Passed CHFI

-Foxer-

Well, I'm going to take CHFI tomorrow morning. Hopefully I do well, I'll let you guys know how it goes.

rogue2shadow

Awesome. What were you using to prepare for this?

JDMurray

Good luck!

Please post a review of your CHFI exam experience and your preparation regime. I'm very interetsed in this cert too.

carboncopy

Good luck! I just took this test yesterday. You can read about it below.

http://www.techexams.net/forums/ec-council-ceh-chfi/62819-chfi-test-pass.html#post497010

-Foxer-

Well, I passed! I ended up getting 84%, so not bad, but not super great either. Overall I'm pretty happy with the score though.

It was 150 questions, and you have 4 hours to take it. It took me just over an hour.

I'd say that it was quite a bit easier than CEH, but that may be just because it builds on CEH. Where in CEH it taught you the concepts of an attack, and how to do it, this covers how to detect it, and how to stop it.

One other review of it said that they had a lot of legal questions, but I didn't have too many. I'd say there was a pretty good ratio of all the topics covered.

Although there were technical questions, and some where you had to look at logs, know commands and such, overall it wasn't a very technical test, especially compared to CEH (which I think is a pretty good comparison, since they're both Ec-council).

I only used the 5 official books to study, and no practice tests, because that's what was provided me by WGU.

If anyone has questions, let me know and I'll try and answer them.

cyberguypr

Congrats! Now just go fix that "Secutiry+" from your certs list.

JDMurray

Congratulations on passing the CHFI exam!

And thanks for the review.

SephStorm

-Foxer- wrote: »

I'd say that it was quite a bit easier than CEH, but that may be just because it builds on CEH. Where in CEH it taught you the concepts of an attack, and how to do it, this cover have to detect it, and how to stop it.

Amazing, so this cert is not about forensics, its about intrusion detection and response?

-Foxer-

SephStorm wrote: »

Amazing, so this cert is not about forensics, its about intrusion detection and response?

No, it is about forensics. It's about going through logs and detecting intrusions, and the forensics involved with that.

JDMurray

Forensics is about the collection, preservation, examination, and documentation of evidence for presentation in a court of law. Exactly what the evidence is and where is collected from varies greatly.

SephStorm

i've been wondering for some time why some training companies offer CEH and CHFI as a package. It's never made complete sense to me. Is CHFI a logical gateway for a pentester?

JDMurray

SephStorm wrote: »

i've been wondering for some time why some training companies offer CEH and CHFI as a package. It's never made complete sense to me. Is CHFI a logical gateway for a pentester?

Official training packages are offered to training vendors by EC-Council. The training vendors license the training packages that they think will be the best sellers. So it has more to do with busnesses earning revenue more than what is the best learning path for a pen tester.

Both forensics investigators and pen testors needs to write standardizaed reports of their activities and findings. Where the two differ is that forensics is all about courts of law and introducing evidence into the legal system, while pen testing is something that is not expected to be as evidence, or require that the pen tester appear as an expert witness in a court of law. A pen tester can therefore benfit greatly by having an understanding of how computer forensics prepare their reports.

SephStorm

True enough, but I think we've had two reviews of the exam in the last two weeks, and neither review highlighted forensics as much as incident response.

"this covers how to detect it, and how to stop it.", "Although there were technical questions, and some where you had to look at logs, know commands and such"

From the other thread: "Also, make sure that you are familiar with your ports, some linux tools, windows "cmd" commands, mobile devices, and tcpdump/snort like log captures."

JDMurray

I've not taken any EC-Council cert exams, but I'll guess that any new EC-Council cert builds on material from existing EC-Council certs. Therefore, it's likely that the CHFI exam has a lot of overlapping material with the CEH and ECIH certs.

And using software tools, and looking for evidence of attacks and intrusions (such as in log files), in itself isn't "forensics." It's the processes and procedures that are followed and how they are documented and presented to a court that are "forensics." The exam objectives certainly make it seem as if this sort of material is covered by the CHFI, but the reviews by exam candidates make it seem otherwise.

-Foxer-

JDMurray wrote: »

I've not taken any EC-Council cert exams, but I'll guess that any new EC-Council cert builds on material from existing EC-Council certs. Therefore, it's likely that the CHFI exam has a lot of overlapping material with the CEH and ECIH certs.

And using software tools, and looking for evidence of attacks and intrusions (such as in log files), in itself isn't "forensics." It's the processes and procedures that are followed and how they are documented and presented to a court that are "forensics." The exam objectives certainly make it seem as if this sort of material is covered by the CHFI, but the reviews by exam candidates make it seem otherwise.

I guess I didn't provide a very good review. Forensics are definitely covered in this exam. Looking at the titles of the 5 official books gives you a pretty good idea of what is one the exam.

JDMurray

-Foxer- wrote: »

Forensics are definitely covered in this exam.

That's good to know. I'm very interested in the CHFI cert myself.

SephStorm

-Foxer- wrote: »

I guess I didn't provide a very good review. Forensics are definitely covered in this exam. Looking at the titles of the 5 official books gives you a pretty good idea of what is one the exam.

You did a good review, just missed something At least I know now

kdjj

-Foxer- wrote: »

Well, I passed! I ended up getting 84%, so not bad, but not super great either. Overall I'm pretty happy with the score though.

It was 150 questions, and you have 4 hours to take it. It took me just over an hour.

I'd say that it was quite a bit easier than CEH, but that may be just because it builds on CEH. Where in CEH it taught you the concepts of an attack, and how to do it, this covers how to detect it, and how to stop it.

One other review of it said that they had a lot of legal questions, but I didn't have too many. I'd say there was a pretty good ratio of all the topics covered.

Although there were technical questions, and some where you had to look at logs, know commands and such, overall it wasn't a very technical test, especially compared to CEH (which I think is a pretty good comparison, since they're both Ec-council).

I only used the 5 official books to study, and no practice tests, because that's what was provided me by WGU.

If anyone has questions, let me know and I'll try and answer them.

Congrats.. what books did you use to assist?

webgeek

Awesome! Congrats!

gabypr

Congratulations on your pass and thanks for your review.