Passed CHFI

-Foxer--Foxer- Member Posts: 151
Well, I'm going to take CHFI tomorrow morning. Hopefully I do well, I'll let you guys know how it goes.

Comments

  • rogue2shadowrogue2shadow CISSP, GXPN, OSCE, OSCP, OSWP, eMAPT, CEH, CNDA, A+, Network+, Security+ Member Posts: 1,501 ■■■■■■■■□□
    Awesome. What were you using to prepare for this?
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,536 Admin
    Good luck! icon_thumright.gif

    Please post a review of your CHFI exam experience and your preparation regime. I'm very interetsed in this cert too.
  • carboncopycarboncopy Member Posts: 259
  • -Foxer--Foxer- Member Posts: 151
    Well, I passed! I ended up getting 84%, so not bad, but not super great either. Overall I'm pretty happy with the score though.

    It was 150 questions, and you have 4 hours to take it. It took me just over an hour.

    I'd say that it was quite a bit easier than CEH, but that may be just because it builds on CEH. Where in CEH it taught you the concepts of an attack, and how to do it, this covers how to detect it, and how to stop it.

    One other review of it said that they had a lot of legal questions, but I didn't have too many. I'd say there was a pretty good ratio of all the topics covered.

    Although there were technical questions, and some where you had to look at logs, know commands and such, overall it wasn't a very technical test, especially compared to CEH (which I think is a pretty good comparison, since they're both Ec-council).

    I only used the 5 official books to study, and no practice tests, because that's what was provided me by WGU.

    If anyone has questions, let me know and I'll try and answer them.
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,926 Mod
    Congrats! Now just go fix that "Secutiry+" from your certs list.
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,536 Admin
    Congratulations on passing the CHFI exam! icon_cheers.gif

    And thanks for the review.
  • SephStormSephStorm Member Posts: 1,732
    -Foxer- wrote: »
    I'd say that it was quite a bit easier than CEH, but that may be just because it builds on CEH. Where in CEH it taught you the concepts of an attack, and how to do it, this cover have to detect it, and how to stop it.

    Amazing, so this cert is not about forensics, its about intrusion detection and response?
  • -Foxer--Foxer- Member Posts: 151
    SephStorm wrote: »
    Amazing, so this cert is not about forensics, its about intrusion detection and response?

    No, it is about forensics. It's about going through logs and detecting intrusions, and the forensics involved with that.
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,536 Admin
    Forensics is about the collection, preservation, examination, and documentation of evidence for presentation in a court of law. Exactly what the evidence is and where is collected from varies greatly.
  • SephStormSephStorm Member Posts: 1,732
    i've been wondering for some time why some training companies offer CEH and CHFI as a package. It's never made complete sense to me. Is CHFI a logical gateway for a pentester?
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,536 Admin
    SephStorm wrote: »
    i've been wondering for some time why some training companies offer CEH and CHFI as a package. It's never made complete sense to me. Is CHFI a logical gateway for a pentester?
    Official training packages are offered to training vendors by EC-Council. The training vendors license the training packages that they think will be the best sellers. So it has more to do with busnesses earning revenue more than what is the best learning path for a pen tester.

    Both forensics investigators and pen testors needs to write standardizaed reports of their activities and findings. Where the two differ is that forensics is all about courts of law and introducing evidence into the legal system, while pen testing is something that is not expected to be as evidence, or require that the pen tester appear as an expert witness in a court of law. A pen tester can therefore benfit greatly by having an understanding of how computer forensics prepare their reports.
  • SephStormSephStorm Member Posts: 1,732
    True enough, but I think we've had two reviews of the exam in the last two weeks, and neither review highlighted forensics as much as incident response.

    "this covers how to detect it, and how to stop it.", "Although there were technical questions, and some where you had to look at logs, know commands and such"

    From the other thread: "Also, make sure that you are familiar with your ports, some linux tools, windows "cmd" commands, mobile devices, and tcpdump/snort like log captures."
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,536 Admin
    I've not taken any EC-Council cert exams, but I'll guess that any new EC-Council cert builds on material from existing EC-Council certs. Therefore, it's likely that the CHFI exam has a lot of overlapping material with the CEH and ECIH certs.

    And using software tools, and looking for evidence of attacks and intrusions (such as in log files), in itself isn't "forensics." It's the processes and procedures that are followed and how they are documented and presented to a court that are "forensics." The exam objectives certainly make it seem as if this sort of material is covered by the CHFI, but the reviews by exam candidates make it seem otherwise.
  • -Foxer--Foxer- Member Posts: 151
    JDMurray wrote: »
    I've not taken any EC-Council cert exams, but I'll guess that any new EC-Council cert builds on material from existing EC-Council certs. Therefore, it's likely that the CHFI exam has a lot of overlapping material with the CEH and ECIH certs.

    And using software tools, and looking for evidence of attacks and intrusions (such as in log files), in itself isn't "forensics." It's the processes and procedures that are followed and how they are documented and presented to a court that are "forensics." The exam objectives certainly make it seem as if this sort of material is covered by the CHFI, but the reviews by exam candidates make it seem otherwise.

    I guess I didn't provide a very good review. Forensics are definitely covered in this exam. Looking at the titles of the 5 official books gives you a pretty good idea of what is one the exam.
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,536 Admin
    -Foxer- wrote: »
    Forensics are definitely covered in this exam.
    That's good to know. I'm very interested in the CHFI cert myself. :D
  • SephStormSephStorm Member Posts: 1,732
    -Foxer- wrote: »
    I guess I didn't provide a very good review. Forensics are definitely covered in this exam. Looking at the titles of the 5 official books gives you a pretty good idea of what is one the exam.

    You did a good review, just missed something ;) At least I know now :)
  • kdjjkdjj Registered Users Posts: 1 ■□□□□□□□□□
    -Foxer- wrote: »
    Well, I passed! I ended up getting 84%, so not bad, but not super great either. Overall I'm pretty happy with the score though.

    It was 150 questions, and you have 4 hours to take it. It took me just over an hour.

    I'd say that it was quite a bit easier than CEH, but that may be just because it builds on CEH. Where in CEH it taught you the concepts of an attack, and how to do it, this covers how to detect it, and how to stop it.

    One other review of it said that they had a lot of legal questions, but I didn't have too many. I'd say there was a pretty good ratio of all the topics covered.

    Although there were technical questions, and some where you had to look at logs, know commands and such, overall it wasn't a very technical test, especially compared to CEH (which I think is a pretty good comparison, since they're both Ec-council).

    I only used the 5 official books to study, and no practice tests, because that's what was provided me by WGU.

    If anyone has questions, let me know and I'll try and answer them.

    Congrats.. what books did you use to assist?
  • webgeekwebgeek Member Posts: 495
    Awesome! Congrats! icon_thumright.gif
    BS in IT: Information Assurance and Security (Capella) ETA 2013/Early 2014
    2013 Goals: CISSP [:cheers:] ITIL Foundations [ ] Project+ [ ] Linux+ [ ] CCNA (Maybe) [ ]
  • gabyprgabypr Member Posts: 136 ■■□□□□□□□□
    Congratulations on your pass and thanks for your review.
    EC-Council Master in Security Science M.S.S [Done]

    Reading Project Management Professional (PMP) Certification Exam prep by Sohel Akhter
Sign In or Register to comment.