CHFI v4 Attempt

As part of the MS:ISA track for WGU I will be studying for and attempting the EC0-049 Certified Hacking Forensics Investigator exam. The learning resources that I will tentatively use are from the following:

Syngress Official CHFI Study Guide ISBN-10: 1597491977
Thompson Hands-On Information Security Lab Manual, 2nd Ed ISBN-10: 061921631X

Career Academy does make an updated set of CBTs for this exam though they are a little out of my budget right now. I will also be using a number of spare machines for labs and training as I go through the material. Any tips/suggestions/comments are appreciated for this exam.

Find more posts tagged with

SAVE $250 on Your EC-Council Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View EC-Council Boot Camps

Comments

veritas_libertas

Good luck! Keep us up to date on your studies.

dynamik

I've only seen one or two other people get this, so definitely keep us in the loop. Here's some more reading, if you're interested:

Amazon.com: Real Digital Forensics: Computer Security and Incident Response (9780321240699): Keith J. Jones, Richard Bejtlich, Curtis W. Rose: Books

Amazon.com: File System Forensic Analysis (9780321268174): Brian Carrier: Books

Amazon.com: Windows Forensic Analysis DVD Toolkit, Second Edition (9781597494229): Harlan Carvey: Books

Amazon.com: Hacking Exposed Computer Forensics, Second Edition: Computer Forensics Secrets & Solutions (9780071626774): Aaron Philipp, David Cowen, Chris Davis: Books

down77

I'll have to check Books24x7 to see if they are available for online access and if not, pick them up. I have the Hacking Exposed text already; picked that up with a few other from the series from a friend who lives near Orlando.

I've already gone through the first chapter of the Syngress text and aside from the tools/vendors, a bit of it is review from the CISSP studies. A few notes from the text on resources on computer incident handling and digital forensics:

NIST SP800-61 Computer Security Incident Handling Guide
NIST SP800-96 Guide to Integrating Forensic Techniques into Incident Response
US DoJ Pub 199408 Forensic Examination of Digital Evidence: A guide for Law Enforcement (http://www.ncjrs.gov/pdffiles1/nij/199408.pdf)
RFC 3227 Guidelines for Evidence Collection and Archiving

I'm printing out SP800-96 and the DoJ guide now for some note taking while traveling through next week.

dynamik

down77 wrote: »

US DoJ Pub 199408 Forensic Examination of Digital Evidence: A guide for Law Enforcement (http://www.ncjrs.gov/pdffiles1/nij/199408.pdf)
RFC 3227 Guidelines for Evidence Collection and Archiving

Thanks for those

I've been looking for additional references for GCIH self-study (the NIST SPs are already on my list).

If you're looking for another incident handling/response resource, check this out: Amazon.com: Incident Response and Computer Forensics, Second Edition (0783254041295): Chris Prosise, Kevin Mandia, Matt Pepe: Books (it's a steal at the $10 used price).

sexion8

For that particular exam... Understanding EC-Council's content is what is going to count. Dynamik posted some excellent reading material that WILL help you understand forensics period however, at the end of the day, much of the content in those books won't be on the exam. Without divulging too much, just make sure you understand a lot of the legalities.

Again - I can't say much but I WILL TELL you that - laws, plays a huge portion. Try to understand and remember the differences in say USC1029 vs USC1030 (cybercrime.gov) There are huge and subtle differences in terms. "Interception, stored, in transit..." There are certain identifiers that apply to some and not others. When I took the exam, I had EC-Council's CHFI phonebook thick "anomaly". Most of the content I was already familiar with from experience however... I wasn't experienced in differentiation of terms.

down77

Sexion8 - thank you very much for the advice. I've been going over the laws for a little while now for the CEH, CHFI, and WGU Cyberlaw courses and I have to admit that I am slowly becoming more and more familiar with them.

I'm just now getting back into the studies since I had to do a little traveling for work over the last few weeks. Will post updates on the studies shortly...

down77

Ok so its been a little longer than expected to post an update. I ended up traveling longer than anticipated for work which delayed my progress on the CHFI. I was able to talk our Audit team into purchasing the Career Academy videos for me to use, since I assist them with various "projects." This may help me to better prepare during the travel periods and lunch hours as it is not always easy to bring the book along.

Back to Chapter 1 and DVD1 of the material. I'm hoping to take the exam Late August