Why THIS course? 

The Become a Certified Computer Forensics Investigator course is essential for any aspiring digital forensics professional, as it offers a comprehensive learning experience that covers the key aspects of computer forensics, including practical exercises and real-world scenarios. Understanding Windows browser forensics serves as a solid foundation for mastering browser forensics on other operating systems, as the concepts and methods are similar across platforms with differences mainly in file architecture. By completing this course, you will gain a thorough understanding of digital investigations, be prepared to pass the CHFI certification exam, and excel in a growing and highly sought-after field.

Why NOW? 

I think you will never find a clear case of browsing activity that may reveal a lot of information. Therefore, you need to learn browser forensics now rather than tomorrow.

Browsers update frequently, so students that have not kept up with the changes will struggle when facing a case with a more updated browser than they know. The good point is that the concepts remain the same, that’s why now is better than tomorrow.

Who is this course for?

• Information Security Analysts
• Digital Forensics Analyst
• Incident Responders
• Digital Forensic analysts

What skills will you gain?

• Conducting computer forensic investigations: Learn the process and key stages of a computer forensic investigation, including collecting digital evidence and maintaining the chain of custody.
• Analyzing various digital storage systems: Gain proficiency in analyzing hard drives, file systems, databases, and cloud data to uncover valuable evidence.
• Investigating network, web, and email-based attacks: Acquire skills to trace and mitigate cyber threats, such as DDoS, SQL injection, and phishing attacks.
• Performing operating system and mobile device forensics: Develop expertise in examining Windows, macOS, Linux, Android, and iOS systems to identify potential security incidents.
• Preparing and presenting forensic reports: Learn to create comprehensive investigative reports and present findings in court.

What will you learn about? 

• The concept and goals of digital forensics analysis: Understand the principles and objectives of digital forensics in modern cybercrime challenges.
• Data acquisition methods and tools: Learn various techniques and tools for acquiring data from different storage devices while ensuring validity and authenticity.
• Anti-forensics techniques and countermeasures: Discover methods for hiding and erasing digital traces, and learn to recognize and counter such techniques.
• Malware forensics and analysis: Gain insights into different types of malware and their characteristics, and practice both static and dynamic malware analysis.
• CHFI certification exam preparation: Review key computer forensics topics and prepare for the CHFI certification exam to advance your professional development.

What tools will you use?

• FTK Imager and Autopsy for hard drive and file system analysis.
• dd, FTK Imager, and X-Ways Forensics for data acquisition.
• Wireshark, Log2timeline, and Event Viewer for system and network log analysis.
• Wireshark and tcpdump for network forensics.
• Burp Suite, OWASP ZAP, and Nikto for tracing web attacks.
• SQLMap, SQLNinja, and database management systems (e.g., MySQL, Microsoft SQL Server) for database forensics.
• AWS, Azure, Google Cloud tools, and Magnet AXIOM Cloud for cloud forensics.
• IDA Pro, OllyDbg, and VirusTotal for malware forensics.
• Emailchemy, MailXaminer, and ProDiscover for email communication tracing.
• Cellebrite UFED, Oxygen Forensic Detective, and Magnet AXIOM for mobile device forensics.
• Microsoft Office, LibreOffice, or other report generation tools for creating forensic reports.

COURSE IS SELF-PACED, AVAILABLE ON DEMAND

DURATION: 80 hours

CPE POINTS: On completion you get a certificate granting you 80 CPE points.

The course starts on the 15th of June.

The suggested study time for this course ranges from 1 to 12 months, allowing students the flexibility to progress at their own pace.

The first module will be available starting July 15th. Subsequent modules will be published every three weeks, ensuring a consistent flow of content and allowing students ample time to complete and digest the material.

Please note that the course content and software used may be subject to minor changes. This ensures that the course remains up-to-date and relevant, providing students with the most current information and tools in the field of digital forensics.

*Disclaimer*
Please note that eForensicsMag is not the certifying body for the CHFI certificate. The CHFI certificate is issued by EC-Council, which is responsible for administering the exam and issuing the certificate.

Course format: 

• Self-paced
• Pre-recorded
• Accessible even after you finish the course
• No preset deadlines
• Materials are video, labs, and text
• All videos captioned

What should you know before you join?

• Basic understanding of operating systems - Windows and Linux
• Basic understanding of computer networking concepts
• Basic understanding of information security concepts

What will you need?

• A computer with Windows 10 or Linux operating system
• Stable internet connection
• A web browser
• Multimedia playback software

The Introduction to Computer Investigations module provides an overview of modern cybercrime challenges, the concept and goals of digital forensics analysis, and an introduction to the CHFI certification. This module lays the groundwork for understanding the importance of computer forensics in today's digital landscape and prepares students for the topics covered throughout the course.

• Modern cybercrime challenges.
• Concept and goals of digital forensics analysis.
• Introduction to CHFI certification.

For this module, the student will engage in a scenario-based exercise in which they will be given a fictional cybercrime scenario and asked to identify the key steps to be taken to begin a computer forensic investigation. The task will involve developing an action plan for the given cybercrime scenario, allowing the student to apply their understanding of the core concepts introduced in this module and prepare for more in-depth, hands-on exercises in subsequent modules.

Module Workload – Suggested Module Time: 4 hours

The Computer Investigation Process is a crucial aspect of digital forensics, as it provides the framework and guidelines for conducting successful investigations. Understanding the different stages, principles, and procedures involved in collecting digital evidence is essential for every digital forensics analyst.

Main topics covered in this module:

• Stages of the computer investigation process
• Principles and procedures for collecting digital evidence
• Evidence chain and its maintenance

For this module, the student will be given a triage image containing evidence of browser activity from an ex-employee of a company who exfiltrated important documents. The student will need to check the browser artifacts we learnt and know where to search. The exercise will be a set of multiple-choice questions. 

Module Workload – Suggested Module Time: 4 hours

Hard Drives and File Systems are essential components of any digital device, and understanding their structure, data recovery techniques, and the tools for analyzing them is crucial for a digital forensics analyst. This module will help students gain practical knowledge and expertise in working with different file systems and recovering lost or deleted data.

• Hard drive structure and file systems
• Data recovery techniques
• Tools for analyzing hard drives and file systems

For this module, the student will practice file system analysis using tools like FTK Imager and Autopsy to analyze different file systems such as NTFS, FAT, ext4, etc. The task will involve identifying file system types and recovering deleted files from a given disk image. The exercise will be a practical file system analysis, and the student will be required to provide a detailed report on their findings and the methods used for data recovery.

Module Workload – Suggested Module Time: 5 hours

Data Acquisition is a fundamental aspect of digital forensics, as it involves the process of obtaining data from various storage devices while ensuring the validity and authenticity of the acquired data. Understanding the different methods, hardware, and software used for data acquisition is vital for a digital forensics analyst.

• Data acquisition methods
• Hardware and software for data acquisition
• Validity and authenticity of acquired data

For this module, the student will practice acquiring data from various storage devices such as hard drives, USB drives, and memory cards using tools like dd, FTK Imager, and X-Ways Forensics. The task will involve creating a forensic image of a given storage device and verifying its integrity using hashing algorithms. The exercise will be a practical data acquisition task, and the student will be required to provide a detailed report on their findings and the methods used for acquiring and validating the data.

Module Workload – Suggested Module Time: 5 hours

Anti-Forensics Techniques involve methods used by cybercriminals to hide or erase traces of their activities, making it difficult for digital forensic investigators to find evidence. Understanding and countering these techniques are essential skills for a digital forensics analyst.

• Methods for hiding and erasing traces
• Recognizing and countering anti-forensics techniques
• Tools for combating anti-forensics

For this module, the student will face an anti-forensics challenge where a digital environment has been manipulated using anti-forensics techniques to hide or obscure evidence. The task will involve identifying and counteracting these techniques to recover hidden or obscured digital evidence. The exercise will be a practical anti-forensics task, and the student will be required to provide a detailed report on their findings and the methods used to counteract the anti-forensics techniques.

Module Workload – Suggested Module Time: 5 hours

Operating System Forensics focuses on the analysis of Windows, macOS, and Linux systems to recover valuable information related to cybercrimes. Examining files and system registries and understanding the tools used to analyze operating systems are critical skills for a digital forensics analyst.

• Analysis of Windows, macOS, and Linux systems
• Examination of files and system registry
• Tools for analyzing operating systems

For this module, the student will practice system and network log analysis using tools like Wireshark, Log2timeline, and Event Viewer. The task will involve identifying potential attacks and their sources in the given log files. The exercise will be a practical operating system forensics task, and the student will be required to provide a detailed report on their findings and the methods used to analyze the logs and identify potential attacks.

Module Workload – Suggested Module Time: 6 hours

Network Forensics focuses on capturing and analyzing network traffic to identify cyberattacks and network threats. Understanding the techniques and tools used for network analysis is crucial for digital forensics investigators to effectively detect and mitigate threats.

• Techniques for capturing and analyzing network traffic
• Identification of attacks and network threats
• Tools for analyzing network traffic

For this module, the student will practice network analysis, such as capturing and analyzing network traffic, identifying and tracking DDoS attacks using tools like Wireshark and tcpdump. The task will involve capturing and analyzing network traffic to identify suspicious activities and their sources. The exercise will be a practical network forensics task, and the student will be required to provide a detailed report on their findings and the methods used to analyze network traffic and identify threats.

Module Workload – Suggested Module Time: 6 hours

Tracing Web Attacks teaches students how to analyze and investigate various web-based attacks, such as DDoS, SQL Injection, and XSS attacks. Students will learn to examine web server logs and identify attack perpetrators, as well as suggest mitigation measures to prevent future attacks.

• Analysis of DDoS, SQL Injection, and XSS attacks
• Examination of web server logs
• Techniques for identifying attack perpetrators

For this module, the student will analyze and investigate web-based attacks using tools like Burp Suite, OWASP ZAP, and Nikto. The task will involve identifying the source and impact of a given web attack and suggesting mitigation measures. The exercise will be a practical web attack investigation task, and the student will be required to provide a detailed report on their findings and the methods used to investigate the attack and recommend preventive actions.

Module Workload – Suggested Module Time: 6 hours

Database Forensics focuses on the analysis of data and structures in databases to detect unauthorized data access and recover lost or tampered data. Students will learn various techniques and tools for analyzing databases and investigating database attacks.

• Analysis of data and structures in databases
• Detection of unauthorized data access
• Tools for analyzing databases

For this module, the student will analyze and investigate database attacks using tools like SQLMap, SQLNinja, and database management systems (e.g., MySQL, Microsoft SQL Server). The task will involve identifying the source and impact of a given database attack and recovering lost or tampered data. The exercise will be a practical database forensics task, and the student will be required to provide a detailed report on their findings and the methods used to investigate the attack and recover affected data.

Module Workload – Suggested Module Time: 6 hours

Cloud Forensics deals with the challenges and methods of investigating data stored in cloud services. Students will learn techniques for acquiring data from cloud services and using various tools for analyzing data in the cloud.

• Challenges in investigating cloud data
• Methods for acquiring data from cloud services
• Tools for analyzing data stored in the cloud

For this module, the student will practice cloud forensics, such as analyzing data stored in the cloud and identifying potential threats and incidents using cloud service provider tools (e.g., AWS, Azure, Google Cloud) and cloud-specific forensic tools like Magnet AXIOM Cloud. The task will involve analyzing a given cloud environment for potential threats and incidents and reporting findings. The exercise will be a practical cloud forensics task, and the student will be required to provide a detailed report on their findings and the methods used to investigate the cloud environment.

Module Workload – Suggested Module Time: 6 hours

Malware Forensics focuses on the types and characteristics of malware, as well as techniques for static and dynamic malware analysis. Students will learn various tools for analyzing malware and determining its source, impact, and potential countermeasures.

• Types and characteristics of malware
• Static and dynamic malware analysis
• Tools for analyzing malware

Module Workload – Suggested Module Time: 4 hours

Email Communication Tracing covers the analysis of email headers and content, as well as the recovery of deleted email messages. Students will learn various tools for analyzing email communication and identifying potential phishing or other malicious activities.

• Analysis of email headers and content
• Recovering deleted email messages
• Tools for analyzing email communication

For this module, the student will analyze email messages, identify phishing, and other email-based attacks using tools like Emailchemy, MailXaminer, and ProDiscover. The task will involve analyzing a given set of email messages and identifying potential phishing or other malicious activities. The exercise will be a practical email investigation task, and the student will be required to provide a detailed report on their findings and the methods used to investigate the email messages.

Module Workload – Suggested Module Time: 6 hours

Mobile Device Forensics focuses on data recovery from mobile devices and the analysis of Android, iOS, and other mobile platforms. Students will learn various tools for analyzing data from mobile devices and identifying potential threats and incidents.

• Data recovery from mobile devices
• Analysis of Android, iOS, and other mobile platforms
• Tools for analyzing data from mobile devices

For this module, the student will analyze mobile devices such as smartphones and tablets, and identify potential threats and incidents using tools like Cellebrite UFED, Oxygen Forensic Detective, and Magnet AXIOM. The task will involve extracting and analyzing data from a given mobile device and identifying potential security incidents. The exercise will be a practical mobile device forensics task, and the student will be required to provide a detailed report on their findings and the methods used to investigate the mobile device.

Module Workload – Suggested Module Time: 4 hours

Creating Reports from Analysis Results covers the structure and elements of an investigative report, documenting digital evidence and analysis results, and presenting investigation results in court. Students will learn how to create detailed forensic reports based on their findings.

• Structure and elements of an investigative report
• Documenting digital evidence and analysis results
• Presenting investigation results in court

For this module, the student will practice creating reports of analysis results and presenting them in court using tools like Microsoft Office, LibreOffice, or other report generation tools. The task will involve creating a detailed forensic report based on the findings of a given case, including the methods used, evidence recovered, and conclusions drawn. The exercise will be a practical forensic reporting task, and the student will be required to provide a well-structured, comprehensive report on their findings and the methods used to investigate the case.

Module Workload – Suggested Module Time: 4 hours

The Exam & Course Summary module provides a review of key computer forensics topics, preparation for the CHFI certification exam, and discussion of further professional development opportunities. Students will consolidate their understanding of the material covered in the course and test their knowledge through a comprehensive final exam.

• Review of key computer forensics topics
• Preparation for the CHFI certification exam
• Discussion of further professional development opportunities

For this module, the student will complete a comprehensive final exam covering all the key concepts and practical skills learned throughout the course. The task will involve successfully passing the final exam to demonstrate proficiency in computer forensics and prepare for the CHFI certification exam. The exercise will be a practical assessment of the student's knowledge and understanding of the course material, ensuring they are well-equipped to tackle the CHFI certification exam and continue their professional development in the field of computer forensics.

Module Workload – Suggested Module Time: 4 hours