Computer Hacking Forensic Investigator (312-49)

In the times of developing technology and increased dependency on the technology has given rise to cybercrimes. Computer hacking forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks. This certification will help you to increase your chances of getting your dream job or will help you climb higher in the corporate ladder. It will also help you to stand out in the crowd and becoming preferable candidate for the job.

Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. So, in the world where technology has become an inseparable part of life, gaining the certification like this can be of utmost benefit. Let us get into the details of Computer Hacking Forensic Investigator (312-49) exam by EC council.

What is Computer Hacking Forensic Investigator (312-49) Exam?

Computer hacking forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks.

CHFI investigators can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information known as computer data recovery. The purpose of the exam is Validate the candidate’s skills to identify an intruder’s footprints and to properly gather the necessary evidence to prosecute in the court of law.

Targeted audience

The 312-49 certification targets the following people –

• Police and other law enforcement personnel
• Defense and Military personnel
• e-Business Security professionals
• Systems administrators
• Legal professionals
• Banking, Insurance and other professionals
• Government agencies
• IT managers

Exam overview

These are the following major details about the exam –

• Exam Name: Computer Hacking Forensic Investigator (CHFI)
• Exam Code: 312-49 (ECC EXAM)
• Number of Questions: 150
• Length of Time:  240 Minutes
• Registration Fee: $650.00
• Passing Score: 60% to 85% depending upon the cut score for the exam
• Exam Language: English

Passing criteria

To ensure each form has equal assessment standards, cut scores are set on a “per exam form” basis. Depending on which exam form is challenged, cut scores can range from 60% to 85%.

Computer Hacking Forensic Investigator Requirements

The following are the eligibility requirements for the 312-49 exam –

Either one of the following criteria is required by EC-Council so that a determination can be made regarding a candidate’s eligibility.

a) A candidate has completed “Official” training through an EC-Council Authorized Training Center (ATC).  Accepted “Official” training solutions: Instructor-Led (ILT) or Academic Learning.

b) A Candidate may be granted permission to attempt the exam without “Official” training if:

1. The Candidate has and can prove two years of Information Security related experience.
2. The candidate remits a non-refundable Eligibility Application Fee of $100 (USD).
3. The candidate submits a completed Exam Eligibility Application.

Exam retake policy

If a candidate does not successfully pass an EC-Council exam, he/she can purchase ECC Exam center voucher to retake the exam at a discounted price.

If a candidate is not able to pass the exam on the first attempt, no cooling or waiting period is required to attempt the exam for the second time (1st retake). If a candidate is not able to pass the second attempt and subsequent a waiting period of 14 days is required prior to attempting the exam for the next time.

A candidate is not allowed to take a given exam more than five times in a 12-month (1 year) period and a waiting period of 12 months will be imposed before being allowed to attempt the exam for the sixth time (5th retake). Candidates who pass the exam are not allowed to attempt the same version of the exam for the second time.

Extension Policy

EC-Council exam vouchers are valid for a maximum period of one year from the date of purchase. A candidate may opt to extend his/her EC-Council exam vouchers for an additional 3 months for $35 if the voucher is valid (not used and not expired). Vouchers can only be extended once.

Recertification policy

Your CHFI credential is valid for 3 years. To renew your credential for another 3-year period you need to update your EC-Council Continuing Education (ECE) credit account in the EC-Council Aspen portal and submit proof of your earned credits. To maintain your certification, you must earn a total of 120 credits within 3 years of ECE cycle period. The credits can be earned in many ways including attending conferences, writing research papers, preparing for training classes in a related domain (for instructors), reading materials on related subject matters, taking an exam of a newer version of the certification, attending webinars, and many others.

Other exam policies

It is very important to update yourself with all the policies as well as terms and conditions related to the exam. you can collect information from the official site.

Or, to know more, visit: CFHI (312-49) exam FAQs

Computer Hacking Forensic Investigator Course Outline

You will be tested on the basis of following major domains –

Domain 1 – Forensic Science – 15% (22 questions)

• Computer Forensics Objective and Need (EC-Council Reference: Computer Forensics Fundamentals, Digital Forensics)
• Forensic Readiness
• Cyber Crime
• Web Applications and Webservers Attacks (EC-Council Reference: Common Web application attacks)
• Email Crimes (EC-Council Reference: EMAIL PHISHING)
• Network Attacks (EC-Council Reference: Types of Network Security Attacks)
• Forensics on Mobile Devices (EC-Council Reference: MOBILE DEVICE FORENSICS)
• Cyber Crime Investigation
• Computer Forensics Investigation Methodology
• Reporting a Cyber Crime
• Expert Witness

Domain 2 – Regulations, Policies and Ethics – 10% (15 questions)

• Searching and Seizing Computers with and without a Warrant
• Laws and Acts against Email Crimes (EC-Council Reference: Role of a Forensic Investigator in law, Role of Cyber Forensics in Crime)
• Laws pertaining to Log Management
• Policies Pertaining to Mobile Forensics (EC-Council Reference: Digital forensics investigation role, MOBILE DEVICE FORENSICS)
• Laws and Acts against Email Crimes (EC-Council Reference: Role of a Forensic Investigator in law, Role of Cyber Forensics in Crime)
• General Ethics While Testifying

Domain 3 – Digital Evidence – 20% (30 questions)

• Digital Evidence
• Types of Digital Evidence
• Rules of Evidence
• Electronic Evidence: Types and Collecting Potential Evidence
• Electronic Crime and Digital Evidence Consideration by Crime Category (EC-Council Reference: ROLE OF CYBER FORENSICS IN CRIMINAL OFFENCES, Computer Forensic Investigation)
• Computer Forensics Lab (EC-Council Reference: Computer Forensics Lab, SET UP A SECURE DIGITAL FORENSICS LAB)
• Understanding Hard Disks (EC-Council Reference: Understanding Hard Disks and File Systems)
• Disk Partitions and Boot Process
• Understanding File Systems (EC-Council Reference: Understanding Hard Disks and File Systems)
• Windows File Systems (EC-Council Reference: Windows Forensics)
• Linux File Systems
• Mac OS X File Systems
• RAID Storage System
• File Carving
• Image Files (EC-Council Reference: Steganography and Image File Forensics)
• Analyze Logs
• Database Forensics
• Email Headers (EC-Council Reference: SECURING EMAIL FOR AN ORGANIZATION, TYPES OF CYBER ATTACKS)
• Analyzing Email headers
• Malware Analysis
• Mobile Operating Systems

Domain 4 – Procedures and Methodology – 20% (30 questions)

• Investigating Computer Crime (EC-Council Reference: Role of DIGITAL FORENSICS INVESTIGATOR)
• Computer Forensics Investigation Methodology (EC-Council Reference: Digital Forensics)
• Digital Evidence Examination Process (EC-Council Reference: Digital Forensics)
• Encryption
• First Responder
• First Response Basics
• Roles of First Responder
• Data Acquisition and Duplication (EC-Council Reference: HANDLE DATA ACQUISITION IN DIGITAL FORENSICS, Data Acquisition and Duplication)
• Defeating Anti-forensics Techniques (EC-Council Reference: ANTI-FORENSIC TECHNIQUES TO COVER DIGITAL FOOTPRINTS)
• Log Management and Event Correlation (EC-Council Reference: Log Capturing and Event Correlation)
• Network Forensics (Intrusion Detection Systems (IDS)) (EC-Council Reference: INTRUSION DETECTION SYSTEMS (IDS) WORKING)
• Computer Forensics Reports and Investigative Report Writing (EC-Council Reference: Investigative Reports)

Domain 5 – Digital Forensics – 25% (37 questions)

• Recover Data (EC-Council Reference: Disaster Recovery)
• File System Analysis (EC-Council Reference: Understanding Hard Disks and File Systems)
• Windows Forensics (EC-Council Reference: Windows Forensics)
• Linux Forensics
• MAC Forensics
• Recovering the Deleted Files and Partitions (EC-Council Reference: Recovering Deleted Files and Deleted Partitions)
• Steganography and Image File Forensics (EC-Council Reference: Steganography and Image File Forensics)
• Steganalysis
• Application Password Crackers (EC-Council Reference: Application Password Crackers)
• Investigating and Analyzing Logs (EC-Council Reference: Network Forensics, Investigating Logs and Investigating Network Traffic)
• Investigating Network Traffic (EC-Council Reference: Network Forensics, Investigating Logs and Investigating Network Traffic)
• Investigating Wireless Attacks (EC-Council Reference: Investigating Wireless Attacks)
• Web Attack Investigation
• Investigating Email Crime and Violation (EC-Council Reference: Tracking Emails and Investigating Email Crimes)
• Mobile Forensic Process
• Cloud Forensics (EC-Council Reference: DIGITAL FORENSICS IN THE REALM OF DISTRIBUTED CLOUD DATA)
• Malware Forensics (EC-Council Reference: MALWARE AND MEMORY FORENSICS)
• Defeating Anti-Forensic Techniques (EC-Council Reference: ANTI-FORENSIC TECHNIQUES TO COVER DIGITAL FOOTPRINTS)

Domain 6 – Tools/Systems/ Programs – 10% (16 questions)

• First Responder Toolkit
• Windows Forensic Tools (Helix3 Pro, X-Ways Forensics, Windows Forensic Toolchest (WFT), Autopsy, The Sleuth Kit (TSK), etc.) (EC-Council Reference: DIGITAL FORENSIC TOOL)
• Data Acquisition Software Tools UltraKit Forensic Falcon, etc.
• Tools to defeat Anti-Forensics (EC-Council Reference: ANTI-FORENSIC TECHNIQUES TO COVER DIGITAL FOOTPRINTS)
• Steganography Tools (EC-Council Reference: Steganography in cybersecurity and techniques)
• Database Forensics Tools
• Password Cracking Tools (EC-Council Reference: Application Password Crackers)
• Network Forensics Tools
• Web Security Tools, Firewalls, Log Viewers, and Web Attack Investigation Tools (EC-Council Reference: FIREWALLS, Firewall Penetration Testing)
• Cloud Forensics Tools
• Malware Forensics Tools (EC-Council Reference: MALWARE AND MEMORY FORENSICS)
• Email Forensics Tools
• Mobile Forensics Software and Hardware Tools (EC-Council Reference:
• Report Writing Tools

Reference: CHFI Exam BluePrint

Computer Hacking Forensic Investigator Preparation resources

There are so many resources available that can be used for preparation. but one should be very careful while choosing the resources as they determine how well you pass the exam. let us look at some resources –

Official resources

There are some resources that are made available by the official site. These are the most authentic resources in terms of syllabus. But in terms of quality, you can find even better resources at many educational sites. These are the list of resources officially available, you can visit official site for Computer Hacking Forensic Investigator syllabus and to know more about them –

• iLearn (Self-Study)
• iWeek (Live Online)
• Master Class
• Training Partner (In Person)

Build your Own Strategy

Prepare your own strategy for study. Self-study is the key that will help you score more and will lead to perfection. Categories the syllabus into the parts which demands hands-on training and which is theoretical. Break the big parts into smaller ones and then try to learn them. This will enable you to grasp things easily. Always make sure to never skip classes and keep your practice regular. Make notes and keep revising from time to time.

Books

Books are indeed the best-valued resource that is readily available at ease. You can refer to any book of your choice or can go for those as prescribed by the open group. Remember to match your syllabus and prepare in the right direction. Some Computer Hacking Forensic Investigator book are:

• Computer Hacking Forensic Investigator All-in-One Exam Guide by Charles L. Brooks
• Computer Forensics: Investigation Procedures and Response (CHFI): EC-Council

Online classes and instructor led training

There are many online resources available for study such as online classes and online instructor led courses. Many sites today offer the preparation sets such as classes with test series and practice papers which are readily available and are a reliable source.  You can also take the Computer Hacking Forensic Investigator training classes prescribed on the official site. The instructor led courses are interactive enough to clear your doubts and helps you prepare thoroughly.

Sample papers and test series

Sample papers and test series are one way out to identify the loopholes in your preparation and let you prepare in best possible way. They build your confidence and also make you familiar with the exam pattern so that you don’t panic on the exam day. Practice as many Computer Hacking Forensic Investigator exam questions and take as many test series as you can as this will instill perfection in you and you will be able to handle the tricky part of the exam. Try a free practice test now!

Add a valuable credential to your resume by clearing the Computer Hacking Forensic Investigator (312-49) Exam. Start Preparing Now!