergo the process of investigating cyber-crime, laws involved, and the details in obtaining a search warrant. He also gets trained as well as authorised in the following different types of digital evidence, rules of evidence, digital evidence examination process, and electronic crime and digital evidence consideration.


1. CHFI, what does it stands for?

Computer hacking forensic investigator is the full form of CHFI

2. Is it necessary to undertake any course before taking up with CHFI?

Yes, it is recommended to take CEH course before undergoing this course.

3. What is the duration of the programme?

It lasts for 5 days with 8 working hours each day.

4. What training do we get from this course?

You get to investigate cybercriminals with forensic capabilities in order to catch hold of these criminals.

5. Can we attempt this exam by self-study method?

Yes anyone having an experience in network related work or a CEH certification can take the self-study course.

6. How is it different from other cyber courses?

It gives a person edge over others because after taking the evidence and solid proof against a person, a cybercriminal can be charged under the IT law before the judge in front of a court of law.

7. Who certifies the CHFI programme?

Just as CEH is certified by the EC-Council similarly the CHFI programme is certified by the council.

8. What nature of job does a CHFI get into after he completes the certification?

After the completing the certification a person may get the job of a cybercrime forensic investigator or something related to forensic.

9. Is it a job with good salary and benefits?

Yes, CHFI certified people have been paid handsomely and their perks are also not limited to a season, rather they go on as per the success of the case.

10. How a CHFI does differ from a CEH?

A CEH is ethical hacker whose main job is to pinpoint the vulnerabilities of the system while a CHFI investigates the crime conducted by a cybercriminal and collects all sorts of evidence against a person so as to present him in a court of law.

11. What are the minimum marks required for passing the exam?

A minimum of 70 per cent is required to get passed in the exam.

12. Can a person re-appear for the exam?

If the participants’ exam centre is well-connected then he may do so as many times without any gap between the exams.

13. What is the syllabus?

The syllabus contains 21 modules which have to be studied in detail.

14. What other courses can be done after it gets completed? ECSA/LPT and CISS are the courses which may be pursued after completing the CHFI course.

15. What roles do these investigators play in crime control?

A lot of serious crimes are being carried out on the internet which results in loss of millions and even lives. An investigator is responsible for controlling such acts by acting swiftly and getting the criminals maximum penalty or sentence.  

Delivery Modes

Classroom Training

The classroom training deals with twenty one modules. These modules have been designed in order to be well understandable. The topics are taught by specially trained professionals who have plenty of experience working as an investigator. These teachers get accreditation from the EC-council and only after that they are allowed to teach the students.

Following are the topics which will be a part of course:

New Module flow design

Graphical representation.
Static Data collection process
Steganography and its application.
Acquiring internet traffic using DNS.

Key Steps in Forensics Investigation

Rules of Forensics Investigation
Need for Forensics Investigator
Role of Forensics Investigator
Accessing Computer Forensics Resources

Role of Digital Evidence: Collect Electronic Evidence

Guidelines for Acquiring Evidence
Computer Forensics Investigation Process
Build a Forensics Workstation
Building the Investigation Team
People Involved in Computer Forensics
Review Policies and Laws

Collect the Evidence

Collect Physical Evidence
Evidence Collection Form
Collect Electronic Evidence
Computer Forensics Investigation Methodology: Secure the Evidence
Forensics Investigation Using Encase

Virtual Classroom

EC-Council accredited experts are involved with the job of imparting virtual training to those students are based in different parts of the world and have chosen self-study as their medium. The main advantage of this course is that anyone can undertake this course while they are engrossed with their daily jobs in other fields of interest.

The topics which are covered are nearly same as classroom teaching but there is addition to it, which is as follows:

Evidence and data collection:

Computer Forensics in Today’s World
Computer Forensics Investigation Process.
Investigative Reports
How to act as an Expert Witness
Investigating Wireless Attacks
Investigating Web Attacks
Forensics Investigation Using Access Data FTK
Forensics Investigation Using Encase
Steganography and Image File Forensics
First Responder Procedures
Searching and Seizing Computers
Digital Evidence
CHFIv8 DVD contains a huge cache of evidence files for analysis including RAW, video and audio files, MS Office files, systems files etc.
Understanding Hard Disks and the concept of file in the system.

E- Learning

E-Learning enables students to practice various investigation techniques in a real time and simulated environment. The course tools and programs are preloaded on the Virtual machine on the e-servers, thereby saving productive time and effort

EC-Council Computer Hacking Forensic Investigator helps the students to learn the following things through e-learning:

The computer forensic investigation process and the various legal issues involved
Evidence searching, seizing and acquisition methodologies in a legal and forensically sound manner
Different types of digital evidence, rules of evidence, digital evidence examination process, and electronic crime and digital evidence consideration by crime category
Roles of first responder, first responder toolkit, securing and evaluating electronic crime scene, conducting preliminary interviews, documenting electronic crime scene, collecting and preserving electronic evidence in the best possible manner.
How to investigate logs, network traffic, wireless attacks, and web attacks
How to track e-mails and investigate e-mail crimes
Mobile forensics and mobile forensics software and hardware tools which are up to date.
How to write investigative reports and their proper representation.

Related Courses