Transcription
EC-CouncilTMC HFIComputerHacking ForensicINVESTIGATORCHFI Exam Blueprint v3CHFI Exam Blueprint v2.11
DomainsSub DomainDescription1. Forensic ScienceUnderstand differenttypes of cybercrimesand list variousforensicinvestigationschallenges Understand thefundamentals ofcomputer forensicsand determine theroles andresponsibilities offorensic investigators 1 PageTypes of Computer CrimesImpact of Cybercrimes atOrganizational LevelCyber Crime InvestigationChallenges Cyber CrimesPresent for InvestigatorsNetwork AttacksIndicators of Compromise (IOC)Web Application ThreatsChallenges in Web ApplicationForensicsIndications of a Web AttackWhat is Anti-Forensics?Anti-Forensics TechniquesUnderstanding ComputerForensicsNeed for Computer ForensicsWhy and When Do You UseComputer Forensics?Forensic ReadinessForensic Readiness andBusiness ContinuityForensics Readiness PlanningIncident ResponseComputer Forensics as part ofIncident Response PlanOverview of Incident ResponseProcess FlowRole of SOC in ComputerForensicsNeed for Forensic InvestigatorRoles and Responsibilities ofForensics InvestigatorWhat makes a Good ComputerForensics Investigator?Code of EthicsAccessing Computer ForensicsResourcesOther Factors That InfluenceForensic InvestigationsIntroduction to WebApplication ForensicsNumber ofQuestions7Weightage7Computer Hacking Forensic Investigator Copyright by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.18%
Understand dataacquisition conceptsand rules Understand thefundamentalconcepts andworking ofdatabases, cloudcomputing, Emails,IOT, Malware (fileand fileless), anddark web 2 PageIntroduction to NetworkForensicsPostmortem and Real-TimeAnalysUnderstanding Data AcquisitionLive AcquisitionOrder of VolatilityDead AcquisitionRules of Thumb for DataAcquisitionTypes of Data AcquisitionDetermine the Data AcquisitionFormatUnderstanding Dark WebTOR RelaysHow TOR Browser worksTOR Bridge NodeInternal architecture of MySQLStructure of data directoryIntroduction to CloudComputingTypes of Cloud ComputingServicesCloud Deployment ModelsCloud Computing ThreatsCloud Computing AttacksIntroduction to an emailsystemComponents involved in emailcommunicationHow email communicationworksUnderstanding parts of anemail messageIntroduction to MalwareComponents of MalwareCommon Techniques AttackersUse to Distribute Malwareacross WebIntroduction to FilelessMalwareInfection Chain of FilelessMalwareHow Fileless Attack Works viaMemory Exploits67Computer Hacking Forensic Investigator Copyright by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
2. Regulations, Policies andEthicsUnderstand rulesand regulationspertaining to search& seizure of theevidence, andevidenceexamination Understand differentlaws and legal issuesthat impact forensicinvestigations 3. Digital Evidence3 PageUnderstand thefundamentalcharacteristics andtypes of digitalevidence How Fileless Attack HappensVia WebsitesHow Fileless Attack HappensVia DocumentsWhat is IoT?IoT ArchitectureIoT Security ProblemsOWASP Top 10 VulnerabilitiesIoT ThreatsIoT Attack Surface AreasRules of EvidenceBest Evidence RuleFederal Rules of EvidenceScientific Working Group onDigital Evidence (SWGDE)ACPO Principles of DigitalEvidenceSeeking ConsentObtaining Witness SignaturesObtaining Warrant for Searchand SeizureSearches Without a WarrantInitial Search of the ScenePreserving EvidenceChain of CustodySanitize the Target MediaRecords of RegularlyConducted Activity as EvidenceDivision of ResponsibilitiesComputer Forensics: LegalIssuesComputer Forensics: PrivacyIssuesComputer Forensics and LegalComplianceOther Laws that May InfluenceComputer ForensicsU.S. Laws Against Email Crime:CAN-SPAM ActIntroduction to Digital EvidenceTypes of Digital EvidenceCharacteristics of DigitalEvidenceRole of Digital EvidenceSources of Potential Evidence1215%115Computer Hacking Forensic Investigator Copyright by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.17%
Understand thefundamentalconcepts andworking of desktopand mobileOperating Systems 4 PageUnderstanding Hard DiskUnderstanding Solid State Drive(SSD)RAID Storage SystemNAS/SAN StorageDisk InterfacesLogical Structure of DisksWhat is the Booting Process?Essential Windows System FilesWindows Boot Process: BIOSMBR MethodWindows Boot Process: UEFIGPTMacintosh Boot ProcessLinux Boot ProcessWindows File SystemsLinux File SystemsMac OS X File SystemsMAC Forensics DataMAC Log FilesMAC DirectoriesCD-ROM / DVD File SystemVirtual File System (VFS) andUniversal Disk Format FileSystem (UDF)Architectural Layers of MobileDevice EnvironmentAndroid Architecture StackAndroid Boot ProcessiOS ArchitectureiOS Boot ProcessMobile Storage and EvidenceLocationsMobile Phone EvidenceAnalysisData Acquisition MethodsComponents of CellularNetworkDifferent Cellular NetworksCell Site Analysis: AnalyzingService Provider DataCDR ContentsSubscriber Identity Module(SIM)5Computer Hacking Forensic Investigator Copyright by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Understand differenttypes of logs andtheir importance inforensicinvestigations Understand variousencoding standardsand analyze variousfile types 5 PageDifferent types of networkbased evidenceUnderstanding EventsTypes of Logon EventsEvent Log File FormatOrganization of Event RecordsELF LOGFILE HEADERstructureEventLogRecord StructureWindows 10 Event LogsOther Audit EventsEvaluating AccountManagement EventsLog files as evidenceLegal criteria for admissibilityof logs as evidenceGuidelines to ensure log filecredibility and usabilityEnsure log file authenticityMaintain log file integrityImplement centralized logmanagementIIS Web Server ArchitectureIIS LogsAnalyzing IIS LogsApache Web ServerArchitectureApache Web Server LogsApache Access LogsApache Error LogsCharacter Encoding Standard:ASCIICharacter Encoding Standard:UNICODEOFFSETUnderstanding Hex EditorsUnderstanding HexadecimalNotationImage File Analysis: JPEGImage File Analysis: BMPUnderstanding EXIF dataHex View of Popular Image FileFormatsPDF File AnalysisWord File Analysis65Computer Hacking Forensic Investigator Copyright by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Understand thefundamentalworking of WAF andMySQL Database 4. Procedures andMethodologyUnderstand ForensicInvestigation Process 6 PagePowerPoint File AnalysisExcel File AnalysisHex View of Other Popular FileFormatsWeb Application Firewall (WAF)Benefits of WAFLimitations of WAFData Storage in SQL ServerDatabase Evidence RepositoriesMySQL ForensicsViewing the InformationSchemaMySQL Utility Programs forForensic AnalysisForensic investigation processImportance of the Forensicinvestigation processSetting up a computer forensicslabBuilding the investigation teamUnderstanding the hardwareand software requirements of aforensic labValidating laboratory softwareand hardwareEnsuring quality assuranceFirst response basicsFirst response by non-forensicsstaffFirst response bysystem/network administratorsFirst response by laboratoryforensics staffDocumenting the electroniccrime sceneSearch and seizureEvidence preservationData acquisitionData analysisCase analysisReportingTestify as an expert witnessGenerating InvestigationReportMobile Forensics Process56Computer Hacking Forensic Investigator Copyright by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.17%
Understand themethodology toacquire data fromdifferent types ofevidence IllustrateImage/EvidenceExamination andEvent Correlation 7 PageMobile Forensics ReportTemplateSample Mobile ForensicAnalysis WorksheetData Acquisition MethodologyStep 1: Determine the BestData Acquisition MethodStep 2: Select the DataAcquisition ToolStep 3: Sanitize the TargetMediaStep 4: Acquire Volatile DataAcquire Data From a Hard DiskRemote Data AcquisitionStep 5: Enable Write Protectionon the Evidence MediaStep 6: Acquire Non-VolatileDataStep 7: Plan for ContingencyStep 8: Validate DataAcquisition UsingCollecting Volatile InformationCollecting Non-VolatileInformationCollecting Volatile DatabaseDataCollecting Primary Data File andActive Transaction Logs UsingSQLCMDCollecting Primary Data File andTransaction LogsCollecting Active TransactionLogs Using SQL ServerManagement StudioCollecting Database Plan CacheCollecting Windows LogsCollecting SQL Server TraceFilesCollecting SQL Server Error LogsGetting an Image Ready forExaminationViewing an Image on aWindows, Linux and MacForensic WorkstationsWindows Memory Analysis76Computer Hacking Forensic Investigator Copyright by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Explain Dark Weband MalwareForensics 5. Digital ForensicsReview Various AntiForensic Techniquesand Ways to DefeatThem 8 PageWindows Registry AnalysisFile System Analysis UsingAutopsyFile System Analysis Using TheSleuth Kit (TSK)Event CorrelationTypes of Event CorrelationPrerequisites of EventCorrelationEvent Correlation ApproachesDark web forensicsIdentifying TOR BrowserArtifacts: Command PromptIdentifying TOR BrowserArtifacts: Windows RegistryIdentifying TOR BrowserArtifacts: Prefetch FilesIntroduction to MalwareForensicsWhy Analyze Malware?Malware Analysis ChallengesIdentifying and ExtractingMalwareProminence of Setting up aControlled Malware AnalysisLabPreparing Testbed for MalwareAnalysisSupporting Tools for MalwareAnalysisGeneral Rules for MalwareAnalysisDocumentation Before AnalysisTypes of Malware AnalysisAnti-Forensics Technique:Data/File DeletionWhat Happens When a File isDeleted in Windows?Recycle Bin in WindowsFile CarvingAnti-Forensics Techniques:Password ProtectionBypassing Passwords onPowered-off Computer64Computer Hacking Forensic Investigator Copyright by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.17%
Analyze Various FilesAssociated withWindows and Linuxand Android Devices Analyze various logsand performnetwork forensics to9 Page Anti-Forensics Technique:SteganographyAnti-Forensics Technique:Alternate Data StreamsAnti-Forensics Techniques: TrailObfuscationAnti-Forensics Technique:Artifact WipingAnti-Forensics Technique:Overwriting Data/MetadataAnti-Forensics Technique:EncryptionAnti-Forensics Technique:Program PackersAnti-Forensics Techniques thatMinimize FootprintAnti-Forensics Technique:Exploiting Forensics Tools BugsAnti-Forensics Technique:Detecting Forensic rensics ToolsWindows File AnalysisMetadata InvestigationWindows ShellBagsAnalyze LNK FilesAnalyze Jump ListsEvent logsFile System Analysis using TheSleuth Kit (TSK)Linux Memory ForensicsAPFS File System Analysis:Biskus APFS CaptureParsing metadata on SpotlightLogical Acquisition of AndroidDevicesPhysical Acquisition of AndroidDevicesSQLite Database ExtractionChallenges in Mobile ForensicsAnalyzing Firewall LogsAnalyzing IDS LogsAnalyzing Honeypot Logs34Computer Hacking Forensic Investigator Copyright by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
investigate networkattacks 10 P a g eAnalyzing Router LogsAnalyzing DHCP LogsWhy investigate NetworkTraffic?Gathering evidence via SniffersSniffing Tool: TcpdumpSniffing Tool: WiresharkAnalyze Traffic for TCP SYNflood DOS attackAnalyze Traffic for SYN-FINflood DOS attackAnalyze traffic for FTPpassword cracking attemptsAnalyze traffic for SMBpassword cracking attemptsAnalyze traffic for sniffingattemptsAnalyze traffic to detectmalware activityCentralized Logging Using SIEMSolutionsSIEM Solutions: SplunkEnterprise Security (ES)SIEM Solutions: IBM SecurityQRadarExamine Brute-Force AttacksExamine DoS AttackExamine Malware ActivityExamine data exfiltrationattempts made through FTPExamine network scanningattemptsExamine ransomware attackDetect rogue DNS server (DNShijacking/DNS spoofing)Wireless network securityvulnerabilitiesPerforming attack andvulnerability monitoringDetect a rogue access pointDetect access point MACspoofing attemptsDetect misconfigured accesspointDetect honeypot access pointsComputer Hacking Forensic Investigator Copyright by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Analyze Various Logsand Perform WebApplication Forensicsto Examine VariousWeb Based Attacks Perform Forensics onDatabases, DarkWeb, Emails, Cloudand IoT devices 11 P a g eDetect signal jamming attackInvestigating Cross-SiteScripting AttackInvestigating SQL InjectionAttackInvestigating DirectoryTraversal AttackInvestigating CommandInjection AttackInvestigating ParameterTampering AttackInvestigating XML ExternalEntity AttackInvestigating Brute ForceAttackInvestigating Cookie PoisoningAttackDatabase Forensics Using SQLServer Management StudioDatabase Forensics UsingApexSQL DBACommon Scenario forReferenceMySQL Forensics forWordPress Website Database:Scenario 1MySQL Forensics forWordPress Website Database:Scenario 2Tor Browser Forensics:Memory AcquisitionCollecting Memory DumpsMemory Dump Analysis: BulkExtractorForensic Analysis of MemoryDumps to Examine EmailArtifacts (Tor Browser Open)Forensic Analysis of Storage toAcquire the Email Attachments(Tor Browser Open)Forensic Analysis of MemoryDumps to Examine EmailArtifacts (Tor Browser Closed)43Computer Hacking Forensic Investigator Copyright by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Perform Static andDynamic MalwareAnalysis in aSandboxedEnvironmentAnalyze MalwareBehavior on Systemand Network Level,and Analyze FilelessMalware 12 P a g eForensic Analysis of Storage toAcquire the Email Attachments(Tor Browser Closed)Forensic Analysis: Tor BrowserUninstalledDark Web Forensics ChallengesIntroduction to email crimeinvestigationSteps to investigate emailcrimesDivision of ResponsibilitiesWhere Is the Data Stored inAzure?Logs in AzureAcquiring A VM in MicrosoftAzureAcquiring A VM Snapshot UsingAzure PortalAcquiring A VM Snapshot UsingPowerShellAWS ForensicsWearable IoT Device:SmartwatchIoT Device Forensics: SmartSpeaker-Amazon EchoMalware Analysis: StaticAnalyzing Suspicious MS OfficeDocumentAnalyzing Suspicious PDFDocumentMalware Analysis: DynamicSystem Behavior Analysis:Monitoring Registry ArtifactsSystem Behavior Analysis:Monitoring ProcessesSystem Behavior Analysis:Monitoring Windows ServicesSystem Behavior Analysis:Monitoring Startup ProgramsSystem Behavior Analysis:Monitoring Windows EventLogsSystem Behavior Analysis:Monitoring API Calls34Computer Hacking Forensic Investigator Copyright by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
6. Tools/Systems/Programs Identify various toolsto investigateOperating Systemsincluding Windows,Linux, Mac, Androidand iOS 13 P a g eSystem Behavior Analysis:Monitoring Device DriversSystem Behavior Analysis:Monitoring Files and FoldersNetwork Behavior Analysis:Monitoring Network ActivitiesNetwork Behavior Analysis:Monitoring PortNetwork Behavior Analysis:Monitoring DNSFileless Malware Analysis:EmotetEmotet Malware AnalysisEmotet Malware Analysis:Timeline of the Infection ChainFile System Analysis ToolsFile Format Analyzing ToolsVolatile Data Acquisition ToolsNon-Volatile Data AcquisitionToolsData Acquisition ValidationToolsTools for Examining Images onWindowsTools for Examining Images onLinuxTools for Examining Images onMacTools for Carving Files onWindowsTools for Carving Files on LinuxTools for Carving Files on MacRecovering Deleted Partitions:Using R-StudioRecovering Deleted Partitions:Using EaseUS Data RecoveryWizardPartition Recovery ToolsUsing Rainbow Tables to CrackHashed PasswordsPassword Cracking Using:L0phtCrack and OphcrackPassword Cracking Using Cain& Abel and RainbowCrack13Computer Hacking Forensic Investigator Copyright by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.16%
14 P a g ePassword Cracking Usingpwdump7Password Cracking ToolsTool to Reset Admin PasswordSteganography Detection ToolsDetecting Data Hiding in FileSystem Structures UsingOSForensicsADS Detection ToolsDetecting File ExtensionMismatch using AutopsyTools to detect OverwrittenData/MetadataProgram Packers UnpackingToolsUSB Device Enumeration usingWindows PowerShellTools to Collect VolatileInformationTools to Non-Collect VolatileInformationTools to perform windowsmemory and registry analysisTools to examine the cache,Cookie and history recorded inweb browsersTools to Examine WindowsFiles and MetadataTools to Examine ShellBags,LNK files and Jump ListsTools to Collect VolatileInformation on LinuxTools to Collect Non-VolatileInformation on LinuxLinux File system Analysis ToolsTools to Perform Linux MemoryForensicsAPFS File System AnalysisParsing metadata on SpotlightMAC Forensic ToolsNetwork Traffic InvestigationToolsIncident Detection andExamination with SIEM toolsComputer Hacking Forensic Investigator Copyright by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Determine thevarious tools toinvestigate MSSQL,MySQL, Azure, AWS,Emails and IoTdevices 15 P a g eDetect and Investigate VariousAttacks on Web Applications byExamining Various LogsTools to Identify TOR ArtifactsTools to Acquire MemoryDumpsTools to Examine the MemoryDumpsTools to Perform StaticMalware AnalysisTools to Analyze SuspiciousWord and PDF documentsTools to Perform StaticMalware AnalysisTools to Analyze MalwareBehavior on a SystemTools to Analyze MalwareBehavior on a NetworkTools to Perform LogicalAcquisition on Android and iOSdevicesTools to Perform PhysicalAcquisition on Android and iOSdevicesTools to Collect and Examinethe Evidence Files on MSSQLServerTools to Collect and Examinethe Evidence Files on MySQLServerInvestigating Microsoft AzureInvestigating AWSTools to Acquire Email DataTools to Acquire Deleted EmailsTools to Perform Forensics onIoT devices11Computer Hacking Forensic Investigator Copyright by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
fundamentals of computer forensics and determine the roles and responsibilities of forensic investigators Understanding Computer Forensics Need for Computer Forensics Why and When Do You Use Computer Forensics? Forensic Readiness Forensic Readiness and Business Continuity Forensics Readiness Planning Incident Response
