CHFI - No Updated Study Material

phatsacks

I had no problem finding material for the PMP, CISSP, CAP, CISA, ITIL Foundation, and even CEH. However, there appears to only be a couple books for the CHFI, and both were published prior to version 4 even being released.

The Career Academy DVDs advertised for version 4 even contain screen shots of file creation dates (during their demos) from 2009.

...does any updated material for version 4 even exist?

I have no problem reading things like NIST SP 800-61 r1, NIST SP 800-86, etc, or any other material. The problem is if there are any conflicting information.

Anyone that has more than a few certs, know that most of the time, you just need to study the delta of what is the real-world information versus their-world, and anything specific to the organization's own developed information (e.g., ISACA-only term).

So... has anyone seen any relevant study material that would not take weeks of free time to sift through?

for any relevant material, especially community developed.

azjag

The price is a bit steep but if you want the courseware this is probably your best bet.


https://www.2checkout.com/2co/buyer/purchase?sid=51789&quantity=1&product_id=22

rogue2shadow

The C|HFI material is definitely in need of an update. I'm not a hardcore forensics professional by any means but I started studying for it a bit ago and found the following resources to be commonly used to do well on the exam (based on searches of forums on the net):

1. Amazon.com: Windows Forensic Analysis DVD Toolkit, Second Edition (9781597494229): Harlan Carvey: Books <-- major one; have it; its pretty well written book and extras make it even better.
2. Amazon.com: The Official CHFI Study Guide (Exam 312-49): for Computer Hacking Forensic Investigator (9781597491976): Dave Kleiman, Craig Wright, Jesse "James" Varsalone, Timothy Clinton, Michael Gregg: Books - technically a V3 book but still has application to V4 fundamentals.
3. Amazon.com: File System Forensic Analysis (9780321268174): Brian Carrier: Books
4. Amazon.com: Real Digital Forensics: Computer Security and Incident Response (9780321240699): Keith J. Jones, Richard Bejtlich, Curtis W. Rose: Books
5. Amazon.com: Forensic Discovery (9780201634976): Dan Farmer, Wietse Venema: Books

Link to library box for items 3-5:
Amazon.com: Computer Forensics Library Boxed Set (9780321525642): Keith J. Jones, Richard Bejtlich, Curtis W. Rose, Dan Farmer, Wietse Venema, Brian Carrier: Books

If you have access to VTE CERT (gov/military training site), the course on forensics has several helpful labs that include the use of DD, Knoppix, and a few other tools to gather and organize evidence.

docrice

How old is version 4 of the course? I took the class back in 2007, so I wonder if the material is still at least mostly relevant. I never went for the CHFI certification, but I still have the books.

JDMurray

What is the current version of the CHFI? Is it still v4? Can;t tell from the cert's Web page. The cert's PDF brochure indicates v4.

I've been looking at this cert for myself, but it does seem neglected by EC-Council. Maybe this is a reason why I've never seen it mentioned in any computer forensics examiner job posting.

rogue2shadow

JDMurray wrote: »

What is the current version of the CHFI? Is it still v4? Can;t tell from the cert's Web page. The cert's PDF brochure indicates v4.

I've been looking at this cert for myself, but it does seem neglected by EC-Council. Maybe this is a reason why I've never seen it mentioned in any computer forensics examiner job posting.

From what I've read its still version 4 . The only postings I've seen it on are for a few reverse-engineering jobs in my area but then again they required 10+ years in several domains of IT security.

docrice wrote: »

How old is version 4 of the course? I took the class back in 2007, so I wonder if the material is still at least mostly relevant. I never went for the CHFI certification, but I still have the books.

I think the course dates back to around 07'. I'll have to search TE for old entries.

phatsacks

@azjag - Is that from EC-Council? If so, anyone else concerned the product ID is "CHFIv2"?

@rogue2shadow - Thank you for the detailed recommendations. I have a few resources, and moderately familiar myself (although not a forensics SME). The short of my frustration is any conflicting information across publications. For example:

EC-Council's methodology

1. Acquisition - gathering information (or assets with information).
2. Authentication - assuring the original integrity of the evidence.
3. Analysis - examining evidence.

RFC 3227 Guidelines for Evidence Collection and Archiving

(not specifically defined as sequenced events)

1. Plan
2. Acquire
   1. Ensure integrity
3. Secure evidence

Tim Wright's Field Guide

Field Guide Part One | Symantec Connect Community

1. Plan
2. Search for Evidence (discovery)
3. Process Evidence (examine collected information)

Although the above examples are similar in nature, they differ enough to not be included as preparation for testing on EC-Council's view. I will have to check out VTE CERT; no one at work ever told me about it.

----
I am making my own short study guide, and will update it after I test this week. Will post my thoughts, the little study material I have been using, and of course my own updated study guide.

phatsacks

Passed the exam.

Reworked my own study guide. Please feel free to PM me for the draft copy. I expect the final version to be uploaded shortly after I take the CISM exam (06/11/2011); I need to decompress for a few days before going into study mode again.

The study guide will not contain any specific exam questions. However, the current draft will significantly increase the likelihood of a successful examination. The final version expected to essentially be an all-you-need guide.

azjag

phatsacks wrote: »

@azjag - Is that from EC-Council? If so, anyone else concerned the product ID is "CHFIv2"?

----
I am making my own short study guide, and will update it after I test this week. Will post my thoughts, the little study material I have been using, and of course my own updated study guide.

Yes the link I sent you is the official courseware from ECCouncil.

ID
CHFIv2

Name
Computer Hacking Forensic Investigator (CHFI) v4

I'm guessing that the CHFIv2 signifies the 2nd edition of the CHFIv4 training material.

I would be interested in hearing about your exam experience. Was the C|HFI exam anything like the C|EH. Mile wide, inch deep.

Thanks,

JDMurray

azjag wrote: »

I would be interested in hearing about your exam experience. Was the C|HFI exam anything like the C|EH. Mile wide, inch deep.

From what I've read about EC-Council exams over the past few years, I wouldn't be surprised if there is a significant overlap of the material between the two exams.

phatsacks

azjag wrote: »

I would be interested in hearing about your exam experience. Was the C|HFI exam anything like the C|EH. Mile wide, inch deep.

Similar to what JDMurray said, there is overlap between the exams. Few IDS logs, attack questions (e.g., formal name/definition), scenario describing DNS poisoning, types of password attacks (e.g., Active Directory, tool based, definition of brute/dictionary/hybrid). Even the basic concepts behind mobile device attacks were on both. If you know the OSI Model fairly well, then you have a few questions in the bag, but my guide should cover the few areas that one would see on the CHFI. As far as a mile wide, inch deep, I would say it was half a mile and half an inch; rather finite areas, and nothing too technical. I was expecting lots more Linux questions, but was only about five questions and nothing special.

I would estimate an overlap between both exams at roughly 25%-35%. Individuals may experience different results as the CEH question pool matures. That said, if you pass one, and the information is fresh in your mind, then you have a heads up on a good portion of the questions for the other exam.

CHFI focused "mostly" on the forensic side. The guide I referenced above should have most of the attack-oriented information, although I am still studying for the CISM and have yet to finalize it. Ultimately, I would like to see the guide be community driven/updated and therefore relevant at nearly anytime; the original intent of this thread.

byten

I passed the CEH in April 2011 and am now would like to work on my CHFI. But I notice that the EC-Council information about the exam is not very complete. It looks like according to Prometric site, the exam is still listed at $250 and yet EC-Council doesn't have info about pricing and exact requirements on their material that I have seen. The other question is, do they require you to go to an "approved" trainer like how it was for the CEH?

Thanks!

tpatt100

phatsacks wrote: »

Passed the exam.

Reworked my own study guide. Please feel free to PM me for the draft copy. I expect the final version to be uploaded shortly after I take the CISM exam (06/11/2011); I need to decompress for a few days before going into study mode again.

The study guide will not contain any specific exam questions. However, the current draft will significantly increase the likelihood of a successful examination. The final version expected to essentially be an all-you-need guide.

I have to take this next month, tried pming you but the system would not let me.

Broodmdh

I had the same problem as tpatt100.

I'm hoping to write the exam in a couple of months, and a study guide might prove helpful.

instant000

I'm not sure that phatsacks has enough posts to be PM'ed yet. Also, I was interested in this guide, as I need CHFI for WGU, lol.

xzier

Any one can share CHFI notes with me???

phatsacks

tpatt100 wrote: »

I have to take this next month, tried pming you but the system would not let me.

Interesting; I did not realize the forum restricted that.

If anyone is interested, please feel free to contact me via phatsacks at gmail.

Going to see if I can PM tpatt100, doubtful if I cannot receive PMs yet.
--Edit: Cannot PM, so if anyone needs, just e-mail me. Glad I checked this thread...

JDMurray

phatsacks wrote: »

Interesting; I did not realize the forum restricted that.

There is a minimum post count required before a member can PM to/from other members. You're very close to the mark.

phatsacks

Over the past few months I have received about a dozen e-mails for the CHFI guide referenced above. For anyone that uses it, please let me know if it helped and if you have any recommended updates.

Edit:
FYI - No one has contacted me about successful results, or if my guide presented them with information seen on the exam. Felt this is becoming relevant overtime as people continue to ask, and I can still only say that it worked well for me.

CHFImmm

Hello,

i am studying to take the certificate CHFI.

At the moment I am reading the book but i would like to move on onto the exam questions.

I have seen that que exam questions can be bought from many different sites. I wonder if anyone could give me some advice about which one is best.

Thank you for your help

azjag

CHFImmm wrote: »

Hello,

i am studying to take the certificate CHFI.

At the moment I am reading the book but i would like to move on onto the exam questions.

I have seen that que exam questions can be bought from many different sites. I wonder if anyone could give me some advice about which one is best.

Thank you for your help

I couldn't find any decent test questions for the CHFI that weren't braindumps. I would recommend checking the sites against CertGuard | IT Certification Exam Security & Integrity to make sure you are not getting braindumps.

Good luck and welcome to Techexams

gabypr

The actual CHFIv4 will retire on august 30 2012. I will be taking the course later when EC-Council University update the course to reflect the new version. Here is some info regarding CHFIv8. Good luck.

Brochure http://www.eccouncil.org/Computer-Hacking-Forensic-Investigator/brochure/chfi-brochure.pdf

Outline http://www.eccouncil.org/Computer-Hacking-Forensic-Investigator/course-outline.html