Computer Forensics: The Computer Hacking Forensics Investigator (CHFI) Certification
Introduction
In today’s Cyber security world, the ability to conduct a proper forensics investigation at the scene of a crime is of utmost importance. It takes a highly qualified individual to conduct such types of investigations. In order to get a true gauge of this person’s ability, a certification known as the “Computer Hacking Forensic Investigator”, also known as the “CHFI” is offered. Essentially, when one has this particular cert, you can be more or less guaranteed that that he or she is well qualified to conduct a proper and thorough investigation when it comes to computer forensics.
The Target Audience for the CHFI Cert
But, what exactly is a CHFI, and what kinds of evidence are they typically looking for? A CHFI can be described as follows:
Learn Digital Forensics
“A trained individual who carries out the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks.”
(SOURCE: https://cert.eccouncil.org/computer-hacking-forensic-investigator.html).
The evidence that is collected by the CHFI can be quite sophisticated in nature, some of which includes the following:
- Information Technology Infrastructure break ins;
- Pornographic material;
- Any material breach of non-disclosure agreements or other similar types of contracts;
- Attacks to E-Mail servers (this mainly deals with such Phishing based attacks);
- Attacks to Web Servers and their relevant applications which reside on them;
- Any sort of theft or the hijacking of digital documents.
Therefore, the audience to which this cert is geared towards to is the mid-level Security professional, with probably at least 10-15 years of solid work experience.
The following matrix further quantifies the breakdown the years of experience of the total population that possesses the CHFI:
It definitely is not an entry level kind of exam. Some job titles to which this cert applies includes the following:
- Law enforcement officials (primarily at the Federal and State levels;
- Department of Defense officials;
- High level E-Commerce Security professionals;
- Network System Administrators;
- Financial Audit professionals;
- Seasoned IT Managers.
The Skill Levels That Are Tested by The CHFI Cert
Given the sophistication of the titles to which this cert is geared for, the skill levels that are tested by the CHFI are just as rigorous. These include the following:
- A thorough understanding of the Cybercrime investigation process;
- The ability to discern the rules of the evidence collection process, and the ability to apply the set of best practices when it comes the examination of the evidence when it is extracted from the computer in question;
- Knowing how to apply the forensic tools needed to collect the digital evidence from computers;
- The ability to recover deleted across a wide variety of operating systems which include Windows, Linux, Mac OS and even the Smartphones such as the iOS;
- The ability to break passwords in order to unlock the computer as well as an understanding of the Cyber threat landscape surrounding password breaches;
- A deep understanding of how to log the computer evidence that is collected (this can also include knowing how to correlate events with each other that have been discovered, and time clock synchronization);
- Knowing how to track and analyze in great detail all of the known Cyber-attacks, which includes the following:
- Network attacks;
- E-Mail Phishing schemes;
- Mobile/Smartphone/Wireless attacks;
- Web Server attacks (including Internet Information Services and Apache
- On a qualitative level, knowing how to give expert testimony at the time of a trial.
The Details on The CHFI Cert
The CHFI cert is administered and governed by the EC Council. Before anyone can actually appear for the exam, they first must be eligible to take. There are two ways in which this can be accomplished, which are described as follows:
- The registrant can attend an official CHFI training course:
Anybody wishing to take the exam for this cert can attend instructor led training (ILT) via:
- An actual university course;
- An online course;
- Or a self-paced computer course.
To find a university or a cert preparation organization that offers training for the CHFI, click on this link:
In fact, the EC Council offers a highly specialized 5-day preparatory course of the CHFI, known as the “CHFI v8”. A unique offering of this particular class is that students are given access to a virtual Windows 2008 Server, from which they can practice their lab exercises. At the end of the training course, the students have the option of taking the cert exam, or if they wish to take it at a later date. More details on this training course can be seen at this link:
https://d13wv0uuz2t96k.cloudfront.net/pdf/ec-council/CHFI-Exam-Objectives.pdf
- If the registrant does not attend an actual training course as outlined above, then he or she must possess the following:
- 2 years of credible work experience in the field of Cyber security (note that this jus the bare minimum, it is highly recommended that the candidate has substantially more experience as mentioned earlier in this article;
- Possess a college degree with a major in Information Security;
- Submit a $100 nonrefundable exam registration fee;
- Properly complete the EC Council Exam Eligibility form (https://cert.eccouncil.org/Exam-Eligibility-Form.html);
- Receive an official test voucher from the EC Council.
NOTE: If you choose the self-study approach, it is highly recommended that you purchase this study manual, which can be seen at this link:
https://www.amazon.com/Official-CHFI-Study-Guide-312-49/dp/1597491977
The following matrix examines the particulars on the CHFI:
The Job Prospects
Here are the latest statistics on the job prospects for those that possess the CHFI cert:
- 88% are male (with a salary range of $56,425.00 - $105,793.00); 11% are female (with a salary range of $49,371.00 - $88,920.00);
- Here is a matrix of the breakdown of cities in the United States in which the CHFI is in most demand:
The following is a list of companies that are constantly recruiting individuals that possess the CHFI:
- Paylocity
- Noblis
- Fireye
- Mantech International Corporation
- U.S. Navy
- General Dynamics Information Technology, Inc.
Conclusion
Overall, the CHFI cert is expected to be in high demand in the long term. The primary reason for this is that the Cyber threat landscape will only continue to proliferate in complexity and sophistication, thus requiring the need for highly skilled forensics investigators. Depending upon your total years of work experience, and the geographic location that you select to work in, the salaries can be quite high as well.
Learn Digital Forensics
If you're looking for mobile computer forensics training, check out InfoSec Institute's course offerings by filling out the brief form above.
Sources
- https://cert.eccouncil.org/computer-hacking-forensic-investigator.IET) html
- https://www.itcareerfinder.com/it-certifications/ec-council-certification-training/computer-hacking-forensic-investigator-chfi.html
- https://d13wv0uuz2t96k.cloudfront.net/pdf/ec-council/CHFI-Exam-Objectives.pdf
- https://www.payscale.com/research/US/Certification=Computer_Hacking_Forensic_Investigator_(CHFI)/Salary
In this Series
- Computer Forensics: The Computer Hacking Forensics Investigator (CHFI) Certification
- Digital forensics and cybersecurity: Setting up a home lab
- Top 7 tools for intelligence-gathering purposes
- iOS forensics
- Kali Linux: Top 5 tools for digital forensics
- Snort demo: Finding SolarWinds Sunburst indicators of compromise
- Memory forensics demo: SolarWinds breach and Sunburst malware
- Digital forensics careers: Public vs private sector?
- Email forensics: desktop-based clients
- What is a Honey Pot? [updated 2021]
- Email forensics: Web-based clients
- Email analysis
- Investigating wireless attacks
- Wireless networking fundamentals for forensics
- Protocol analysis using Wireshark
- Wireless analysis
- Log analysis
- Network security tools (and their role in forensic investigations)
- Sources of network forensic evidence
- Network Security Technologies
- Network Forensics Tools
- The need for Network Forensics
- Network Forensics Concepts
- Networking Fundamentals for Forensic Analysts
- Popular computer forensics top 19 tools [updated 2021]
- 7 best computer forensics tools [updated 2021]
- Spoofing and Anonymization (Hiding Network Activity)
- Browser Forensics: Safari
- Browser Forensics: IE 11
- Browser Forensics: Firefox
- Browser forensics: Google chrome
- Webinar summary: Digital forensics and incident response — Is it the career for you?
- Web Traffic Analysis
- Network forensics overview
- Eyesight to the Blind – SSL Decryption for Network Monitoring [Updated 2019]
- Gentoo Hardening: Part 4: PaX, RBAC and ClamAV [Updated 2019]
- Computer forensics: FTK forensic toolkit overview [updated 2019]
- The mobile forensics process: steps and types
- Free & open source computer forensics tools
- An Introduction to Computer Forensics
- Common mobile forensics tools and techniques
- Computer forensics: Chain of custody [updated 2019]
- Computer forensics: Network forensics analysis and examination steps [updated 2019]
- Computer Forensics: Overview of Malware Forensics [Updated 2019]
- Incident Response and Computer Forensics
- Computer Forensics: Memory Forensics
- Comparison of popular computer forensics tools [updated 2019]
- Computer Forensics: Forensic Analysis and Examination Planning
- Computer forensics: Operating system forensics [updated 2019]
- Computer Forensics: Mobile Forensics [Updated 2019]
- Computer Forensics: Digital Evidence [Updated 2019]
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Digital forensics
Digital forensics
Digital forensics
Digital forensics