CHFI Computer Hacking Forensic Investigator

Module 01: computer forensics in today’s world


1. forensic science
2. computer forensics
2. 1. security incident report
2. 2. aspects of organizational security
2. 3. evolution of computer forensics
2. 4. objectives of computer forensics
2. 5. need for computer forensics
2. 6. benefits of forensic readiness
2. 7. goals of forensic readiness
2. 8. forensic readiness planning
3. cyber crime
3. 1. cybercrime
3. 2. computer facilitated crimes
3. 3. modes of attacks
3. 4. examples of cyber crime
3. 5. types of computer crimes
3. 6. how serious were different types of incident?
3. 7. disruptive incidents to the business
3. 8. time spent responding to the security incident
3. 9. cost expenditure responding to the security incident
4. cyber crime investigation
4. 1. cyber crime investigation
4. 2. key steps in forensic investigation
4. 3. rules of forensics investigation
4. 4. need for forensic investigator
4. 5. role of forensics investigator
4. 6. accessing computer forensics resources
4. 7. role of digital evidence
4. 8. understanding corporate investigations
4. 9. approach to forensic investigation: a case study
4. 10. when an advocate contacts the forensic investigator, he specifies how to approach the crime scene
4. 11. where and when do you use computer forensics
5. enterprise theory of investigation (eti)
6. legal issues
7. reporting the results
module 02: computer forensics investigation process

1. investigating computer crime
1. 1. before the investigation
1. 2. build a forensics workstation
1. 3. building investigating team
1. 4. people involved in performing computer forensics
1. 5. review policies and laws
1. 6. forensics laws
1. 7. notify decision makers and acquire authorization
1. 8. risk assessment
1. 9. build a computer investigation toolkit
2. computer forensic investigation methodology
2. 1. steps to prepare for a computer forensic investigation
2. 2. obtain search warrant
2. 2. 1. example of search warrant
2. 2. 2. searches without a warrant
2. 3. evaluate and secure the scene
2. 3. 1. forensic photography
2. 3. 2. gather the preliminary information at scene
2. 3. 3. first responder
2. 4. collect the evidence
2. 4. 1. collect physical evidence
2. 4. 1. 1. evidence collection form
2. 4. 2. collect electronic evidence
2. 4. 3. guidelines in acquiring evidences
2. 5. secure the evidence
2. 5. 1. evidence management
2. 5. 2. chain of custody
2. 6. acquire the data
2. 6. 1. duplicate the data (imaging)
2. 6. 2. verify image integrity
2. 6. 3. recover lost or deleted data
2. 7. analyze the data
2. 7. 1. data analysis
2. 7. 2. data analysis tools
2. 8. assess evidence and case
2. 8. 1. evidence assessment
2. 8. 2. case assessment
2. 8. 3. processing location assessment
2. 8. 4. best practices
2. 9. prepare the final report
2. 9. 1. documentation in each phase
2. 9. 2. gather and organize information
2. 9. 3. writing the investigation report
2. 9. 4. sample report
2. 10. testify in the court as an expert witness
2. 10. 1. expert witness
2. 10. 2. testifying in the court room
2. 10. 3. closing the case
2. 10. 4. maintaining professional conduct
2. 10. 5. investigating a company policy violation
2. 10. 6. computer forensics service providers
module 03: searching and seizing of computers

1. searching and seizing computers without a warrant
1. 1. searching and seizing computers without a warrant
1. 2. § a: fourth amendment’s “reasonable expectation of privacy” in cases involving computers: general principles
1. 3. § a. 1: reasonable expectation of privacy in computers as storage devices
1. 4. § a. 3: reasonable expectation of privacy and third-party possession
1. 5. § a. 4: private searches
1. 6. § a. 5 use of technology to obtain