Computer Hacking Forensics Investigator (CHFI) Course Outline

Computer Hacking Forensics Investigator (CHFI)

Revision: TE3415_20090120

(15.78 KB) View, Download, or Print Course as a PDF.

This class requires 5 or more students

Course Length:

5 Days

Course Description:

This course will give students the necessary skills to identify an intruder's footprints and to properly gather the necessary evidence to prosecute. Many of today's top tools of the forensic trade will be taught during this course, including software, hardware, and specialized techniques.

Who Should Attend:

This course is for police and other law enforcement personnel, Defense and Military personnel, e-Business Security professionals, Systems administrators, Legal professionals, Banking, Insurance and other professionals, Government agencies, and IT managers.

Benefits of Attendance:

Upon completion of this course, students will be able to:

Identify an intruder's footprints and properly gather the necessary evidence to prosecute.

Prerequisites:

It is strongly recommended that students attend the CEH class before enrolling into CHFI program.

Course Outline:

Today's Computer Forensics
1. Ways of Forensic Data Collection
2. Objectives of Computer Forensics
3. Benefits of Forensic Readiness
4. Categories of Forensics Data
5. Computer Facilitated Crimes
6. Tracking Cyber Criminals
7. Key Steps in Forensics Investigations
8. Need for Forensic Investigator
9. Advocates Contacting the Forensic Investigator
10. Enterprise Theory of Investigation
11. When do you use Computer Forensics
12. Legal Issues
13. Reporting the Results
Law & Computer Forensics
1. Privacy Issues in Investigations
2. Fourth Amendment Definition
3. Interpol- IT Crime Center
4. Internet Laws and Statutes
5. Intellectual Property Rights
6. Cyber Stalking
7. Crime Investigating Organizations
8. Principles to Combat High-tech Crime
9. Laws in Other Countries
10. Internet Crime Schemes
Computer Investigation Process
1. Securing the Computer Evidence
2. Preparation for Searches
3. Chain-of Evidence Form
4. Accessing the Policy Violation Case
5. Preparing for an Investigation
6. Investigation Process
7. Maintaining Professional Conduct
First Responder Procedure
1. Electronic Evidence
2. The Forensic Process
3. Types of Electronic Devices
4. Evidence Collecting Tools
5. First Response Rule
6. Incident Response: Different Situations
7. Securing and Evaluating Electronic Crime Scene
8. Health and Safety Issues
9. Consent
10. Planning the Search and Seizure
11. ‘Chain of Custody’
12. Findings of Forensic Examination by Crime Category
CSIRT
1. How to Prevent an Incident?
2. Relationship between Incident Response, Handling, and Management
3. Incident Response Checklist
4. Incident Management
5. Why Don’t Organizations Report Computer Crimes?
6. Estimating Cost of an Incident
7. Vulnerability Resources
8. Category of Incidents
9. CSIRT: Goals and Strategy
10. World CERTs
11. IRTs Around the World
Computer Forensic Lab
1. Ergonomics
2. Forensic Laboratory Requirements
3. Portable Systems and Towers
4. Write Protection Devices and Kits
5. Power Supplies and Switches
6. DIBS® Mobile Forensic Workstation
7. Forensic Archive and Restore Robotic Devices
8. Forensic Workstations
9. Tools: LiveWire Investigator
10. Laboratory Imaging System
11. Computer Forensic Labs, Inc
12. Data Destruction Industry Standards
File Systems & Hard Disks
1. Types of Hard Disk Interfaces
2. EFS Key
3. FAT vs. NTFS
4. Windows Boot Process (XP/2003)
Digital Media Devices
1. Digital Storage Devices
2. Magnetic Tape
3. Floppy and Compact Disk
4. CD-ROM and DVD
5. Blu-Ray
6. CD Vs DVD Vs Blu-Ray
7. HD-DVD vs. Blu-Ray
8. iPod and Zune
9. Flash Memory Cards
10. USB Flash Drives
Boot Processes
1. Terminologies
2. Boot Loader and Sector
3. Anatomy of MBR
4. Basic System Boot Process
5. MS-DOS Boot Process
6. Windows XP Boot Process
7. Common Startup Files in UNIX
8. Important Directories in UNIX
9. Linux Boot Process
10. Macintosh Forensic Software by BlackBag
11. Carbon Copy Cloner (CCC)
12. MacDrive6
Windows Forensics
1. Windows Forensics Tool: Helix
2. MD5 Generator: Chaos MD5
3. Registry Viewer Tool: RegScanner
4. Virtual Memory
5. System Scanner
6. X-Ways Forensics
7. Tool: Traces Viewer
8. Investigating ADS Streams
Linux Forensics
1. File System Description
2. Mount Command
3. Popular Linux Forensics Tools
Data Acquisition and Duplication
1. Mount Image Pro
2. Snapshot Tool
3. Snapback DatArrest
4. Image MASSter Solo-3 Forensic
5. Save-N-Sync
6. ImageMASSter 6007SAS and Disk Jockey IT
7. SCSIPAK
8. IBM DFSMSdss
9. QuickCopy
Computer Forensic Tools
1. Software Forensics Tools
2. Hardware Forensics Tools
Investigations Using Encase
1. Evidence File
2. Verifying File Integrity
3. Hashing
4. Acquiring Image
5. Configuring Encase
6. Viewers in Bottom Pane
7. Searching
8. Keywords and Bookmarks
9. Starting the Search
10. Recovering Deletions in FAT Partition
11. Master Boot Record
12. NTFS Starting Point
13. Viewing Disk Geometry
14. Recovering Deleted Partitions
15. Hash Values
16. Viewers
17. Signature Analysis
18. Viewing the Results
19. Copying Files Folders
20. E-mail Recovery
21. Reporting
22. Encase Boot Disks
23. IE Cache Images
Recovering Deleted Files and Deleted Partitions
1. Deleting Files
2. What happens when a File is Deleted in Windows?
3. Storage Locations of Recycle Bin in FAT and NTFS System
4. How The Recycle Bin Works
5. Damaged or Deleted INFO File
6. Damaged Files in Recycled Folder
7. Damaged Recycle Folder
8. Tools to Recover Deleted Files
9. Deletion of Partition
10. Recovery of Deleted Partition
11. Deleted Partition Recovery Tools
Image Files Forensics
1. Understanding Image File Formats
2. How File Compression Works
3. Huffman Coding Algorithm
4. Lempel-Ziv Coding Algorithm
5. Vector Quantization
6. Picture Viewer: AD and Max
7. FastStone Image Viewer
8. XnView
9. Faces – Sketch Software
10. Steganalysis
11. GFE Stealth (Graphics File Extractor)
Steganography
1. Classification of Steganography
2. Steganography vs. Cryptography
3. Steganography Tools
4. Application of Steganography
5. How to Detect Steganography?
Application Password Crackers
1. Brute Force Attack
2. Dictionary Attack
3. Syllable Attack/Rule-based Attack/Hybrid Attack
4. Password Guessing
5. Rainbow Attack
6. CMOS Level Password Cracking
7. Pdf Password Crackers
8. Password Cracking Tools
9. Common Recommendations for Improving Password Security
10. Standard Password Advice
Network Forensics and Investigating Logs
1. Looking for Evidence
2. Log Files as Evidence
3. Records of Regularly Conducted Activity
4. Legality of Using Logs
5. Maintaining Credible IIS Log Files
6. Log File Accuracy
7. Log Everything
8. Keeping Time
9. Use Multiple Logs as Evidence
10. Avoid Missing Logs
11. Log File Authenticity
12. Work with Copies
13. Access Control
14. Chain of Custody
15. Importance of Audit Logs
16. Why Synchronize Computer Times?
17. What is NTP Protocol?
18. NIST Time Servers
19. Configuring the Windows Time Service
Network Traffic
1. Network Addressing Schemes
2. Tool: Tcpdump
3. CommView
4. Softperfect Network Sniffer
5. HTTP Sniffer
6. EtherDetect Packet Sniffer
7. OmniPeek
8. Iris Network Traffic Analyzer
9. SmartSniff
10. NetSetMan Tool
11. Evidence Gathering at the Data-link Layer: DHCP database
12. DHCP Log
13. Siemens Monitoring Center
14. Netresident Tool
15. eTrust Network Forensics
16. IDS Policy Manager http://www.activeworx.org
Wireless Attacks
1. Association of Wireless AP and Device
2. Search Warrant for Wireless Networks
3. Key Points to Remember
4. Testing the Wireless Network
5. Methods to Access a Wireless Access Point
6. Airodump: Points to Note
7. Searching for Additional Devices
8. Forcing Associated Devices to Reconnect
9. Check for MAC Filtering
10. Passive Attack
11. Active Attacks on Wireless Networks
Web Attacks
1. Types of Web Attacks
2. Example of FTP Compromise
3. Acunetix Web Vulnerability Scanner
4. Intrusion Detection
5. CounterStorm-1: Defense against Known, Zero Day and Targeted Attacks
Router Forensics
1. Routing Information Protocol
2. Hacking Routers
3. Router Attack Topology
4. Recording your Session
5. Router Logs
6. NETGEAR Router Logs
7. Link Logger
8. Sawmill: Linksys Router Log Analyzer
9. Real Time Forensics
10. Router Audit Tool (RAT)
DoS Attacks
1. Types of DoS Attacks
2. DDoS Attack
3. DoS Attack Modes
4. Indications of a DoS/DDoS Attack
5. Techniques to Detect DoS Attack
6. Challenges in the Detection of DoS Attack
Internet Crimes
1. Internet Crimes and Forensics
2. IP Address
3. Domain Name System (DNS)
4. Email Headers
5. Switch URL Redirection
6. Recovering Information from Web Pages
7. HTTP Headers
8. Examining Information in Cookies
9. Tracing Geographical Location of a URL: www.centralops.net
10. NetScanTools Pro
11. Tool: Privoxy http://www.privoxy.org
E-mails and E-mail Crimes
1. Client and Server in E-mail
2. E-mail Client and Server
3. Real E-mail System
4. Received: Headers
5. Forging Headers
6. List of Common Headers
7. Exchange Message Tracking Center
8. MailDetective Tool
9. U.S. Laws Against Email Crime
10. Email crime law in Washington
Corporate Espionage
1. Motives
2. Information that Corporate Spies Seek
3. Corporate Espionage: Insider/Outsider Threat
4. Techniques of Spying
5. Defense Against Corporate Spying
6. Netspionage
7. Investigating Corporate Espionage Cases
8. Employee Monitoring: Activity Monitor
9. Spy Tool: SpyBuddy
Trademark & Copyright Infringement
1. Characteristics of Trademarks
2. Copyright
3. Copyright Infringement: Plagiarism
4. Investigating Intellectual Property
5. US Laws for Trademarks and Copyright
6. Laws for Trademarks and Copyright in Other Countries
Sexual Harassment
1. Types of Sexual Harassment
2. Consequences of Sexual Harassment
3. Responsibilities of Supervisors
4. Responsibilities of Employees
5. Complaint Procedures
6. Investigation Process
7. Sexual Harassment Investigations
8. Sexual Harassment Policy
9. Preventive Steps
10. U.S Laws on Sexual Harassment
Investigating Child Pornography
1. Motive Behind Child Pornography
2. People Involved in Child Pornography
3. Role of Internet in Child Pornography
4. Preventing Dissemination
5. Controlling Child Pornography
6. Guidelines for Investigating Cases
7. Sources of Digital Evidence
8. Tools to Protect Children
9. Innocent Images National Initiative
10. Internet Crimes Against Children (ICAC)
11. Reports on Child Pornography
12. U.S. Laws against Child Pornography
13. Laws in Other Countries
PDA and iPod Forensics
1. PDA Forensics Steps
2. iPod
3. Apple HFS+ and FAT32
4. Application Formats
5. Misuse of iPod
6. iPod Investigation
7. Testing Mac Version
8. Full System Restore
9. Testing Windows Version
10. User Account
11. Calendar and Contact Entries
12. Macintosh Version
13. EnCase
14. Deleted Files
15. Windows Version
16. Registry Key Containing the iPod’s USB/Firewire Serial Number
Blackberry Forensics
1. Functions
2. As Operating System
3. How BlackBerry (RIM) Works
4. Serial Protocol
5. Security
6. Forensics
7. Acquisition
8. Collecting Evidence
9. Review of Evidence
10. Simulator – Screenshot
11. Blackberry Attacks
12. Protecting Stored Data
13. Data Hiding in BlackBerry
14. BlackBerry Signing Authority Tool
Investigative Reports
1. Understanding the Importance of Reports
2. Investigating Report Requirements
3. Guidelines for Writing Reports
4. Important Aspects of a Good Report
5. Dos and Don'ts of Forensic Computer Investigations
6. Case Report Writing and Documentation
7. Create a Report to Attach to the Media Analysis Worksheet
8. Investigative Procedures
9. Best Practices for Investigators
Becoming an Expert Witness
1. What is Expert Witness?
2. Types of Expert Witnesses
3. Scope of Expert Witness Testimony
4. Checklists for Processing Evidence
5. Examining Computer Evidence
6. Dealing with Media