CHFI in 7/06

Viewing 10 reply threads
  • Author
    • #485

      I’m going to attend CHFI training in July and believe that it is an advanced level, computer forensic certification along with the GCFA (GIAC Computer Forensic Analyst). 

      Unlike other CF certs, the CHFI recommends taking the CEH to understand attack entry points into a network which seems to elevate the CHFI to include investigating a complete network.  Some of the modules specifically cover network analysis, network attacks, & gathering evidence on a network.

      Wish they had a lab component included for this exam! 

    • #9533
      Don Donzal

      I’m curious why you chose CHFI over some of the other forensics certs out there such as those listed here:

      I’m not saying that your choice is wrong. I’m just interested in how you came to that decision.


    • #9534

      Good question Don.

      The EnCE is vendor specific as it tailors to Encase, but doesn’t touch FTK, iLook, or other excellent tools out there. 

      The CCE appears to be more “basic” (haven’t taken it yet, but have read the info on their website) as it only requires basic PC knowledge.  Probably more for non-IT folks.

      The GCFA is a SANS course which most IT people know to be high-level as it covers incident response thoroughly w/ CF on the network level for IT pros.  Looks like the GCFA & the CHFI is on the same advanced level.


      Been pursuing CF training and came up with a plethora of unknown CF certs.  Many seem to focus on “buzz words” (w/ legitimate training too), but after reading the course modules I saw at what level their intended audience the cert was for.

      Also, another link that categorized many CF certs by difficulty level solidified my thoughts on the subject,289483,sid14_gci1044613,00.html#downloads

    • #9535

      CHFI Bootcamp Review

      Just got back from CHFI training at InfoSec Institute.  Needless to say, it’s impossible to cover ALL the objectives for the CHFI (EC-Council’s website) in one week and actually have lab time.  To complete that, it would require going over slides & perhaps seeing a demonstration done through the overhead projector. It’s a toss up between slides (less retention) or practical training (higher retention).  I’m glad they chose the latter.


      Pros & Personal Opinion
      Our lab manual was much larger than the CEH one as our class was about 60% labs.  Our primary tool was FTK although we used several others (even Helix!).  After taking the CEH class, I realized why many attackers get caught but moreso, how to circumvent digital forensics completely.  It’s not an indepth class investigating hacking intrusions (there’s no time), but more of a foundational one.  That would be a premier-type class for an experienced forensic pro who also had a deep understanding of penetration testing, shell scripting, web apps, and SysAdmin-level of understanding in M$ & Unix.  Do you guys see where I’m getting at?

      We did not have newbies to IT in our class as everyone had several years of experience working as Admins, programmers, developers, pen-testers, security, and even college students.  This was a good thing because we didn’t have to explain in great detail how TCP/IP worked, security controls (NIDS, HIDS, F/W), and anything beyond the A+ level.  Not trying to knock them, but I’m sure you guys can appreciate that.

      We were also given a licensed version of AccessData’s FTK (received it prior to class) as part of the class tuition.  Very intuitive forensic tool that excels in certain aspects over Encase (apart from price:  Encase Forensic Ed=$15K !!!).  Those are the top two forensic tools used & recognized by court among others. 

      Our instructor was very knowledgable in forensics & investigations at the hacking level.  If I’m correct, he has an MBA, CISSP, MCSE, CEH, CHFI, CCE, CCNA and others (in case some were wondering about his Infosec & SysAdmin knowledge).  Forensics has exploded in the past 2 years (look at the job postings) and will continue so, especially in niche areas providing intrusion-related investigations.  Now I understand why InfoSec Institute (and EC-Council) recommends taking the CEH before attending the CHFI class.  This will prepare the investigator in this specialization (intrusion attempts), rather than chasing divorce cases (LOL).  🙂

      Once again, the training & instruction at InfoSec Institute was top notch, filled with lab time (up to 9-10pm everyday), and an adaptive courseware manual that progressed in difficulty in every lab. 


      Disappointments:  I was completely surprised how easy the CHFI exam was compared to the objectives on the CHFI outline.  The forensic questions were very basic, and more toward interpretations of law & “general” procedures.  It’s about 70% Forensic, 20% Ethical Hacking, and 10% SysAdmin type questions.  This creates somewhat of a learning curve for non-techies since they will have to know two other domains to pass. 

      I would recommend reading “Computer Forensics Jumpstart” for the CF portion of the exam.

      Hope this helps.

    • #9536

      It doens’t suprise me that it was easy, the GCFA is also extremely easy as well. I think its just barely difficult enough to keep out the people that don’t have any experience. The Encase cert, from what I here isn’t too bad, however it contains an actual case that you have to analyze and send back to them with a report.

    • #9537

      i have heard nothing but good things about InfoSec institute so thats good…

      on the subject of exams, its hard to fit into a multiply choice question test what you really need to know especially with cheat exams and everything else out there.  the best way to test (alot of subjects) would be hands on practicals.  unfortunately time and $$ prevent most certs from doing that.  the best test for a forensics cert IMO would be to be given an image and told to write your report and the report should contain X,Y,Z, who, what, where, where, why, and HOW, etc.

      not something you can knock out in 90 minutes at the local Vue testing center.  i thought SANS used to do that with their Cert for forensics but since i havent taken it i dont know. 

      I feel thats the way to go though.  Of course if someone shows up with the alphabet soup and doesnt know anything, you can still send them packing if you dont want to spend the time training them.

    • #9538

      pleease could you please send an ebook of the chfi or a link to download.

    • #9539

      Hello everybody, i have a small question.
      Can anybody tell me in which city or place these courses are available??
      Please post addresses or websites!!!!!!!!!!

    • #9540

      Send an email to to ask about training providers near you.

    • #9541

      Hey, thanks for the info. This cert is next in my list so your review is much appreciated.

    • #9542

      Hey, friends!
      Students are likely to be the most cunning of all people, in particular, during exams, they become super powerful longing to pass the exam they didn’t prepare to, if you wonder why they usually cheat proffessors, follow to read more

Viewing 10 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?