Computer Hacking Forensic Investigator Certification

Computer hacking forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks.

Computer crime in today’s cyber world is on the rise. Computer Investigation techniques are being used by police, government, and corporate entities globally and many of them turn to EC-Council for our Digital Forensic Investigator CHFI Certification Program.

Computer Security and Computer investigations are changing terms. More tools are invented daily for conducting Computer Investigations, be it computer crime, digital forensics, computer investigations, or even standard computer data recovery. The tools and techniques covered in EC-Council’s CHFI program will prepare the student to conduct computer investigations using ground-breaking digital forensics technologies.

Trusted By Forune 500 Companies

Salient Features


CHFI v9 follows the NICE 2.0 framework’s Specialty Areas, perfectly falling under “Cyber Investigation” and “Digital Forensics.” It can advance your career as a Federal Employee.   


The course gives equal importance to practical learningas 40% of its content covers hands-on tools and evidence files.  


CHFI v9 deals includes new-age and conventional anti-forensic techniques like Encryption, Steganography, Tunneling, and many others.

You can choose any of these Computer Forensics Training Modes


This solution is an asynchronous, self-study environment that delivers EC-Council’s sought-after CHFI, digital forensics training courses in a streaming video format. 


This solution is a live, online, instructor-led training course, which means you can attend the CHFI, digital forensics training course with a live instructor from anywhere with an internet connection. 

Master Class 

This solution offers you the opportunity to learn the CHFI, digital forensics program from world-class instructors, and the opportunity to collaborate with top digital forensics professionals. 

Training Partner 

This solution offers “in-person” training for digital forensics so that you can get the benefit of collaborating with your peers and gaining real-world skills, conveniently located in your backyard. 

About the Exam

icon box image

Number of Questions


icon box image

Test Duration

4 Hours

icon box image

Test Format

Multiple Choice

icon box image

Test Delivery


Passing Score 

To maintain the high integrity of our certification exams, EC-Council Exams are provided in multiple forms (i.e., different question banks). Each form is carefully analyzed through beta testing with an appropriate sample group under the purview of a committee of subject matter experts that ensure that each of our exams not only has academic rigor but also has “real world” applicability. We also have a process to determine the difficulty rating of each question. The individual rating then contributes to an overall “Cut Score” for each exam form. To ensure each form has equal assessment standards, cut scores are set on a “per exam form” basis. Depending on which exam form is challenged, cut scores can range from 60% to 85% 

What is Computer Forensics? 

Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. CHFI investigators can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information known as computer data recovery. 

Computer Hacking Forensic Investigator Certification 

EC-Council’s CHFI certifies individuals in the specific security discipline of computer forensics from a vendor-neutral perspective. Our digital forensics certification will fortify the application knowledge of law enforcement personnel, system administrators, security officers, defense and military personnel, legal professionals, bankers, security professionals, and anyone who is concerned about the integrity of the network infrastructure. Each module of our digital forensic course is structured in a way to cover every aspect of Digital Forensics. 


Computer Forensics in Today’s WorldComputer Forensics Investigation ProcessUnderstanding Hard Disks and File SystemsOperating System ForensicsDefeating Anti-Forensics TechniquesData Acquisition and DuplicationNetwork ForensicsInvestigating Web AttacksDatabase ForensicsCloud ForensicsMalware ForensicsInvestigating E-mail CrimesMobile ForensicsInvestigative Reports
Computer forensics helps in solving a cybercrime by identifying, extracting, analyzing, preserving, and documenting digital evidence. But now, with borderless cybercrimes and continuously expanding dark web to exchange state-of-the-art tools, programming frameworks, and services for carrying out massive cyberattacks, the domain is facing new challenges. Thus, CHFI now focuses on building skilled digital forensic experts who can fight against today’s advanced cyber investigations that not only include an isolated piece of hardware, but a diverse set of logical and physical entities with ever-evolving technologies.

The computer forensic science is proving to be an invaluable method in understanding the Tactics, Techniques, and Procedures (TTPs) and modus operandi of the cybercriminals. With a standard computer forensics investigation process, investigators can get accurate, robust, and efficient results in four steps: Identification, Preservation, Analysis, Documentation, and Presentation.
As hard disks and file systems are the major data sources; their in-depth understanding plays a crucial part when investigating a cybercrime. Perpetrators obliterate their footprints after committing a cybercrime to avoid being traced, thus, recovering deleted data from hard disks and analyzing file systems can push the investigation in the right direction.
Operating System Forensics is the method of retrieving useful data from operating systems (OS), including Windows, Linux, and Mac OS, to acquire evidence against cybercriminals. OS supports different file systems, such as FAT, exFAT, and NTFS for Windows, Ext2fs, or Ext3fs for Linux, and similarly for other operating systems. This data and file recovering technique includes data carving, slack space, data hiding, and memory forensics. It also covers major mobile operating systems like Android and iOS.
Anti-forensic methodologies conceal the online activities and footprints of perpetrators. A comprehensive understanding of anti-forensic hiding techniques, such as encryption, steganography, tunneling, onion routing, etc.; destruction methods, including wiping drives; and spoofing helps the computer forensic investigators solve a cybercrime efficiently.
Data acquisition is the process of evidence gathering, while data duplication is the method of duplicating copies of the suspected storage media outlet. By using established methods and tools, such as DiskExplorer for NTFS, AccessData FTK Imager, and several others, investigators can gain access to useful data related to cybercrime, thus, convicting a suspect.
Network forensics captures, records, and analyzes network events to track the source of a security breach by using packet sniffing, network filtering, logging, etc. It enables a cyber forensic professional to inspect incoming and outgoing network traffic and logs to spot the attacking system. It uses several tools like Wireshark, Colasoft Capsa Network Analyzer, and several others to capture, analyze, and filter data packets.
With attackers developing advanced capabilities to bypass security controls and launch a sophisticated cybercrime, web attack has gained a concerning gaze from the digital forensic community. Perpetrators use a wide range of technologies to carry out these attacks, thus, encouraging investigators to include data mining and machine learning techniques to address the shortcomings of cyber forensic investigations.
Database forensics focus on retrieving data from database systems, sometimes corrupted database, in order to understand how the security breach occurred. It aims to revert any unauthorized data manipulation operations to keep sensitive data protected. It usually covers major database schemas, such as Oracle, MySQL, Microsoft SQL Server, PostgresSQL, MongoDB, and various others.
The adoption of cloud services has been a game-changer for enterprises. But it does come with several security challenges, and when they occur, organizations look for professionals with cloud forensic expertise. Immense knowledge of different cloud computing service models – Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS), helps the investigator to perform better. The experts should also be aware of major cloud solutions, such as Amazon Web Services (AWS), Google Cloud, Microsoft Azure, DropBox, Apache Stratos, etc.
Attackers use different forms of malware, which includes ransomware, adware, spyware, Trojan, virus, worm, backdoors, browser hijacker, etc., to gain unauthorized access to critical systems. On the other hand, malware forensics is a progressive approach that determines the functionality, source and possible impact of a malicious software program.
E-mail crime investigation includes tracing, gathering, analyzing, and examining digital evidence and digital footprints of the cybercriminal. It is usually related to e-mail spamming, mail bombing, e-mail spoofing, identity fraud, phishing attacks, and email hijacking. Digital forensic experts need intricate knowledge of various e-mail data recovery and investigation tools like Recover My Email Utility, Paraben’s Email Examiner Tool, etc. to successfully conduct cyber forensic investigations.
Mobile forensics covers a wide array of smart devices, ranging from smartphones, tablets, and GPS-connected smart wearables, and PDAs. This branch of digital forensics recovers digital evidence from mobile devices by seizing, isolating, and storing the suspected device in a protected facility. Investigators then look for digital evidence related to cybercrime in a forensically sound environment.
After finishing a cyber forensic examination, an investigator needs to report the findings that include the overview of the case, followed by the procedure adopted to investigate the crime: Identification, Preservation, and Analysis. The primary objective of investigative reports is to document the facts.

Who is this Program For? 

The CHFI program is designed for all IT professionals involved with information system security, computer forensics, Security Analysis, Pen-testing, and incident response. The following are the domains where digital forensic proficiency is expected. 

  • Police and other law enforcement personnel
  • Defense and Military personnel
  • e-Business Security professionals
  • Systems administrators
  • Legal professionals
  • Banking, Insurance and other professionals
  • Government agencies
  • IT managers

Job Opportunities 

  • Digital Forensic Analyst
  • Digital Forensic Investigator
  • Computer Forensic Investigator
  • Digital Forensic and Malware Analysts
  • Cyber Crime Investigator
  • Law Enforcement /Counter-Intelligence Forensics Analyst
  • Cyber Defense Forensics Analyst
  • Mobile Forensic Investigator

Why consider Digital Forensics Training? 

Continuous learning has always been promoted for personal growth. And to do so, formal digital forensics training offers you the best exposure to the real-world challenges. Similarly, formal training in digital forensics gives you an understanding of complex ideas and practices. For a few, self-learning might seem like an affordable option, but you never know how outdated your learned practices would be in the physical world. Contrarily, formal training under a trainer with years of dedicated experience would offer invaluable insights and help you retain in-demand knowledge. So, anyone who wants to build digital forensic skills, any acclaimed digital forensics training would help you build industry-required skills and validate your capability before the leading employers and recruiters. 

First Response 

  1. Perform Incident Response and initiate computer forensics
  2. Play a role of the first Responder by securing and evaluating a cybercrime scene, conducting preliminary interviews, documenting a crime scene,collectingand preserving electronic evidence, packaging and transporting electronic evidence, reporting of the crime scene 


  1. Perform electronic evidence collections
  2. Perform bit-stream Imaging/acquiring of the digital media seized during the process of investigation.
  3. Gather volatile and non-volatile information from Windows, MAC, and Linux
  4. Collect data using forensic technology methods in accordance with evidence handling procedures, including a collection of hard copy and electronic documents


  1. Perform keyword searches including using target words or phrases
  2. Identify data, images and/or activity which may be the target of an internal investigation
  3. Identify and check the possible source/incident origin
  4. Conduct reverse engineering for known and suspected malware files
  5. Extract and analyze logs from various devices such as proxies, firewalls, IPSs,IDSes, Desktops, laptops, servers, SIM tools, routers, switches, AD servers, DHCP servers, Access Control Systems, etc.


  1. Maintain audit trail (i.e., chain of custody) and evidence integrity
  2. Follow strict data and evidence handling procedures


  1. Perform digital forensic acquisitions as an analyst
  2. Conduct thorough examinations of computer hard disk drives, and other electronic data storage media
  3. Utilize forensic tools and investigative methods to find electronic data, including
  4. Internet use history, word processing documents, images, and other files
  5. Investigate events for evidence of insider threats or attacks
  6. Search file slack space where PC type technologies are employed
  7. File MAC times (Modified, Accessed, and Create dates and times) as evidence of access and event sequences
  8. Examine the Internet browsing history
  9. Crack (or attempt to crack) password protected files
  10. Apply advanced forensic tools and techniques for attack reconstruction
  11. Perform anti-forensics detection


  1. Perform detailed evaluation of the data and any evidence of activity in order to analyze the full circumstances and implications of the event 
  2. Examine file type and file header information
  3. Review e-mail communications including webmail and Internet Instant Messaging programs
  4. Perform post-intrusion analysis of electronic and digital media to determine the who, where, what, when, and how the intrusion occurred
  5. Examine and analyze text, graphics, multimedia, and digital images
  6. Work on technical examination, analysis, and reporting of computer-based evidence


  1. Recover information and electronic data from computer hard drives and other data storage devices
  2. Recover deleted files and partitions in Windows, Mac OS X, and Linux
  3. Recover active, system and hidden files with date/time stamp information
  4. Perform event co-relation
  5. Ensure that reported incident or suspected weaknesses, malfunctions and deviations are handled with confidentiality


  1. Support the generation of incident reports and other collateral
  2. Provide expert witness testimony in support of forensic examinations conducted by the examiner


  1. Prepare and maintain case files
  2. Generate reports which detail the approach, and an audit trail which documents actions taken to support the integrity of the internal investigation process

Routine Checks 

  1. Establish Threat Intelligence and key learning points to support pro-active profiling and scenario modelling
  2. Maintain awareness and follow laboratory evidence handling, evidence examination, laboratory safety, and laboratory security policy and procedures
  3. Assist in the preparation of search and seizure warrants, court orders, and subpoenas

Here is what our experts have to say about Digital Forensics Skills 

Advisory Board


William Yurek
Founder / President
Inspired Hacking Solutions, LLC
Prof. Dr. Krishna SEEBURN
CHIEF INSTRUCTOR – Cybersecurity, Professor – Cyberwarfare – National Defence University, Dept. of Justice, FBI
JoAnne Genevieve Green
Senior-level Academic Technologist and Cybersecurity Educator,
University of Piittburgh
Dr. Merrick S. Watchorn, DMIST
Sr. Executive Director,
ManTech & Chair Quantum Security Alliance (QSA)
Jefferson Gutierrez
Director Forensic Data Analytics & Cyber Forensics,
Max Alexander
Chief Technology Officer and Director of Cybersecurity,
Aveshka , Inc.
Georg Grabner
CISA Advisory Achitect IDM / Solution Developer,
Joseph Shenouda
Cyber Defense Principal (ASOC) & Trusted Adviser | FMR Defense Sr. Intelligence Officer,
David Martin-Woodgate
Director of Digital Forensics and Investigations
Lineal Cyber Limited
Tushar S. Vagal
IT – Head
Larsen & Toubro Realty
Dr. Ranjeet Kumar Singh
Sherlock Institute of Forensic Science India, SIFS INDIA Forensic Lab
Dr. Akashdeep Bhardwaj
Operations (India), Head of Cyber Security
British Telecom Security
Vijay Kumar Verma
VP & Head, Cyber Security Operations Center (CSOC)
Reliance Jio Infocomm Limited
Dr. JS Sodhi
Dr. JS Sodhi Group CIO & Sr Vice President- Amity Education Group, Executive Director-Cyborg Cyber Forensics & Information Security Pvt Ltd. CCFIS)
Ranjeet Rai
Head – Cybersecurity
Abbott India limited
Chris Pearson
Vice President – IT Infrastructure & security
Dr. J R Reagan
Vice Dean
Endicott College of International Studies
Thanwa Wathahong
Deloitte Forensic
Dawie Wentzel
Absa Group Ltd
Head of Cyber Forensic Investigations


Q. Is computer forensics a good career?

Digital forensics, or to put it differently, computer forensics, is the application of scientific investigatory techniques to digital crimes and attacks. In other words, it is a crucial aspect of law and business in the internet age and can be a rewarding and lucrative career path.

Read more: How to build a career in Digital Forensics

Q. What degree do you need for computer forensics?

Aspiring forensic computer analysts typically need a bachelor’s or master’s degree in a field such as digital forensics, computer forensics, or computer security.

Read more: How to become a Digital Forensic Investigator in 2020

Q. What are the three best forensic tools?

While there are many tools that a computer forensic investigator might use, some of the top digital forensic tools are:

  • The Sleuth Kit
  • OSForensics
  • FTK Imager

Read more: Top digital forensic tools