CHFI Bootcamp Review
Just got back from CHFI training at InfoSec Institute. Needless to say, it's impossible
to cover ALL the objectives for the CHFI (EC-Council's website) in one week and actually have lab time. To complete that, it would require going over slides & perhaps seeing a demonstration done through the overhead projector. It's a toss up between slides (less retention) or practical training (higher retention). I'm glad they chose the latter.
================================Pros & Personal Opinion
Our lab manual was much larger than the CEH one as our class was about 60% labs. Our primary tool was FTK although we used several others (even Helix!). After taking the CEH class, I realized why many attackers get caught but moreso, how to circumvent digital forensics completely. It's not an indepth class investigating hacking intrusions (there's no time), but more of a foundational one. That would be a premier-type class for an experienced forensic pro who also had a deep understanding of penetration testing, shell scripting, web apps, and SysAdmin-level of understanding in M$ & Unix. Do you guys see where I'm getting at?
We did not have newbies to IT in our class as everyone had several years of experience working as Admins, programmers, developers, pen-testers, security, and even college students. This was a good thing because we didn't have to explain in great detail how TCP/IP worked, security controls (NIDS, HIDS, F/W), and anything beyond the A+ level. Not trying to knock them, but I'm sure you guys can appreciate that.
We were also given a licensed version of AccessData's FTK (received it prior to class) as part of the class tuition. Very intuitive forensic tool that excels in certain aspects over Encase (apart from price: Encase Forensic Ed=$15K !!!). Those are the top two forensic tools used & recognized by court among others.
Our instructor was very knowledgable in forensics & investigations at the hacking level. If I'm correct, he has an MBA, CISSP, MCSE, CEH, CHFI, CCE, CCNA and others (in case some were wondering about his Infosec & SysAdmin knowledge). Forensics has exploded in the past 2 years (look at the job postings) and will continue so, especially in niche areas providing intrusion-related investigations. Now I understand why InfoSec Institute (and EC-Council) recommends taking the CEH before attending the CHFI class. This will prepare the investigator in this specialization (intrusion attempts), rather than chasing divorce cases (LOL).
Once again, the training & instruction at InfoSec Institute
was top notch, filled with lab time (up to 9-10pm everyday), and an adaptive courseware manual that progressed in difficulty in every lab.
: I was completely surprised how easy
the CHFI exam was compared to the objectives on the CHFI outline. The forensic questions were very basic, and more toward interpretations of law & "general" procedures. It's about 70% Forensic, 20% Ethical Hacking, and 10% SysAdmin
type questions. This creates somewhat of a learning curve for non-techies since they will have to know two other domains to pass.
I would recommend reading "Computer Forensics Jumpstart" http://www.amazon.com/gp/product/078214375X/sr=1-1/qid=1153580743/ref=sr_1_1/002-7329479-9904028?ie=UTF8&s=books
for the CF portion of the exam.
Hope this helps.