Computer Hacking Forensic Investigator Cover Main

Computer Hacking Forensic Investigator Certification | CHFI

Computer Hacking Forensic Investigator (CHFI) Elevate your investigational skills with hacking and forensic investigation. Decode, Compile, Defend, and Help to Prosecute.

Talk to a Career Counselor

Fill out the form and an expert EC-Council Training Consultant will contact you to help you get all your questions answered.


On-Demand training available in these languages:

Training in Cyber Security | Digital Forensics

The Computer Hacking Forensic Investigator (CHFI) course delivers the security discipline of digital forensics from a vendor-neutral perspective. CHFI is a comprehensive course covering major forensic investigation scenarios and enabling students to acquire necessary hands-on experience with various forensic investigation techniques and standard forensic tools necessary to successfully carry out a computer forensic investigation leading to the prosecution of perpetrators.

The CHFI certification gives participants (Law enforcement personnel, system administrators, security officers, defense and military personnel, legal professionals, bankers, security professionals, and anyone who is concerned about the integrity of the network infrastructure.) the necessary skills to perform an effective digital forensics investigation.

CHFI presents a methodological approach to computer forensics including searching and seizing, chain-of-custody, acquisition, preservation, analysis and reporting of digital evidence.

Pricing Options


On Demand Instructor-led Training Videos

Official E-Courseware

Online CyberQ Labs

Certification Exam

Certificate of Completion

One Additional Certification Course Included

Live Instructor-led Training (in-person or online)

Exam Insurance Program

CodeRed Continuing Education Video Subscription


*Financing Available (US Only)

Unlimited On Demand

On Demand Instructor-led Training Videos

Official E-Courseware

Online CyberQ Labs

Certification Exam

Certificate of Completion

Unlimited Additional Certification Course Included

Live Instructor-led Training (in-person or online)*

Exam Insurance Program

CodeRed Continuing Education Video Subscription


*Financing Available (US Only)


On Demand Instructor-led Training Videos

Official E-Courseware

Online CyberQ Labs

Certification Exam

Certificate of Completion

One Additional Certification Course Included

Live Instructor-led Training (in-person or online)

Exam Insurance Program

CodeRed Continuing Education Video Subscription


*Financing Available (US Only)

*Upgrade any course to live training for $499

About the Computer Hacking Forensics Investigator Course

Course Outline

  • Computer Forensics in Today’s World
  • Computer Forensics Investigation Process
  • Understanding Hard Disks and File Systems
  • Data Acquisition and Duplication
  • Defeating Anti-forensics Techniques
  • Windows Forensics
  • Linux and Mac Forensics
  • Network Forensics

  • Investigating Web Attacks
  • Dark Web Forensics
  • Database Forensics
  • Cloud Forensics
  • Investigating Email Crimes
  • Malware Forensics
  • Mobile Forensics
  • IoT Forensics

CHFI v10 captures all the essentials of digital forensics analysis and evaluation required for the modern world — tested and approved by veterans and top practitioners of the cyber forensics industry. From identifying the footprints of a breach to collecting evidence for a prosecution, CHFI v10 handholds students through every step of the process with experiential learning. CHFI v10 is engineered by industry practitioners for professionals including those such as forensic analysts, cybercrime investigator, cyber defense forensic analyst, incident responders, information technology auditor, malware analyst, security consultant, chief security officers and aspirants alike.

CHFI Course Benefits

  • Inclusion of critical modules in Darkweb forensic and IoT Forensics
  • Significant coverage of forensic methodologies for public cloud infrastructure, including Amazon AWS and Microsoft Azure
  • Massive updates on all modules in CHFI
  • Inclusion of latest forensic tools including Splunk, DNSQuerySniffer etc
  • Addition of new techniques such as Defeating Anti-forensic technique, Windows ShellBags including analyzing LNK files and Jump Lists

  • Extensive coverage of Malware Forensics (latest malware samples such as Emotet and EternalBlue )
  • Now more than 50GB of crafted evidence files for investigation purposes
  • More than 50% of new and advanced forensic labs
  • In-depth focus on Volatile and Non-volatile data acquisition and examination process (RAM Forensics, Tor Forensics, etc.
  • Accepted and trusted by cybersecurity practitioners across Fortune 500 globally.

  • Establish threat intelligence and key learning points to support pro-active profiling and scenario modeling
  • Perform anti-forensic methods detection
  • Perform post-intrusion analysis of electronic and digital media to determine the who, where, what, when, and how the intrusion occurred
  • Extract and analyze of logs from various devices like proxy, firewall, IPS, IDS, Desktop, laptop, servers, SIM tool, router, firewall, switches AD server, DHCP logs, Access Control Logs & conclude as part of investigation process.

  • Identify & check the possible source / incident origin.
  • Recover deleted files and partitions in Windows, Mac OS X, and Linux
  • Conduct reverse engineering for known and suspected malware files
  • Collect data using forensic technology methods in accordance with evidence handling procedures, including collection of hard copy and electronic documents

Meet your Instructor:

iLabs Demo:

Passing Score

In order to maintain the high integrity of our certification exams, EC-Council Exams are provided in multiple forms (I.e. different question banks). Each form is carefully analyzed through beta testing with an appropriate sample group under the purview of a committee of subject matter experts that ensure that each of our exams not only has academic rigor but also has “real world” applicability. We also have a process to determine the difficulty rating of each question. The individual rating then contributes to an overall “Cut Score” for each exam form. To ensure each form has equal assessment standards, cut scores are set on a “per exam form” basis. Depending on which exam form is challenged, cut scores can range from 60% to 78%.

Number of Questions: 150

Test Duration: 4 Hours

Test Format: Multiple Choice

Test Delivery: ECC Exam Portal

  • Cyber Threat Analyst Tier 2
  • Cyber Threat Intelligence Analyst
  • Mid Level Penetration Tester
  • Cyberspace Analyst II
  • Cybersecurity Engineer II Red Team
  • Forensic Analyst, Senior
  • Cyber Security Analyst Advisor
  • Cyber Security Analyst
  • Application Security Analyst
  • Senior Cyber Security Analyst
  • Digital Forensics Analyst- Junior level
  • Security Architect
  • Cybersecurity Auditor
  • Senior Network Security Engineer
  • Information Security Engineer
  • Manager Information Security management
  • Principal Cyber Security Engineer
  • Information Security Risk Program Manager
  • Cybersecurity Systems Engineer
  • Information Assurance/Security Specialist
  • Principal Cyber Operator
  • Information Security Cyber Risk Defense Analyst
  • Senior Forensic Analyst
  • Director Information Technology Security
  • Cyber Security Intelligence Analyst

  • Penetration Tester
  • Sr. Information Assurance Analyst
  • Cyber Security Project Engineer
  • Cyber Threat Analyst II
  • Intrusion Analyst
  • Cyber Systems Administrator
  • Information Security and Risk Assessment Specialist
  • Forensic Analyst, Senior
  • CIS – Cyber and Network Security-Cloud Computing Faculty
  • Tier 2 Cyber Security Analyst
  • Sr. Network Security Engineering Specialist
  • Security Control Assessor 2
  • Security Operations Engineer / Team Lead
  • Principle Cyber Operator
  • Manager, Cyber Security Operations and Incident Response
  • IT Security Manager
  • Sr. Network Security Engineer
  • Senior IT Security Manager- Cloud & Digital
  • Senior Principle, Digital Forensics
  • Sr. Network Security Engineering Consultant
  • Sr. Cyber Threat Intel Analyst
  • Cyber Security Associate 3
  • Tier I Intrusion Analyst
  • Senior Investigative Analyst
  • Sr. Cybersecurity Consultant (Incident Response)

Don’t just take a class. Join a program.

The MasterClass package includes:

Computer Hacking Forensic Investigator Course (CHFI):

  • Computer Hacking Forensic Investigator Course (CHFI) Live Course
    • Official Courseware
    • CyberQ Labs (6 months)
    • Certificate of Completion
    • Exam Prep Program
    • Certification Exam
    • Exam Insurance Program
  • CHFI Online Self-Paced Streaming Video Course (1 year access)


Certified Incident Handler/Response

  • Certified Incident Handler/Response (ECIH) Online Self-Paced Streaming Video Course (1 year access)
    • ECIH E-Courseware
    • ECIH iLabs, Live Labs
    • ECIH Certification Exam
    • Exam Insurance Program


Computer Forensic
Deep Dives:

  • Dark Web Forensics Deep Dive - Self-Paced streaming video with access for one year
  • Memory Forensics Deep Dive - Self-Paced streaming video access for one year
  • Mobile Forensics Deep Dive - Self-Paced streaming video access for one year

About MasterClass

The Most Robust

The MasterClass Computer Forensics Program includes two industry recognized certification courses
and three computer Forensic Deep Dives:

  • Computer Hacking Forensic Investigator (CHFI)
  • Certified Incident Handler (CIH)

  • Dark Web Forensics Deep Dive
  • Memory Forensics Deep Dive
  • Mobile Forensics Deep Dive

The Most Labs

  • CHFI
    • 40 Exercises
    • Approximately 14 Hours

  • ECIH
    • 48 Exercises
    • Approximately 10 Hours

Exam Insurance Program

Here at Masterclass we know that test taking can be very stressful, so we have developed a program to put your mind at ease.

While no one can guarantee that you will pass the exam, we can offer you Exam Insurance: If you fail either certification exam included in this program on the first attempt, EC-Council will pay for the next attempt. Any further attempts can be purchased at the reduced “retake” rate.

Who Should Attend?

  • Police and other law enforcement personnel
  • Defense and Military personnel
  • e-Business Security professionals
  • Systems administrators

  • Legal professionals
  • Banking, Insurance and other professionals
  • Government agencies
  • IT managers

Live Course Dates in North America

Live Course Dates outside of North America

Save big. Join the club.

As an iClass Club member, you receive unlimited access to EC-Council’s library of video courses. Upgrade to live classes for only $499 each during the subscription year.

You can even finance your Club membership through our partnership with Affirm. In the cart, you’ll be able to split your purchase into easy monthly payments. Term lengths range from 3 to 36 months depending on eligibility and purchase amount, with rates starting as low as 0% APR.

*Your rate will be 0% APR or 10–30% APR based on credit and is subject to an eligibility check. 0% APR is subject to change. Payment options through Affirm are provided by these lending partners: Options depend on your purchase amount, and a down payment may be required. US Residents Only.

Certification Club Benefits:

Don’t limit yourself to one class per year, join the iClass Club and get your cybersecurity training directly from the source! No one course can make you an expert, so take advantage of EC-Council Master trainers in each subject area and become a well-rounded cybersecurity professional.

For approximately the cost of one live course, the iClass Club will stretch your budget from one course to many. With savings like that, you can afford to build a strong foundation of cybersecurity knowledge in ethical hacking, pen testing, network defense, incident response, computer forensics, and so much more!

Get Started

One Year Subscription


Access to EC-Council’s full library of on-demand courses

Official e-courseware


Certification exam*

Move to “enhance” to upgrade your experience.


During your subscription, you can upgrade to a live course for $499!

Official Printed Courseware


Certification exam*

Lastly, receive ongoing professional development by moving to the Continuing Education phase!

Continuing Education

One year of CodeRed


Continue to learn and gather continuing education credits with CODERED!

Premium Content: 4000+ Premium Videos

Fresh Content: New courses and content are added weekly to keep up with the latest skills and technologies.

CodeRed course videos come with lab demos to reinforce course learning concepts and create a constant career learning companion.

Club Subscription in North America

Club Subscription outside of North America

Certification Club Terms:

*Not all courses and workshops have associated Labs and exams. Club members must complete 100% of a course before requesting their next course and to be eligible for that course’s exam voucher. CCISO students must meet the eligibility requirements to challenge the CCISO exam. Students who do not meet the CCISO qualifications must take the EISM exam. CodeRed subscription 12 months. Club membership applicable to EC-Council classes only and does not apply to third party or Hacker Halted classes. Devices such as drones or STORMs must be purchased separately at regular price. Drones and STORMs only ship to the US. Students outside of the US can attend drone workshops but must obtain a drone on their own. If a course version changes while your program is still active, you will be given updated material. If a course version changes after your Club is expired, you will need to purchase an extension to get the new version. Club valid for one year and term begins 24 hours after payment is received. After a period of one (1) year the program expires, and all courses are turned off. Lab access term is for 6 months from when a course is assigned. Additional lab time can be added for no extra charge upon request. Labs will not be extended beyond the Club term. Speak to your rep to extend your Club term for 1 year. Renewal price for the Club is $999. Discount not stackable. The Club is a single user license meaning that the courses cannot be shared, and the club is non-transferable.

If you are outside of North America and are interested in the club subscription, please click here.

If you are outside of North America and are interested in the club subscription, please click here.

If you are outside of North America and are interested in the club subscription, please click here.

Think you’re ready?

Have questions?

Select Training Options:


Join us for a free half-day of Computer Hacking Forensic Investigator (CHFI) through our new First Look Cybersecurity Learning Events!