Course Overview:
The Computer Hacking Forensic Investigator (CHFI) course delivers the security discipline of digital forensics from a vendor-neutral perspective. CHFI is a comprehensive course covering major forensic investigation scenarios and enabling students to acquire necessary hands-on experience with various forensic investigation techniques and standard forensic tools necessary to successfully carry out a computer forensic investigation leading to the prosecution of perpetrators.
The CHFI certification gives participants the necessary skills to perform an effective digital forensics investigation. CHRI presents a methodological approach to computer forensics including searching and seizing, chain-of-custody, acquisition, preservation, analysis and reporting of digital evidence
What’s Included:
- 5 days of instructor-led in classroom training
- Detailed Labs for hands-on learning experience; approximately 50% of training is dedicated to labs
- Hundreds of investigation tools including EnCase, Access Data FTL, & ProDiscover
- Huge cache of evidence files for analysis including RAW, .dd images, video & audio files, MS Office files, systems files, etc.
- CHFI Courseware
- Exam Voucher
- CHFI onsite exam scheduling
Course Objectives:
- Establish threat intelligence and key learning points to support pro-active profiling and scenario modeling
- Perform anti-forensic methods detection
- Perform post-intrusion analysis of electronic and digital media to determine the who, where, what, when, and how the intrusion occurred
- Extract and analyze of logs from various devices like proxy, firewall, IPS, IDS, Desktop, laptop, servers, SIM tool, router firewall, switches AD server, DHCP logs, Access Control Logs & conclude as part of investigation process
- Identify & check the possible source/ incident origin
- Recover deleted files and partitions in Windows, MAC OS X, and Linux
- Conduct reverse engineering for known and suspected malware files
- Collect data using forensic technology methods in accordance with evidence handling procedures, including collection of hard copy and electronic documents
Dates/Locations:
Duration: 5 Days
Course Content:
-
- Module 01. Computer Forensics in Today’s World
- Module 02. Computer Forensics Investigation Process
- Module 03. Understanding Hard Disks and File Systems
- Module 04. Data Acquisition and Duplication
- Module 05. Defeating Anti-forensics Techniques
- Module 06. Operating System Forensics (Windows, Mac, Linux)
- Module 07. Network Forensics
- Module 08. Investigating Web Attacks
- Module 09. Database Forensics
- Module 10. Cloud Forensics
- Module 10. Malware Forensics
- Module 11. Investigating Email Crimes
- Module 12. Investigating Email Crimes
- Module 13. Mobile Forensics
- Module 14. Forensics Report Writing and Presentation
Prerequisites:
TechNow has heard many students talk about virtualized/remote training that TechNow Does Not Do. While training our most recent offering of PA-215: Palo Alto Networks Firewall Essentials FastTrack a student told his story of how he endend up in our course. His story we have heard for other technologies like Cisco, VMware, BlueCoat and other products.
A large percentage of training is moving to the virtualized/remote lab environments. Students are asked to use some variant of remote access software and remote into the training company's lab environment. Our student in our Palo Alto Networks Firewall course informed us that he went to a very costly offering of that course from the vendor and was not able to perform any labs. There were either network connectivity issues, or issues with the remote access software, or other problems. The whole training experience was very frustrating and not productive.
We keep our labs open to students if they would like after hours, or before hours access. Repeatedly going through a lab engrains that knowledge for later recall. Touching hardware is so critical in understanding the problems that arise when a cable comes loose, or a cable gets plugged in the wrong port. There are other scenarios such as just pulling the power cable, or turning off a power strip, or accidently overwriting a configuration. These disaster scenarious requires hands-on physical access to hardware. Preventing and recovering from disasters is what it's all about, and that requires hands-on, instructor led, real hardware.
TechNow has 26 years of courseware deveopment with a huge library of course material. If our standard courses are just not quite right for what you require, we can provide customized training to meet your needs! We have serviced many request for training that is aligned to customer business operations. Additionally, our security related courses can provide concise direction on how to build security programs and/or address gaps in your existing security programs. TechNow strives for 100% customer satisfaction, and customized classes is one method that TechNow uses to achieve that goal.
Together, our Classroom in a Box service and the customized class service can provide highly targeted training to your team at your location.
If you are interested in more information regarding our customized training, contact us at 800-324-2294
TechNow,Inc is an Accredited Training Center. As an ATC we are authorized to conduct EC-Council curriculum courses. Students will receive official EC-Council Curriculum and access to iLabs and when applicable access to EC-Council Cyber Range.
Here are the EC-Council course offerings:
Course Overview:
TechNow has worked worldwide enterprise infrastructures for over 30 years and has developed demos and labs to exemplify the techniques required to demonstrate technologies that effectively support CTI. This course integrates well with our courses TN-575: Open Source Network Security Monitoring and TN-865: Wireshark Network Traffic and Security Analysis .
TechNow develops Cyber Ranges and makes them available for conferences in support of annual meetings for Cyber Threat Response Teams. Developing scenarios and reacting to them appropriately is a big part of the value in understanding the contexts required to comprehend valuable CTI. As with many advanced TechNow security courses, there is a large hands-on ratio. This course helps Cyber Protection Teams (CPT), Defensive Cyber Operations (DCO), and Mission Defense Teams (MDT) to collect, analyze and apply targeted cyber intelligence to defensive operations in order to proactively act on and tune response to attacks by cyber adversaries. CPT, DCO, and MDT can take preemptive action by utilizing CTI, understanding CTI tools, techniques and procedures (TTPs) needed to generate and consume timely and relevant intelligence to improve resilience and prevention.
This course focuses on the collection, classification, and exploitation of knowledge about adversaries and their TTPs. . MDT puts us close the mission and helps define the internal context to be analyzed against the CTI. TechNow pushes the student to truly understand how to think about and use CTI to make a difference.
Attendees to TN-905: Cyber Threat Intelligence Analysis will receive TechNow approved course materials and expert instruction.
Date/Locations:
Course Duration: 5 days
Course Objectives:
- Learn to comprehend and develop complex scenarios
- Identify and create intelligence requirements through practices such as threat modeling
- Utilize threat modeling to drive intelligence handling and practices
- Breakdown tactical, operational, and strategic-level threat intelligence
- Generate threat intelligence to detect, respond to, and defeat focused and targeted threats
- How to collect adversary information creating better value CTI
- How to filter and qualify external sources, mitigating low integrity intelligence
- Create Indicators of Compromise (IOCs) in formats such as YARA, OpenIOC, and STIX
- Move security maturity past IOCs into understanding and countering the behavioral tradecraft of threats
- Breaking down threats mapped against their tradecraft to tweak IOCs
- Establish structured analytical techniques to be successful in any security role
- Learn and apply structured principles in support of CTI and how to communicate that to any security role.
Course Prerequisites:
Comments
Latest comments from students
Liked the class? Then let everyone know!