Every crime leaves a digital footprint, and you need the skills to track those footprints. In this course, students will learn to unravel these pieces of evidence, decode them and report them. From decoding a hack to taking legal action against the perpetrators, they will become an active respondent in times of cyber-breaches. This course may earn a Credly Badge.


* Actual course outline may vary depending on offering center. Contact your sales representative for more information.

Learning Objectives

At the end of this course, you will possess the skills needed to:

Understand the fundamentals of computer forensics
Understand the computer forensic investigation process
Describe in detail different types of hard disks and file systems
Understand data acquisition and duplication
Counteract anti-forensic techniques
Leverage forensic skills in Windows, Linux, and Mac
Investigate web attacks
Understand dark web forensics
Deploy forensic techniques for databases, cloud, and networks
Investigate email crimes including malware
Perform forensics in mobile and IoT environments

  • Computer Forensics in Today's World

  • 1.1. Understand the Fundamentals of Computer Forensics
    1.2. Understand Cybercrimes and their Investigation Procedures
    1.3. Understand Digital Evidence
    1.4. Understand Forensic Readiness, Incident Response and the Role of SOC (Security
    Operations Center) in Computer Forensics
    1.5. Identify the Roles and Responsibilities of a Forensic Investigator
    1.6. Understand the Challenges Faced in Investigating Cybercrimes
    1.7. Understand Legal Compliance in Computer Forensics

  • Computer Forensics Investigation Process

  • 2.1. Understand the Forensic Investigation Process and its Importance
    2.2. Understand the Pre-investigation Phase
    2.3. Understand First Response
    2.4. Understand the Investigation Phase
    2.5. Understand the Post-investigation Phase

  • Understanding Hard Disks and File Systems

  • 3.1. Describe Different Types of Disk Drives and their Characteristics
    3.2. Explain the Logical Structure of a Disk
    3.3. Understand Booting Process of Windows, Linux and Mac Operating Systems
    3.4. Understand Various File Systems of Windows, Linux and Mac Operating Systems
    3.5. Examine File System Using Autopsy and The Sleuth Kit Tools
    3.6 Understand Storage Systems
    3.7. Understand Encoding Standards and Hex Editors
    3.8. Analyze Popular File Formats Using Hex Editor

  • Data Acquisition and Duplication

  • 4.1. Understand Data Acquisition Fundamentals
    4.2. Understand Data Acquisition Methodology
    4.3. Prepare an Image File for Examination

  • Defeating Anti-forensics Techniques

  • 5.1. Understand Anti-forensics Techniques
    5.2. Discuss Data Deletion and Recycle Bin Forensics
    5.3. Illustrate File Carving Techniques and Ways to Recover Evidence from Deleted Partitions
    5.4. Explore Password Cracking/Bypassing Techniques
    5.5. Detect Steganography, Hidden Data in File System Structures, Trail Obfuscation, and File Extension Mismatch
    5.6. Understand Techniques of Artifact Wiping, Overwritten Data/Metadata Detection, and Encryption
    5.7. Detect Program Packers and Footprint Minimizing Techniques
    5.8. Understand Anti-forensics Countermeasures

  • Windows Forensics

  • 6.1. Collect Volatile and Non-volatile Information
    6.2. Perform Windows Memory and Registry Analysis
    6.3. Examine the Cache, Cookie and History Recorded in Web Browsers
    6.4. Examine Windows Files and Metadata
    6.5. Understand ShellBags, LNK Files, and Jump Lists
    6.6. Understand Text-based Logs and Windows Event Logs

  • Linux and Mac Forensics

  • 7.1. Understand Volatile and Non-volatile Data in Linux
    7.2. Analyze Filesystem Images Using The Sleuth Kit
    7.3. Demonstrate Memory Forensics Using Volatility & PhotoRec
    7.4. Understand Mac Forensics

  • Network Forensics

  • 8.1. Understand Network Forensics
    8.2. Explain Logging Fundamentals and Network Forensic Readiness
    8.3. Summarize Event Correlation Concepts
    8.4. Identify Indicators of Compromise (IoCs) from Network Logs
    8.5. Investigate Network Traffic
    8.6. Perform Incident Detection and Examination with SIEM Tools
    8.7. Monitor and Detect Wireless Network Attacks

  • Investigating Web Attacks

  • 9.1. Understand Web Application Forensics
    9.2. Understand Internet Information Services (IIS) Logs
    9.3. Understand Apache Web Server Logs
    9.4. Understand the Functionality of Intrusion Detection System (IDS)
    9.5. Understand the Functionality of Web Application Firewall (WAF)
    9.6. Investigate Web Attacks on Windows-based Servers
    9.7. Detect and Investigate Various Attacks on Web Applications

  • Dark Web Forensics

  • 10.1. Understand the Dark Web
    10.2. Determine How to Identify the Traces of Tor Browser during Investigation
    10.3. Perform Tor Browser Forensics

  • Database Forensics

  • 11.1. Understand Database Forensics and its Importance
    11.2. Determine Data Storage and Database Evidence Repositories in MSSQL Server
    11.3. Collect Evidence Files on MSSQL Server
    11.4. Perform MSSQL Forensics
    11.5. Understand Internal Architecture of MySQL and Structure of Data Directory
    11.6. Understand Information Schema and List MySQL Utilities for Performing Forensic Analysis
    11.7. Perform MySQL Forensics on WordPress Web Application Database

  • Cloud Forensics

  • 12.1. Understand the Basic Cloud Computing Concepts
    12.2. Understand Cloud Forensics
    12.3. Understand the Fundamentals of Amazon Web Services (AWS)
    12.4. Determine How to Investigate Security Incidents in AWS
    12.5. Understand the Fundamentals of Microsoft Azure
    12.6. Determine How to Investigate Security Incidents in Azure
    12.7. Understand Forensic Methodologies for Containers and Microservices

  • Investigating Email Crimes

  • 13.1. Understand Email Basics
    13.2. Understand Email Crime Investigation and its Steps
    13.3. U.S. Laws Against Email Crime

  • Malware Forensics

  • 14.1. Define Malware and Identify the Common Techniques Attackers Use to Spread Malware
    14.2. Understand Malware Forensics Fundamentals and Recognize Types of Malware Analysis
    14.3. Understand and Perform Static Analysis of Malware
    14.4. Analyze Suspicious Word and PDF Documents
    14.5. Understand Dynamic Malware Analysis Fundamentals and Approaches
    14.6. Analyze Malware Behavior on System Properties in Real-time
    14.7. Analyze Malware Behavior on Network in Real-time
    14.8. Describe Fileless Malware Attacks and How they Happen
    14.9. Perform Fileless Malware Analysis - Emotet

  • Mobile Forensics

  • 15.1. Understand the Importance of Mobile Device Forensics
    15.2. Illustrate Architectural Layers and Boot Processes of Android and iOS Devices
    15.3. Explain the Steps Involved in Mobile Forensics Process
    15.4. Investigate Cellular Network Data
    15.5. Understand SIM File System and its Data Acquisition Method
    15.6. Illustrate Phone Locks and Discuss Rooting of Android and Jailbreaking of iOS Devices
    15.7. Perform Logical Acquisition on Android and iOS Devices
    15.8. Perform Physical Acquisition on Android and iOS Devices
    15.9. Discuss Mobile Forensics Challenges and Prepare Investigation Report

  • IoT Forensics

  • 16.1. Understand IoT and IoT Security Problems
    16.2. Recognize Different Types of IoT Threats
    16.3. Understand IoT Forensics
    16.4. Perform Forensics on IoT Devices


The CHFI course will benefit Police and other laws enforcement personnel, Defense and Military personnel, e-Business Security professionals, Systems administrators, Legal professionals, Banking, Insurance and other professionals, and Government agencies.




While there are no prerequisites for this course, please ensure you have the right level of experience to be successful in this training.


Length: 5.0 days (40 hours)


Not Your Location? Change

Course Schedule:

Schedule select
9:00 AM ET -
5:00 PM ET
Filling Fast
Schedule select
8:00 AM PT -
4:00 PM PT
Schedule select
9:00 AM ET -
5:00 PM ET