Showing posts with label chfi. Show all posts
Showing posts with label chfi. Show all posts

Friday, 10 February 2017

EC-Council launch Certified Hacking Forensics Investigator (CHFI) v9 Update

As businesses wake up to the growing and imminent threat of cyber crime, cyber security is a top priority, now more than ever.

In 2004, the global cyber security market was worth just $3.5 billion. But, by 2020 it will be worth a staggering $120 billion according to Wired.

Because of the new and innovative ways businesses are experiencing hack attacks, it’s important that both security and response measures remain up-to-date.

EC-Council’s recent update to the Certified Hacking Forensics Investigator (CHFI) is a prime example of the security industry looking to keep your knowledge current and up-to-date on the latest techniques.

What to do after the worst happened?

The CHFI certification validates your skills in conducting a digital forensics investigation. From understanding which scripts to run in the all important moments following a breach to piecing together clues to catch a trespasser, digital forensics is your first response. 

Digital forensics detectives draw on a wide range of investigation and analysis techniques to identify an intruder's virtual footprints, in the hope of gathering potential legal evidence. 

Put into context, CHFIs are effectively virtual detectives. Just like you’d want an investigator on the case if jewellery was stolen from your home, you’ll want a CHFI if you’re the victim of a cyber breach.  The only difference is, even the most expensive pieces of jewellery can’t compare to the millions it can cost if you’re hacked.

The CHFI course covers major forensic investigation scenarios and presents a methodological approach to forensics. You'll cover searching and seizing, chain-of-custody, acquisition, preservation and analysis and reporting of digital evidence. 
There’s always an opportunity for a hacker to penetrate your system. When your organisation is hit by a cyber breach, the real issue is how you respond to the attack.

What are the new updates?

The new CHFI version 9 update has a number of key changes.

Firstly, this update introduces new content. You’ll dive into the latest forensics examination techniques, with new operating systems including Linux and MAC Forensics. In the previous version (v8), only Windows forensics was addressed. 

Furthermore, a host of new modules have been added to this course to reflect industry developments. The three modules added are database, cloud and malware forensics. With UK businesses at a cloud adoption rate of 84% and with 54% being hit by ransomware attacks, it's easy to see why these modules have been added.  

EC-Council have also added more than 40% new, hands-on labs to the program. These descriptive and analytical labs are well tested and results oriented. Even with these new labs however, EC-Council have in fact reduced the total number of labs and modules. From 22 modules, 42 labs and 2400 slides, they've now got 14 modules, 39 labs and only 1222 slidesThis change seeks to make the information more concise and digestible, whilst still covering all of the key areas in the same depth. 


Why is it essential to your cyber security in 2017?

In a world where 90% of all criminal cases have at least one form of electronic evidence (The Guardian), the importance of being able to conduct a digital forensics investigation is growing rapidly.

Furthermore, the digital forensics market is expected to grow around 15% globally from 2015 to 2020 as businesses quickly realise the importance of cyber forensics. 

Learn how to protect against a cyber attack, fast

Achieve the CHFI certification in just 5 days with Firebrand Training, or check out the extensive cyber security portfolio we have to offer. 

Here's what others thought about the CHFI course: 


Wednesday, 22 October 2014

5 incredible jobs for a Certified Ethical Hacker


EC-Council’s Certified Ethical Hacker certification opens doors for IT security professionals. Take on the CEH and you’ll get comprehensive ethical hacking and network security training – you’ll learn to think (and hack) like a hacker.

And like most certifications, the CEH is only a stepping stone to your dream career. The experience you’ll get from becoming a CEH can be applied across a huge variety of job roles. Let’s take a look at some of the most impressive ones:

1. Penetration Tester 

Average advertised salary - £55,000*

Just like malicious hackers, penetration testers attack IT systems to locate security flaws. But, unlike hackers, penetration testers are White Hats - their aim is to protect systems, not exploit them.

The only difference between penetration testing and hacking is whether you have the system owner’s permission. If you want the thrill of hacking and enjoy the challenge of breaking into networks, penetration testing could be an incredibly rewarding career for you.

"pssst, what's Frank's password?"
If you can find a vulnerability during your simulated real-life cyber-attack, then you’ve earned your wages.

You’ll establish the viability of attack vectors (also known as an ‘attack-surface’), research known vulnerabilities within the client’s hardware and software stacks and identify weaknesses using common hacking tools.

And you might even find yourself using social engineering to legally con client’s employees, e.g. trying to solicit employee passwords from other employees.

2. Forensics Analyst

Average advertised salary - £42,500*

This ultra-modern role involves analysing the way in which intruders breach IT infrastructure. You’ll be assessing the full extent of any malicious breaches in order to identify additional systems / networks that have been compromised.

Investigating the minute traces left by complex Black Hat attacks requires an IT expert proficient in cutting edge forensic and reverse engineering skills. You’ll need to think and act like a hacker in order to identify the ways they breached your client’s system. 

You'll be using a hacker's malware as evidence for his crimes
Image courtesy of Stephen Miles
To be a successful forensic expert you’ll need to master prevention / detection, hacker exploit techniques and reverse engineering of malware.

Perhaps most importantly, you’ll need to stay at the cutting edge of attack methodologies. Hackers won’t get complacent, so neither can you. If you can keep your security knowledge and skills up-to-date, you’ll find success as a Forensics expert.

And whilst many job postings advertise the CEH certification as a desired qualification, EC-Council also offers a specific digital forensics course. It’s called the Computer Hackings Forensics Investigator (CHFI) and will teach you everything you need to know about investigating, recovering and tracking cybercrime.

3. Internet / Network Security Administrator

Average advertised salary - £47,500*

Internet security administrators are responsible for protecting vulnerable computer systems and networks against attack. Also known as security specialists, the security administrator handles all aspects of information security.

You’ll be the go-to professional for all aspects of an organisation’s information security. As well as teaching your colleagues about computer security, you’ll check for security violations, research and install protection software and defend/take action against cyber-attacks.

If the breach is serious, you may even find yourself providing evidence of cyber-attacks to prosecute individuals for breaching security.

You’ll have a great deal of responsibility and as a result, you’ll need good communication skills and the ability to react exceptionally fast to security problems. You might even be expected to work on-call in case of emergencies. 

Pictured above: a visual metaphor for network security.
sidewinder123 / MorgueFile

4. Application Security Architect

Average advertised salary - £65,000*

Application security architects work with development and computer architecture teams to create security applications.

You’ll likely find yourself testing programs for security weaknesses and performing vulnerability scans. You’ll be responsible for creating effective security applications and will work closely with software development teams, providing security guidance and expertise.

To succeed in this role you’ll need great problem solving skills and the ability to anticipate vulnerabilities in new software. And, as with most security roles, you’ll also need a deep understanding and appreciation of emerging cyber security risks.

5. Computer Network Defense Analyst

Average advertised salary - £40,000**

Computer network defence analysts work with cutting edge cyber-security technologies to provide expert opinions on current and emerging network security threats.

Get it? Program...
DogertonSkillhause / MorgueFile
You’ll create security threat analysis reports and briefs that describe the risks of potential threats and the risks these threats may pose to your organisation networks.

Tasks could include:
  • Analysing network traffic to identify anomalous activity
  • Determining appropriate response to anomalous network activity
  • Studying identified malicious activity to determine weaknesses exploited
  • Examine network topologies to understand data flows through the network
  • Provide daily summaries and news, events and activities and distinguish these incidents and events from benign activities.

Secure your dream security job

The CEH certification is great for any information security professional. Secure it (in only 5 days?) and prove you can defend your organisation from malicious attacks; you’ll be well on your way to your dream job.

*data from
*data from

About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Tuesday, 7 January 2014

The hottest certifications for 2014


The value of IT and Project Management certifications have immensely increased as IT security, risk management, project management or computer forensics experts are more and more in demand.

According to the European Commission "there will be a deficit of over 900,000 trained IT staff in Europe by 2015”. Firebrand compiled a list of this year’s hottest IT and Project Management certifications to help you make the most of the 100,000s of job opportunities.

CISSP - Certified Information Systems Security Professional

The CISSP is an advanced level certification for information security professionals. As a CISSP, you’ll be an expert in developing, guiding, and managing security standards, policies, and procedures within your organisation.

(ISC)2 designed and developed CISSP for experienced security professionals. To obtain this certification, you’ll need a minimum of 5-years experience in at least two of the following (ISC)2 common body of knowledge domains:
  • Access Control
  • Telecommunications and Network Security
  • Information Security Governance and Risk Management
  • Software Development Security
  • Cryptography
  • Security Architecture and Design
  • Operations Security
  • Business Continuity and Disaster Recovery Planning
  • Legal, Regulations, Investigations and Compliance
  • Physical (Environmental) Security

The CISSP will be one of this year’s most sought after IT certifications and an overall must-have for IT security professionals.

PMP – Project Management Professional

Developed by project managers, PMP is the highest level credential offered by the Project Management Institute (PMI). The certification is designed to ensure that PMP holders possess the skills and qualifications to successfully manage all phases of a project, including:
  • Initiating
  • Planning
  • Scheduling
  • Controlling
  • Monitoring
  • Closing the project

PMP certified professionals are also experts in managing all aspects of the triple constraints – time, cost and scope.

In order to get PMP certified, credential seekers must demonstrate and prove they have the skills and knowledge required to be successful in the field of project management. Demonstrating documentations must include proof of education, projects worked on and hours spent in each of the five phases of project management.

CRISC - Certified in Risk and Information Systems Control

ISACA’s CRISC is awarded to IT professionals experienced in business and technology risk management, as well as the design, implementation, monitoring and maintenance of Information Systems Control.

As a CRISC certified professional, you’ll manage risk design and oversee response measures, monitor systems for risk, and ensure your organisation's risk management strategies are met.

Job roles for CRISC credential holders include:
  • IT Security Analyst
  • Security Engineer Architect
  • Information Assurance Program Manager
  • Senior IT Auditor

The CRISC exam covers the following domains:
  • Risk Assessment
  • Identification and Evaluation
  • Information Systems Control Monitoring and Maintenance
  • Risk Response
  • Information Systems Control Design and Implementation
  • Risk Monitoring

Since its inception in 2010, over 17,000 pros have obtained the CRISC certification.

CISM – Certified Information Security Manager

CISM, also developed by ISACA, is a top credential for IT security professionals specialising in managing, developing and overseeing information security systems or for developing best organisational security practices.

The credential targets the needs of IT security professionals with enterprise level security management responsibilities. CISM certified professionals possess advanced and proven skills in:
  • Security Risk Management
  • Program Development and Management
  • Governance, and Incident Management
  • Responding to Incidents

CISM credential holders must agree to the CISM Code of Professional Ethics, pass the examination, possess at least five years of security experience and submit a written application to qualify.

CHFI – Certified Hacking Forensic Investigator

EC-Council’s CHFI certification focuses on forensics tools, analytical techniques, and procedures involved in obtaining, maintaining, and presenting computer forensic evidence and data in a court of law.

The CHFI course covers the following topics:
  • Cyber-Crime Overview
  • Search and Seizure of Computers
  • Working with Digital Evidence
  • Incident Handling and First Responder Procedures
  • Gathering Volatile and Non-Volatile Data from a Windows Computer
  • Recovering Deleted Files and Partitions from Windows, Macintosh, and Linux Systems
  • Password Cracking
  • Log Capturing Tools and Techniques
  • Investigating Network Traffic, Wireless Attacks, Web Attacks, and E-mail Crimes

As a CHFI, you’ll be able to protect your organisation by responding promptly to any and all attacks.  

About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Wednesday, 15 August 2012

Last chance: CHFIv4 will retire on Aug 30

In February 2012, ECCouncil announced that it will be releasing the brand new Version 8 of the Computer Hacking Forensic Investigator (CHFIv8). The course is designed to apply necessary skills to security professionals so that they can “identify an intruder’s footprints and to properly gather the required evidence to prosecute in the court of law”.

The program has been available since February 27, 2012. This means that Version 4 has become redundant and will be officially retired as of August 30, 2012. If there are any CHFIv4 students who have not yet attempted the exam or are waiting to re-sit, they have until August 30th, 2012 to take the exam.

Tuesday, 13 March 2012

EC-Council launches CHFI v8

EC-Council has updated the CHFI version to v8. This version teaches the student the entire digital forensics process: how to secure the scene, collect evidence, and send it to the lab for testing.

The course teaches you:
  • How to investigate cyber crime and the laws surrounding it
  • Different types of digital evidence, and how to examine them
  • The first responder tool-kit - how to secure, preserve and evaluate the electronic crime scene
  • How to recover deleted files and partitions in Windows, Mac OS X, and Linux
  • How to use the AccessData forensic toolkit, and  steganography
  • Password cracking and how to investigate password-protected file breaches
  • Log capturing and management
  • How to investigate logs, network traffic, wireless attacks, and web attacks
  • How to track emails and investigate e-mail crimes

Thursday, 25 February 2010

What are 10 best IT Jobs right now?

As the demand for emerging technologies such as virtualization, cloud, network security and social computing grows in 2010, IT professionals would look to stand out in the crowded job market.  Here are top 10 IT job titles that could gain traction in 2010:

  1. Ethical Hacker/Security Specialist:  According to a CompTIA survey, 37% of high tech workers intend to pursue a security certification over the next 5 years.  Nearly 20% would seek ethical hacker certification during the same period.  13% were looking for computer forensics as the next immediate certification they would pursue.
  2. Virtual systems manager
  3. Capacity manager
  4. Network Engineer
  5. Open source specialist
  6. Service assurance manager
  7. Electronic health records systems manager
  8. Sourcing specialist
  9. Service catalog manager
  10. Business process manager.