CHFI v4 Attempt

down77down77 Member Posts: 1,009
As part of the MS:ISA track for WGU I will be studying for and attempting the EC0-049 Certified Hacking Forensics Investigator exam. The learning resources that I will tentatively use are from the following:

Syngress Official CHFI Study Guide ISBN-10: 1597491977
Thompson Hands-On Information Security Lab Manual, 2nd Ed ISBN-10: 061921631X

Career Academy does make an updated set of CBTs for this exam though they are a little out of my budget right now. I will also be using a number of spare machines for labs and training as I go through the material. Any tips/suggestions/comments are appreciated for this exam.
CCIE Sec: Starting Nov 11


  • veritas_libertasveritas_libertas CISSP, GIAC x5, CompTIA x5 Greenville, SC USAMember Posts: 5,735 ■■■■■■■■■■
    Good luck! Keep us up to date on your studies. :)
    Currently working on: Linux and Python
  • down77down77 Member Posts: 1,009
    I'll have to check Books24x7 to see if they are available for online access and if not, pick them up. I have the Hacking Exposed text already; picked that up with a few other from the series from a friend who lives near Orlando.

    I've already gone through the first chapter of the Syngress text and aside from the tools/vendors, a bit of it is review from the CISSP studies. A few notes from the text on resources on computer incident handling and digital forensics:

    NIST SP800-61 Computer Security Incident Handling Guide
    NIST SP800-96 Guide to Integrating Forensic Techniques into Incident Response
    US DoJ Pub 199408 Forensic Examination of Digital Evidence: A guide for Law Enforcement (
    RFC 3227 Guidelines for Evidence Collection and Archiving

    I'm printing out SP800-96 and the DoJ guide now for some note taking while traveling through next week.
    CCIE Sec: Starting Nov 11
  • dynamikdynamik Banned Posts: 12,314 ■■■■■■■■□□
    down77 wrote: »
    US DoJ Pub 199408 Forensic Examination of Digital Evidence: A guide for Law Enforcement (
    RFC 3227 Guidelines for Evidence Collection and Archiving

    Thanks for those :D

    I've been looking for additional references for GCIH self-study (the NIST SPs are already on my list).

    If you're looking for another incident handling/response resource, check this out: Incident Response and Computer Forensics, Second Edition (0783254041295): Chris Prosise, Kevin Mandia, Matt Pepe: Books (it's a steal at the $10 used price).
  • sexion8sexion8 Member Posts: 242
    For that particular exam... Understanding EC-Council's content is what is going to count. Dynamik posted some excellent reading material that WILL help you understand forensics period however, at the end of the day, much of the content in those books won't be on the exam. Without divulging too much, just make sure you understand a lot of the legalities.

    Again - I can't say much but I WILL TELL you that - laws, plays a huge portion. Try to understand and remember the differences in say USC1029 vs USC1030 ( There are huge and subtle differences in terms. "Interception, stored, in transit..." There are certain identifiers that apply to some and not others. When I took the exam, I had EC-Council's CHFI phonebook thick "anomaly". Most of the content I was already familiar with from experience however... I wasn't experienced in differentiation of terms.
    "Everything we hear is an opinion, not a fact. Everything we see is a perspective, not the truth." - Marcus Aurelius
  • down77down77 Member Posts: 1,009
    Sexion8 - thank you very much for the advice. I've been going over the laws for a little while now for the CEH, CHFI, and WGU Cyberlaw courses and I have to admit that I am slowly becoming more and more familiar with them.

    I'm just now getting back into the studies since I had to do a little traveling for work over the last few weeks. Will post updates on the studies shortly...
    CCIE Sec: Starting Nov 11
  • down77down77 Member Posts: 1,009
    Ok so its been a little longer than expected to post an update. I ended up traveling longer than anticipated for work which delayed my progress on the CHFI. I was able to talk our Audit team into purchasing the Career Academy videos for me to use, since I assist them with various "projects." This may help me to better prepare during the travel periods and lunch hours as it is not always easy to bring the book along.

    Back to Chapter 1 and DVD1 of the material. I'm hoping to take the exam Late August
    CCIE Sec: Starting Nov 11
Sign In or Register to comment.