.

CHFI in 7/06

<<

charlottebandit

Newbie
Newbie

Posts: 49

Joined: Sat Jun 10, 2006 4:26 pm

Post Sat Jun 10, 2006 9:40 pm

CHFI in 7/06

I'm going to attend CHFI training in July and believe that it is an advanced level, computer forensic certification along with the GCFA (GIAC Computer Forensic Analyst). 

Unlike other CF certs, the CHFI recommends taking the CEH to understand attack entry points into a network which seems to elevate the CHFI to include investigating a complete network.  Some of the modules specifically cover network analysis, network attacks, & gathering evidence on a network.

Wish they had a lab component included for this exam! 
MS, CCSP, CCNP, CCDP, CEH, CHFI, CPTS
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sat Jun 10, 2006 9:56 pm

Re: CHFI in 7/06

I'm curious why you chose CHFI over some of the other forensics certs out there such as those listed here:

http://www.ethicalhacker.net/content/category/1/29/3/

I'm not saying that your choice is wrong. I'm just interested in how you came to that decision.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

charlottebandit

Newbie
Newbie

Posts: 49

Joined: Sat Jun 10, 2006 4:26 pm

Post Sat Jun 10, 2006 10:40 pm

Re: CHFI in 7/06

Good question Don.

The EnCE is vendor specific as it tailors to Encase, but doesn't touch FTK, iLook, or other excellent tools out there. 

The CCE appears to be more "basic" (haven't taken it yet, but have read the info on their website) as it only requires basic PC knowledge.  Probably more for non-IT folks.

The GCFA is a SANS course which most IT people know to be high-level as it covers incident response thoroughly w/ CF on the network level for IT pros.  Looks like the GCFA & the CHFI is on the same advanced level.

==============================

Been pursuing CF training and came up with a plethora of unknown CF certs.  Many seem to focus on "buzz words" (w/ legitimate training too), but after reading the course modules I saw at what level their intended audience the cert was for.

Also, another link that categorized many CF certs by difficulty level solidified my thoughts on the subject http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1044613,00.html#downloads
MS, CCSP, CCNP, CCDP, CEH, CHFI, CPTS
<<

charlottebandit

Newbie
Newbie

Posts: 49

Joined: Sat Jun 10, 2006 4:26 pm

Post Sat Jul 22, 2006 10:37 am

Re: CHFI in 7/06

CHFI Bootcamp Review

Just got back from CHFI training at InfoSec Institute.  Needless to say, it's impossible to cover ALL the objectives for the CHFI (EC-Council's website) in one week and actually have lab time.  To complete that, it would require going over slides & perhaps seeing a demonstration done through the overhead projector. It's a toss up between slides (less retention) or practical training (higher retention).  I'm glad they chose the latter.

================================


Pros & Personal Opinion
Our lab manual was much larger than the CEH one as our class was about 60% labs.  Our primary tool was FTK although we used several others (even Helix!).  After taking the CEH class, I realized why many attackers get caught but moreso, how to circumvent digital forensics completely.  It's not an indepth class investigating hacking intrusions (there's no time), but more of a foundational one.  That would be a premier-type class for an experienced forensic pro who also had a deep understanding of penetration testing, shell scripting, web apps, and SysAdmin-level of understanding in M$ & Unix.  Do you guys see where I'm getting at?

We did not have newbies to IT in our class as everyone had several years of experience working as Admins, programmers, developers, pen-testers, security, and even college students.  This was a good thing because we didn't have to explain in great detail how TCP/IP worked, security controls (NIDS, HIDS, F/W), and anything beyond the A+ level.  Not trying to knock them, but I'm sure you guys can appreciate that.

We were also given a licensed version of AccessData's FTK (received it prior to class) as part of the class tuition.  Very intuitive forensic tool that excels in certain aspects over Encase (apart from price:  Encase Forensic Ed=$15K !!!).  Those are the top two forensic tools used & recognized by court among others. 

Our instructor was very knowledgable in forensics & investigations at the hacking level.  If I'm correct, he has an MBA, CISSP, MCSE, CEH, CHFI, CCE, CCNA and others (in case some were wondering about his Infosec & SysAdmin knowledge).  Forensics has exploded in the past 2 years (look at the job postings) and will continue so, especially in niche areas providing intrusion-related investigations.  Now I understand why InfoSec Institute (and EC-Council) recommends taking the CEH before attending the CHFI class.  This will prepare the investigator in this specialization (intrusion attempts), rather than chasing divorce cases (LOL).  :)

Once again, the training & instruction at InfoSec Institute was top notch, filled with lab time (up to 9-10pm everyday), and an adaptive courseware manual that progressed in difficulty in every lab. 

==================================

Disappointments:  I was completely surprised how easy the CHFI exam was compared to the objectives on the CHFI outline.  The forensic questions were very basic, and more toward interpretations of law & "general" procedures.  It's about 70% Forensic, 20% Ethical Hacking, and 10% SysAdmin type questions.  This creates somewhat of a learning curve for non-techies since they will have to know two other domains to pass. 

I would recommend reading "Computer Forensics Jumpstart" http://www.amazon.com/gp/product/078214375X/sr=1-1/qid=1153580743/ref=sr_1_1/002-7329479-9904028?ie=UTF8&s=books for the CF portion of the exam.

Hope this helps.
Last edited by charlottebandit on Sat Jul 22, 2006 10:40 am, edited 1 time in total.
MS, CCSP, CCNP, CCDP, CEH, CHFI, CPTS
<<

oleDB

User avatar

Recruiters
Recruiters

Posts: 236

Joined: Thu Jul 20, 2006 8:58 am

Location: HOA

Post Mon Sep 18, 2006 10:42 am

Re: CHFI in 7/06

It doens't suprise me that it was easy, the GCFA is also extremely easy as well. I think its just barely difficult enough to keep out the people that don't have any experience. The Encase cert, from what I here isn't too bad, however it contains an actual case that you have to analyze and send back to them with a report.
<<

LSOChris

Post Mon Sep 18, 2006 2:23 pm

Re: CHFI in 7/06

i have heard nothing but good things about InfoSec institute so thats good...

on the subject of exams, its hard to fit into a multiply choice question test what you really need to know especially with cheat exams and everything else out there.  the best way to test (alot of subjects) would be hands on practicals.  unfortunately time and $$ prevent most certs from doing that.  the best test for a forensics cert IMO would be to be given an image and told to write your report and the report should contain X,Y,Z, who, what, where, where, why, and HOW, etc.

not something you can knock out in 90 minutes at the local Vue testing center.  i thought SANS used to do that with their Cert for forensics but since i havent taken it i dont know. 

I feel thats the way to go though.  Of course if someone shows up with the alphabet soup and doesnt know anything, you can still send them packing if you dont want to spend the time training them.
<<

Hero

Newbie
Newbie

Posts: 5

Joined: Mon Mar 26, 2007 12:39 pm

Post Sun Apr 29, 2007 12:34 pm

Re: CHFI in 7/06

pleease could you please send an ebook of the chfi or a link to download.
cheers
<<

sagarnangare

Newbie
Newbie

Posts: 1

Joined: Sat Oct 27, 2007 2:22 am

Post Sat Oct 27, 2007 2:34 am

Re: CHFI in 7/06

Hello everybody, i have a small question.
Can anybody tell me in which city or place these courses are available??
Please post addresses or websites!!!!!!!!!!
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Sat Oct 27, 2007 12:11 pm

Re: CHFI in 7/06

Send an email to info@eccouncil.org to ask about training providers near you.
<<

blackazarro

User avatar

Sr. Member
Sr. Member

Posts: 368

Joined: Sun Aug 13, 2006 5:31 pm

Post Sat Oct 27, 2007 5:47 pm

Re: CHFI in 7/06

Hey, thanks for the info. This cert is next in my list so your review is much appreciated.
Security+, OSCP, CEH

Return to CHFI - Computer Hacking Forensic Investigator

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software