June 11, 2006 at 2:40 am #485
I’m going to attend CHFI training in July and believe that it is an advanced level, computer forensic certification along with the GCFA (GIAC Computer Forensic Analyst).
Unlike other CF certs, the CHFI recommends taking the CEH to understand attack entry points into a network which seems to elevate the CHFI to include investigating a complete network. Some of the modules specifically cover network analysis, network attacks, & gathering evidence on a network.
Wish they had a lab component included for this exam!
June 11, 2006 at 2:56 am #9533Don DonzalKeymaster
I’m curious why you chose CHFI over some of the other forensics certs out there such as those listed here:
I’m not saying that your choice is wrong. I’m just interested in how you came to that decision.
June 11, 2006 at 3:40 am #9534
Good question Don.
The EnCE is vendor specific as it tailors to Encase, but doesn’t touch FTK, iLook, or other excellent tools out there.
The CCE appears to be more “basic” (haven’t taken it yet, but have read the info on their website) as it only requires basic PC knowledge. Probably more for non-IT folks.
The GCFA is a SANS course which most IT people know to be high-level as it covers incident response thoroughly w/ CF on the network level for IT pros. Looks like the GCFA & the CHFI is on the same advanced level.
Been pursuing CF training and came up with a plethora of unknown CF certs. Many seem to focus on “buzz words” (w/ legitimate training too), but after reading the course modules I saw at what level their intended audience the cert was for.
Also, another link that categorized many CF certs by difficulty level solidified my thoughts on the subject http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1044613,00.html#downloads
July 22, 2006 at 3:37 pm #9535
CHFI Bootcamp Review
Just got back from CHFI training at InfoSec Institute. Needless to say, it’s impossible to cover ALL the objectives for the CHFI (EC-Council’s website) in one week and actually have lab time. To complete that, it would require going over slides & perhaps seeing a demonstration done through the overhead projector. It’s a toss up between slides (less retention) or practical training (higher retention). I’m glad they chose the latter.
Pros & Personal Opinion
Our lab manual was much larger than the CEH one as our class was about 60% labs. Our primary tool was FTK although we used several others (even Helix!). After taking the CEH class, I realized why many attackers get caught but moreso, how to circumvent digital forensics completely. It’s not an indepth class investigating hacking intrusions (there’s no time), but more of a foundational one. That would be a premier-type class for an experienced forensic pro who also had a deep understanding of penetration testing, shell scripting, web apps, and SysAdmin-level of understanding in M$ & Unix. Do you guys see where I’m getting at?
We did not have newbies to IT in our class as everyone had several years of experience working as Admins, programmers, developers, pen-testers, security, and even college students. This was a good thing because we didn’t have to explain in great detail how TCP/IP worked, security controls (NIDS, HIDS, F/W), and anything beyond the A+ level. Not trying to knock them, but I’m sure you guys can appreciate that.
We were also given a licensed version of AccessData’s FTK (received it prior to class) as part of the class tuition. Very intuitive forensic tool that excels in certain aspects over Encase (apart from price: Encase Forensic Ed=$15K !!!). Those are the top two forensic tools used & recognized by court among others.
Our instructor was very knowledgable in forensics & investigations at the hacking level. If I’m correct, he has an MBA, CISSP, MCSE, CEH, CHFI, CCE, CCNA and others (in case some were wondering about his Infosec & SysAdmin knowledge). Forensics has exploded in the past 2 years (look at the job postings) and will continue so, especially in niche areas providing intrusion-related investigations. Now I understand why InfoSec Institute (and EC-Council) recommends taking the CEH before attending the CHFI class. This will prepare the investigator in this specialization (intrusion attempts), rather than chasing divorce cases (LOL). 🙂
Once again, the training & instruction at InfoSec Institute was top notch, filled with lab time (up to 9-10pm everyday), and an adaptive courseware manual that progressed in difficulty in every lab.
Disappointments: I was completely surprised how easy the CHFI exam was compared to the objectives on the CHFI outline. The forensic questions were very basic, and more toward interpretations of law & “general” procedures. It’s about 70% Forensic, 20% Ethical Hacking, and 10% SysAdmin type questions. This creates somewhat of a learning curve for non-techies since they will have to know two other domains to pass.
I would recommend reading “Computer Forensics Jumpstart” http://www.amazon.com/gp/product/078214375X/sr=1-1/qid=1153580743/ref=sr_1_1/002-7329479-9904028?ie=UTF8&s=books for the CF portion of the exam.
Hope this helps.
September 18, 2006 at 3:42 pm #9536oleDBParticipant
It doens’t suprise me that it was easy, the GCFA is also extremely easy as well. I think its just barely difficult enough to keep out the people that don’t have any experience. The Encase cert, from what I here isn’t too bad, however it contains an actual case that you have to analyze and send back to them with a report.
September 18, 2006 at 7:23 pm #9537AnonymousParticipant
i have heard nothing but good things about InfoSec institute so thats good…
on the subject of exams, its hard to fit into a multiply choice question test what you really need to know especially with cheat exams and everything else out there. the best way to test (alot of subjects) would be hands on practicals. unfortunately time and $$ prevent most certs from doing that. the best test for a forensics cert IMO would be to be given an image and told to write your report and the report should contain X,Y,Z, who, what, where, where, why, and HOW, etc.
not something you can knock out in 90 minutes at the local Vue testing center. i thought SANS used to do that with their Cert for forensics but since i havent taken it i dont know.
I feel thats the way to go though. Of course if someone shows up with the alphabet soup and doesnt know anything, you can still send them packing if you dont want to spend the time training them.
April 29, 2007 at 5:34 pm #9538HeroParticipant
pleease could you please send an ebook of the chfi or a link to download.
October 27, 2007 at 7:34 am #9539sagarnangareParticipant
Hello everybody, i have a small question.
Can anybody tell me in which city or place these courses are available??
Please post addresses or websites!!!!!!!!!!
October 27, 2007 at 5:11 pm #9540
October 27, 2007 at 10:47 pm #9541blackazarroParticipant
Hey, thanks for the info. This cert is next in my list so your review is much appreciated.
September 29, 2016 at 11:18 am #9542Laura40Participant
Students are likely to be the most cunning of all people, in particular, during exams, they become super powerful longing to pass the exam they didn’t prepare to, if you wonder why they usually cheat proffessors, follow to read more
- You must be logged in to reply to this topic.