You are previewing CHFI Computer Hacking Forensic Investigator Certification All-in-One Exam Guide.
O'Reilly logo
CHFI Computer Hacking Forensic Investigator Certification All-in-One Exam Guide

Book Description

An all-new exam guide for version 8 of the Computer Hacking Forensic Investigator (CHFI) exam from EC-Council

Get complete coverage of all the material included on version 8 of the EC-Council's Computer Hacking Forensic Investigator exam from this comprehensive resource. Written by an expert information security professional and educator, this authoritative guide addresses the tools and techniques required to successfully conduct a computer forensic investigation. You'll find learning objectives at the beginning of each chapter, exam tips, practice exam questions, and in-depth explanations. Designed to help you pass this challenging exam, this definitive volume also serves as an essential on-the-job reference.

CHFI Computer Hacking Forensic Investigator Certification All-in-One Exam Guide covers all exam topics, including:

  • Computer forensics investigation process
  • Setting up a computer forensics lab
  • First responder procedures
  • Search and seizure laws
  • Collecting and transporting digital evidence
  • Understanding hard disks and file systems
  • Recovering deleted files and partitions
  • Windows forensics
  • Forensics investigations using the AccessData Forensic Toolkit (FTK) and Guidance Software's EnCase Forensic
  • Network, wireless, and mobile forensics
  • Investigating web attacks
  • Preparing investigative reports
  • Becoming an expert witness

Electronic content includes:

  • 300 practice exam questions
  • Test engine that provides full-length practice exams and customized quizzes by chapter or by exam domain
  • PDF copy of the book

Table of Contents

  1. Cover
  2. Title
  3. Copyright Page
  4. Dedication
  5. About the Author
  6. Contents at a Glance
  7. Contents
  8. Acknowledgments
  9. Introduction
  10. Chapter 1 Computer Forensics Today
    1. So What Is This Computer Forensics Business Anyway?
      1. The History of Computer Forensics
      2. Objectives and Benefits
    2. Corporate vs. Criminal Investigations
      1. The Forensics Investigator
    3. Chapter Review
      1. Questions
      2. Answers
    4. References
  11. Chapter 2 The Nature of Digital Evidence
    1. What Is Digital Evidence?
    2. Anti-Digital Forensics
    3. Locard’s Exchange Principle
    4. Federal Rules of Evidence (FRE)
      1. Computer-Generated vs. Computer-Stored Records
      2. Essential Data
    5. Best Evidence
    6. International Principles of Computer Evidence
      1. International Organization on Computer Evidence
      2. Scientific Working Group on Digital Evidence
    7. Evidence Collection
      1. IOCE Guidelines for Recovering Digital Forensic Evidence
    8. The Scientific Method
      1. Consider a Scenario
      2. Exculpatory Evidence
    9. Chapter Review
      1. Questions
      2. Answers
    10. References
  12. Chapter 3 The Investigation Process
    1. The Process Is Key
      1. Overview
      2. Before the Investigation
      3. Preparing the Investigation
      4. Seizing the Evidence
      5. Analyzing the Evidence
      6. Reporting and Testifying
    2. Chapter Review
      1. Questions
      2. Answers
    3. References
  13. Chapter 4 Computer Forensics Labs
    1. What Services Are You Offering?
      1. Staffing Requirements and Planning
      2. Becoming Certified
    2. Setting Up Your Lab
      1. Physical Location Needs
    3. Software Requirements
    4. Hardware Requirements
      1. Field Tools
      2. Lab Hardware
    5. Other Considerations
    6. Chapter Review
      1. Questions
      2. Answers
    7. References
  14. Chapter 5 Getting the Goods
    1. Searching and Seizing Computers
      1. Is Your Search and Seizure Unwarranted?
      2. You Have a Warrant
      3. Electronic Surveillance
      4. Post-seizure Issues
    2. First Responder Procedures
      1. First on the Scene
      2. Managing the Crime Scene
      3. Collecting and Transporting the Evidence
      4. Collecting and Preserving Electronic Evidence
      5. The Crime Scene Report
      6. A Checklist for First Responders
    3. Data Acquisition and Duplication
      1. Data Acquisition: A Definition
      2. Static vs. Live Acquisition
      3. Validating the Acquisition
      4. Acquisition Issues: SSDs, RAID, and Cloud
      5. Concepts in Practice: Data Acquisition Software and Tools
    4. Chapter Review
      1. Questions
      2. Answers
    5. References
  15. Chapter 6 Spinning Rust
    1. Disk Drives and File Systems
      1. Everything You Wanted to Know About Disk Drives
      2. File Systems
      3. Getting the Boot
      4. Booting from a Live CD
    2. Recovering Deleted Files and Partitions
      1. Recovering Disk Partitions
      2. Recovering File Systems and Files
      3. Theory into Practice: File and Partition Recovery Tools
    3. Steganography and Graphics File Formats
      1. Graphics Files
      2. Steganography
      3. Theory into Practice: Graphics File Tools and Steganography Detection Tools
    4. Chapter Review
      1. Questions
      2. Answers
    5. References
  16. Chapter 7 Windows Forensics
    1. Windows Forensics Analysis
      1. Live Investigations: Volatile Information
      2. Live Investigations: Nonvolatile Information
      3. Forensic Investigation of a Windows System
      4. Windows Log Analysis
      5. Windows Password Storage
      6. Theory into Practice: Forensics Tools for Windows
    2. Cracking Passwords
      1. Passwords: The Good, the Bad, and the Ugly
      2. Password-Cracking Types
      3. Theory into Practice: Password-Cracking Tools
    3. Chapter Review
      1. Questions
      2. Answers
    4. References
  17. Chapter 8 Forensic Investigations
    1. Forensic Investigations
      1. Installation and Configuration
      2. Creating the Case and Adding Data
      3. Analyzing the Data
      4. Generating the Report
    2. Choosing the Proper Forensic Software
    3. Forensic Investigations Using FTK
      1. Installation and Configuration
      2. Creating the Case and Adding Data
      3. Analyzing the Data
      4. Generating the Report
    4. Forensic Investigations Using EnCase
      1. Installation and Configuration
      2. Creating the Case and Adding Data
      3. Analyzing the Data
      4. Generating the Report
      5. So Did We Get the Evidence We Need?
    5. Which One to Choose?
    6. Chapter Review
      1. Questions
      2. Answers
    7. References
  18. Chapter 9 Network Forensics
    1. Network Forensics: A Definition
    2. Network Forensics and Wired Networks
      1. Investigating Network Traffic
      2. Network Forensics: Attack and Defend
      3. Network Security Monitoring
      4. Theory into Practice: Network Forensic Tools
    3. Network Forensics and Wireless Networks
      1. What’s Different About Wireless?
      2. The Saga of Wireless Encryption
      3. Investigating Wireless Attacks
      4. Theory into Practice: Wireless Forensic Tools
    4. Log Capturing and Event Correlation
      1. Logs, Logs, Logs
      2. Legal Issues and Logging
      3. Synchronizing Time
      4. SIM, SEM, SIEM—Everybody Wants One
      5. Theory into Practice: Log Capturing and Analysis Tools
    5. Chapter Review
      1. Questions
      2. Answers
    6. References
  19. Chapter 10 Mobile Forensics
    1. Cellular Networks
      1. Cellular Data
    2. Mobile Devices
      1. PDAs
      2. Plain Ol’ Cell Phones
      3. Music Players (Personal Entertainment Devices)
      4. Smart Phones
      5. Tablets and Phablets
      6. What Can Criminals Do with Mobile Phones?
    3. Retrieving the Evidence
      1. Challenges in Mobile Forensics
      2. Precautions to Take Before Investigating
      3. The Process in Mobile Forensics
    4. Theory into Practice: Mobile Forensic Tools
    5. Chapter Review
      1. Questions
      2. Answers
    6. References
  20. Chapter 11 Attacking Applications
    1. Web-based Attacks
      1. Web Applications: A Definition
      2. Mounting the Attack
      3. Web Applications: Attack and Defend
      4. Web Tools
      5. Follow the Logs
      6. Investigating the Breach
    2. E-mail Attacks
      1. E-mail Architecture
      2. E-mail Crimes
      3. Laws Regarding E-mail
      4. E-mail Headers and Message Structure
      5. E-mail Investigation
      6. Concepts in Practice: E-mail Forensic Tools
    3. Chapter Review
      1. Questions
      2. Answers
    4. References
  21. Chapter 12 The Whole Truth, and Nothing But the Truth
    1. Can I Get a Witness?
      1. Technical vs. Expert Witnesses
      2. Pre-trial Report Preparation
      3. I Just Want to Testify
    2. Writing a Good Report
      1. What Makes an Effective Report?
      2. Documenting the Case
      3. Theory into Practice: Generating a Report
      4. Do’s and Don’ts for a DFI
      5. Resting the Case
    3. Chapter Review
      1. Questions
      2. Answers
    4. References
  22. Appendix A Acronyms
  23. Appendix B About the Download
    1. System Requirements
    2. Installing and Running Total Tester
      1. About Total Tester
    3. Technical Support
  24. Glossary
  25. Index