312-49 V8 : CHFI v8 - Computer Hacking Forensic Investigator

CHFI v8 - Computer Hacking Forensic Investigator
ISBN : 978-1-61691-150-8
Gain hands-on expertise in EC-Council Computer Hacking Forensic Investigator: 312-49v8 exam with Computer Hacking Forensic Investigator course. The course covers all the objectives of the 312-49v8 exam and provides competence across a spectrum of skills including computer forensics, digital evidence, steganography, application password crackers, log capturing, event correlation, investigation of various attacks, and much more.


uCertify uses content from well known publishers, instructors, and subject matter experts. They have a minimum of 15 years of experience in their fields. uCertify brings these textbooks to life. It is full of interactive activities that keep the learner engaged. uCertify brings all available learning resources for a topic in one place so that the learner can efficiently learn without going to multiple places. Challenge questions are also embedded in the chapters so learners can attempt those while they are learning about that particular topic. This helps them grasp the concepts better because they can go over it again right away which improves learning. At the end of every lesson, uCertify courses guide the learners on the path they should follow.

uCertify platform supports 50+ different types of interactive activities, connect the idea, or try it yourself lab activities embedded throughout its course. These interactive activities keep learners engaged and make learning fun.

Here's What You Get

Exercises Flashcards Quizzes Glossary

Each lesson comes with Exercises, Flashcards & Quizzes. There is no limit to the number of times learners can attempt these. Exercises come with detailed remediation, which ensures that learners are confident on the topic before proceeding. Flashcards help master the key concepts. Glossary defines the key terms.

Exercise Questions
Glossary of terms

Test Prep & Practice Questions

uCertify provides full length practice tests. These tests closely follow the exam objectives and are designed to simulate real exam conditions. Each course has a number of test sets consisting of hundreds of items to ensure that learners are prepared for the certification exam.

Here's What You Get

Pre-assessments Questions
Full Length Tests
Post-Assessments Questions


Full Remediation

Each question comes with detailed remediation explaining not only why an answer option is correct but also why the incorrect answer options are incorrect.

Unlimited Practice

Each test can be taken unlimited number of times until the learner feels they are prepared. Learner can review the test and read detailed remediation. Detailed test history is also available.

Learn, Test and Review Mode

Each test set comes with learn, test and review modes. In learn mode, learners will attempt a question and will get immediate feedback and complete remediation as they move on to the next question. In test mode, learners can take a timed test simulating the actual exam conditions. In review mode, learners can read through one item at a time without attempting it.


Mentoring is Add-on licence, please select while purchasing. Our Mentors are available 24/7 to provide you an expert support via online chating. They are subject matter experts and ready to provide answer to your questions.

Exam Information

The EC-Council Computer Hacking Forensic Investigator exam is a standalone certification from EC-Council with the exam code 312-49.

The certification is targeted at law enforcement personnel, system administrators, security officers, defense and military personnel, legal professionals, bankers, security professionals and anyone who is concerned about the integrity of the network infrastructure. The exam covers computer forensics, digital evidence, rules of evidence, digital evidence examination process, password cracking concepts, and log capturing techniques.

Prepare for the following certification

Career Prospects

An EC-Council Computer Hacking Forensic Investigator Certified Professional has several career opportunities open up to them, including:

  • Systems Engineer
  • Systems Architect
  • Network Security Specialist
  • Licensed Penetration Tester
  • Computer Forensics Investigator
Exam FAQs
What is the exam registration fee?
USD 500

Pricing and taxes may vary from country to country.

Where do I take the exam?

The EC-Council 312-49-v8 exam is administered by Prometric and Pearson Vue at testing centers worldwide.

  • For Prometric: Click here to find a testing center near you.
  • For Pearson: Click here to find a testing center near you.
What is the format of the exam?
The exam consists of multiple choice questions.
What are the pre-requisites of the exam?
While there are no official pre-requisites for the CHFI certification, both EC-Council and uCertify strongly recommend that the candidate have attended the CEH class before enrolling into CHFI Program and have a good understanding of modern operating system, networking, and security fundamentals.
How many questions are asked in the exam?
The exam contains 150 questions.
What is the duration of the exam?
240 minutes
What is the passing score?

(on a scale of 0-1000)

What is the exam's retake policy?

In the event that you fail your first attempt at passing the EC-Council Computer Hacking Forensic Investigator certification, 's retake policy is:

  • If a candidate is not able to pass the exam on the first attempt, no waiting period is required to attempt the exam for the second time
  • If a candidate is not able to pass the exam in second attempt, a waiting period of 14 days is required
  • If a candidate is not able to pass the third attempt, a waiting period of 14 days is required
  • If a candidate is not able to pass the fourth attempt, a waiting period of 14 days is required
  • A candidate is not allowed to take a given exam more than five times in a 12 month period and a waiting period of 12 months will be imposed before being allowed to attempt the exam for the sixth time
  • Candidates who pass the exam are not allowed to attempt the same version of the exam for the second time
  • Candidate can purchase from EC-Council (VUE &Prometric APTC vouchers) or EC-Council Test Centers (Prometric Prime vouchers) to retake the exam at the cost of $500
What is the validity of the certification?
EC-Council Computer Hacking Forensic Investigator v8 certification expires two years from date of issue, after which the certification holder will need to renew their certification. Click here for more information.
Where can I find more information about this exam?
To know more about the 312-49-v8, click here.

Table of Content

Here's What you will Learn

Lesson 1: Computer Forensics in Today's World

  • Define computer forensics
  • Discuss the evolution of computer forensics
  • Explain the objectives and benefits of computer forensics
  • Discuss forensic readiness planning in detail
  • Explain cybercrimes
  • Examine various computer crimes
  • What is cybercrime investigation?
  • Explain the key steps and rules in a forensic investigation
  • What is the role of a forensic investigator?
  • How to access computer forensics resources
  • Describe the role of digital evidence in forensic investigation
  • Understanding Corporate Investigations
  • Explain the key concepts of Enterprise Theory of Investigation (ETI)
  • Discuss various legal issues and reports related to computer forensic investigations

Lesson 2: Computer Forensics Investigation Process

  • Provide an overview of the computer crime investigation process
  • Describe computer forensics investigation methodology
  • Summarize the steps to prepare for a computer forensics investigation
  • How to obtain a search warrant
  • How to evaluate and secure a scene
  • How to collect and secure the evidence in a forensically sound manner
  • Explain the different techniques to acquire and analyze the data
  • Summarize the importance of evidence and case assessment
  • How to prepare the final investigation report
  • Testify in the Court as an Expert Witness
  • Explain about Computer Forensic Service Providers

Lesson 3: Searching and Seizing Computers

  • How to search and seize computers without a warrant
  • Discuss the Fourth Amendment's Reasonable Expectation of Privacy
  • What is consent and discuss the scope of consent
  • Summarize the steps involved in searching and seizing computers with a warrant
  • Examine the basic strategies for executing computer searches
  • Discuss the Privacy Protection Act
  • Describe drafting the warrant and affidavit
  • Explain the post-seizure issues
  • Describe the Electronic Communications Privacy Act
  • What is voluntary disclosure?
  • Electronic Surveillance in Communications Networks
  • Discuss how content is different from addressing information
  • Provide an overview of evidence and authentication

Lesson 4: Digital Evidence

  • Define digital evidence and explain its role in case of a computer security incident
  • Discuss the characteristics of digital evidence
  • What are the various types of digital data?
  • What is best evidence rule?
  • Discuss federal rules of evidence
  • Summarize the international principles for computer evidence
  • Discuss about the Scientific Working Group on Digital Evidence (SWGDE)
  • What are the considerations for collecting digital evidence from electronic crime scenes?
  • Provide an overview of digital evidence examination process and steps involved
  • Explain electronic crime and digital evidence consideration by crime category

Lesson 5: First Responder Procedures

  • Define electronic evidence
  • Who is first responder?
  • Provide an overview on how to collect and store electronic evidence
  • Describe first responder tool kit and how to create it
  • How to get first response from laboratory forensic staff
  • Provide an overview on how to collect and secure electronic evidence at the crime scene
  • Explain how to conduct preliminary interviews
  • How to document electronic crime scene
  • Explain how to collect and preserve electronic evidence
  • Explain how to package and transport electronic evidence in a forensically sound manner
  • How to prepare a report on the crime scene
  • Provide a checklist for the first responders
  • Discuss the first responder's common mistakes

Lesson 6: Computer Forensics Lab

  • How to set up a computer forensics lab
  • Discuss the investigative services in computer forensics
  • What are the basic hardware requirements in a forensics lab?
  • List and summarize various hardware forensic
  • Discuss the basic software requirements in a forensics lab
  • Summarize various software forensic tools

Lesson 7: Understanding Hard Disks and File Systems

  • What is a hard disk drive?
  • Explain solid-state drive (SSD)
  • Provide an overview of physical and logical structure of a hard disk
  • Describe the various types of hard disk interfaces
  • Examine the components of a hard disk
  • What are disk partitions?
  • Explain Windows and Macintosh boot process
  • What are file systems?
  • Explain various types of file systems
  • Provide an overview of Windows, Linux, Mac OS X, and Sun Solaris 10 file systems
  • Discuss about CD-ROM/DVD File System
  • Explain about RAID storage system and RAID levels
  • Explain file system analysis using the sleuth

Lesson 8: Windows Forensics

  • What is volatile information?
  • Explain what is network and process information
  • Define non-volatile information
  • Describe memory dump
  • Parsing Process Memory
  • Describe the different techniques for collecting non-volatile information
  • Explain various processes involved in forensic investigation of a Windows system
  • Provide an overview of IIS, FTP, and system firewall logs
  • Discuss the importance of audit events and event logs in Windows forensics
  • Explain the static and dynamic event log analysis techniques
  • Discuss different Windows password security issues such as password cracking
  • How to analyze restore point registry settings
  • Provide an overview of cache, cookie, and history analysis
  • How to evaluate account management events
  • How to search with Event Viewer
  • Discuss various forensics tools

Lesson 9: Data Acquisition and Duplication

  • Define data acquisition and explain various types of data acquisition systems
  • Explain various data acquisition formats and methods
  • How to determine a best acquisition method?
  • What is contingency planning for image acquisitions?
  • Describe static and live data acquisition
  • Provide an overview of volatile data collection methodology
  • Explain various types of volatile information
  • What are the requirements of the disk imaging tool?
  • How to validate data acquisitions
  • Discuss Linux and Windows validation methods
  • How to acquire RAID Disks
  • Examine the best practices of acquisition
  • List various data acquisition software and hardware tools

Lesson 10: Recovering Deleted Files and Deleted Partitions

  • Explain how to recover files in Windows, MAC, Linux, for Windows
  • Discuss file recovery tools for Windows, MAC, and Linux
  • How to identify creation date, last accessed date of a file, and deleted sub-directories
  • Steps to recover the deleted partitions and list partition recovery tools

Lesson 11: Forensics Investigation Using AccessData FTK

  • What is Forensic Toolkit (FTK) and discuss its various features
  • Explain FTK installation steps
  • Discuss about FTK Case Manager
  • How to restore an image to a disk?
  • Explain the FTK examiner user interface
  • How to verify drive image integrity
  • Discuss how to mount an image to a drive
  • Summarize the steps involved in creating a case
  • Discuss the functions of FTK interface tabs
  • Explain the steps involved in adding evidence to a case
  • How to acquire local live evidence
  • Explain the steps involved in acquiring data remotely using remote device management system (RDMS)
  • Discuss the steps involved in imaging drives
  • How to mount and unmount a device
  • Explain the steps involved in conducting an index search and live search
  • How to decrypt EFS Files and Folders

Lesson 12: Forensic Investigation Using EnCase

  • Provide an overview of EnCase forensic
  • Discuss EnCase, its uses, and functionality
  • Discuss about EnCase forensic modules
  • How to install EnCase forensic
  • Explain how to configure EnCase
  • Provide an overview of case structure
  • What is case management?
  • How to add a Device to a Case and how to acquire a Device
  • Explain the verification process of evidence files
  • What is a source processor?
  • Discuss how to analyze and search files
  • Describe how to view file content
  • Provide an overview on bookmarks
  • How to create various types of bookmark?
  • Explain how to create a report using the Report tab
  • How to export a Report

Lesson 13: Steganography and Image File Forensics

  • Summarize steganography and its types
  • List the application of steganography
  • Discuss various digital steganography techniques
  • What is Steganalysis?
  • How to detect steganography
  • List various steganography detection tools
  • Discuss about image file formats
  • How to compress data
  • How to process forensic image using MATLAB
  • Explain how to locate and recover image files
  • How to identify unknown file formats
  • List picture viewer tools and image file forensic tools

Lesson 14: Application Password Crackers

  • What are the terminologies used?
  • Explain the functionality of password crackers
  • Summarize various types of passwords
  • What is a password cracker?
  • How does a password cracker work?
  • Discuss various password cracking techniques
  • List various types of password attacks
  • List various system and application software password cracking
  • What are default passwords?
  • Discuss various password cracking tools

Lesson 15: Log Capturing and Event Correlation

  • What are computer security logs?
  • Discuss about logon events in Windows
  • What are IIS logs?
  • How to view the DHCP logs
  • What is ODBC logging?
  • Explain the legality of using logs
  • Explain log management
  • Discuss various challenges in log management
  • Centralized logging
  • Discuss about syslog
  • Why Synchronize Computer Times
  • What is NTP?
  • List various NIST time servers
  • Discuss various event correlation approaches
  • List various log capturing and analysis tools

Lesson 16: Network Forensics, Investigating Logs, and Investigating Network Traffic

  • Summarize network forensics concepts
  • Explain the network forensics analysis mechanism
  • What are intrusion detection systems (IDS)?
  • Define the terms firewall and honeypot
  • Discuss various network vulnerabilities
  • Explain various types of network attacks
  • Explain the new line injection attack and the timestamp injection attack
  • Where to look for evidence
  • How to handle logs as evidence
  • Explain how to condense a log file
  • Why to Investigate Network Traffic
  • How to acquire traffic using DNS poisoning techniques
  • Explain how to gather from the ARP table
  • List various traffic capturing and analysis tools

Lesson 17: Investigating wireless attacks

  • Discuss the advantages and disadvantages of wireless networks
  • List different components of wireless networks
  • What are the various types of wireless networks?
  • List various types of wireless standards
  • What is MAC filtering?
  • What is a Service Set Identifier (SSID)?
  • Discuss various types of wireless encryption
  • List various types of wireless attacks
  • How to investigate wireless attacks
  • What are the requirements of a tool design and summarize the best practices for wireless forensics
  • List various wireless forensics tools

Lesson 18: Investigating Web Attacks

  • What are Web applications?
  • Explain Web application architecture
  • Why Web servers are compromised
  • Provide an overview of Web logs
  • What are Internet Information Services (IIS) and Apache Web server Logs?
  • Discuss various types of Web attacks
  • How to investigate Web attacks?
  • Explain the investigation process of Web attacks in Windows-based servers
  • Describe how to investigate IIS and Apache logs
  • When does Web page defacement occur?
  • Discuss various security strategies to Web applications
  • List various Web attack detection tools
  • Discuss about various tools for locating an IP address

Lesson 19: Tracking E-mails and Investigating E-mail Crimes

  • Explain the terms E-mail system, E-mail client, E-mail server, and E-mail message
  • Discuss the importance of electronic records management
  • Discuss various types of E-mail crimes
  • Provide examples of E-mail header
  • List Common Headers
  • Why to Investigate E-mails
  • Discuss the steps involved in investigation of E-mail crimes
  • List various E-mail forensics tools
  • What are the different laws and acts against E-mail crimes?

Lesson 20: Mobile Forensics

  • List different mobile devices
  • What are the hardware and software characteristics of mobile devices?
  • What is a cellular network?
  • Provide an overview of mobile operating systems
  • Discuss various types of mobile operating systems
  • What a criminal can do with mobiles phones
  • Describe various mobile forensic challenges
  • Discuss various memory considerations in mobiles
  • What are the different precautions to be taken before an investigation?
  • Explain the process involved in mobile forensics
  • List various mobile forensic hardware and software tools

Lesson 21: Investigative Reports

  • Explain the importance of reports and need of an investigative report
  • Discuss the salient features of a good report
  • Provide computer forensic report template
  • How is a report classified
  • Provide layout of an investigative report
  • What are the guidelines for writing a report?
  • Provide an overview of an investigative report format
  • How to document a case report
  • What are the best practices for investigators?
  • How to write a report using FTK and ProDiscover

Lesson 22: Becoming an Expert Witness

  • What is an Expert witness?
  • Explain the role of an expert witness
  • Describe various types of expert witnesses
  • What is the scope of expert witness testimony?
  • Explain the differences between Technical Witness and Expert Witness
  • What are the various steps involved in evidence processing?
  • How to prepare a report
  • List the rules pertaining to an expert witness' qualification
  • How to testify in court
  • What are the general ethics while testifying?
  • How to testify during direct and cross-examination
  • How to find a computer forensic expert

uCertify provides courses, simulator, labs, test prep kits for IT certifications including Microsoft, Oracle, Cisco, CompTIA, CIW, PMI, ISC2, Linux, Zend, Google, IC3 , Adobe and many more.

© 2002-2017 uCertify. All Rights Reserved