Hi everyone. A few weeks ago I asked about InfoSec's forensic training prior to taking the course. I completed the training last week and thought some folks might like to hear what it was like.
First of all, I have to say that I was absolutely impressed by the training. It was everything InfoSec described and more. Content was in depth, thorough and HUGE. We covered a vast amount of material in 5 days. I've been in the IT sector for 20 years and have taken (and given) many classes. This was perhaps the best one I've ever experienced.
The pre-course description of long classes was not hype. We worked from 830am til as late at 1020pm. The "optional" labs after 630pm were a misnomer. No way would I have missed the "optional" labs. I would have missed a huge amount of content. The course format was pretty much lectures followed by hands on labs that let you practice what was preached. It worked out quite well. Each student had their own laptop computer loaded with lecture and lab software. The laptops were more than adequate though a handful of the USB floppy drives were unreliable or even unuseable. The bad floppy drives led to some frustration during labs, but kudos to InfoSec for rushing some replacements to us. The floppy thing should have been attended to before the course, but even so, it all worked out. Be prepared to be totally wiped out after class. You really work yourself to a frazzle - its good stuff and a lot of it. This class is not for sissies.
The handouts were good. The lab manual has clear instructions. The book, "Computer Forensics Jump Start" is good and readable. It provides straightforward forensic technique and real-world examples. There were also some CD's distributed. They contain all of the lectures, the InfoSec Forensic Suite and all of the course software. This is not a point to be overlooked. The lab exercises used a bunch of industry standard tools and utilities. These were all provided on CD, including a bootable Helix. 2 weeks prior to class, I (and presumably all the other students) received a licensed copy of AccessData's FTK and the Registry Viewer.
I have given about a zillion classes on communications programming, so I was the most impressed by the ability of the instructor, Nathan Weilbacher. Our class consisted of a disparate group. Educators, InfoSec professionals, people with decades of IT industry experience and people with little to no professional experience. There were three students from South Africa with American as a Second Culture; they were great compatriots and seemed to do well. This gangling, and divererse mass was dragged kicking and screaming from day one to the finish with hardly a break in the flow. This was quite impressive. Weilbacher is an accomplished educator as well, apparently, as a digital forensic examiner. His real life examples really added a dimension to the class. Surprizingly, he also addressed practical marketing and business issues. To me, as an entrepreneur, this was invaluable.
The course was held at the AmeriSuites in Arlington Heights, just outside of Chicago. The hotel was certainly comfortable. I was just a bit jaded since the last hotel I stayed in was during at a software conference in Las Vegas held at the Venetian 8) Breakfast, lunch and dinner are included, and the food was of good quality and there was plenty. It was a bit disappointing that the menu repeated ever several days, but thats a minor complaint.
There was an exam on Friday at the end of the course which determined whether or not you could concatenate "CHFI" onto the end of your name. It was a Prometric exam and followed their format pretty closely. There were 50 questions and a 70% score determined pass or fail. Some of the questions were easy and some were difficult. It being a Prometric test, some of the answers seemed to balance on whether you could interpret their particular semantics. Those questions really seem to require a healthy dose of "common sense" to answer as much as technical knowledge. Pretty typical Prometrics.
All things considered, I would highly recommend this course to anyone interested in a beginning to moderate level education in this field. You will get both beginning and moderate forensic training as well as hardcore computer science, practical marketing and business information, humor worthy of a spot on the Tonight Show and a severe need to relax for a couple days afterward to rest your exhausted brain.
The mafia bar was cool too D
I've been doing forensics for a little while now, so I just went and took the test. Passed to! However, I did notice something interesting. If you were to go to the CCE site and take their practice test for the CCE, the questions from the practice test were exact word for word on the CHFI. So it may seem like since the CCE questions have been around for awhile, that quite possible EC-Council has copied those questions. I can't confirm that, but I do know they were word for word!
It could be that the tests both originated from Prometric. Besides, how many ways can you word, "How many bytes is a sector?" Of course some questions will be exactly the same… roll
Edited to add
I just took the 25 question sample CCE test and while some of the questions dealt with the same topics as the CHFI test, they were by no means word for word.
Try it for yourself here
http//
Once again, excellent course, tons of great material and outstanding instruction. (And no, I am not affiliated with InfoSec in any way D )
I've been doing forensics for a little while now, so I just went and took the test. Passed to! However, I did notice something interesting. If you were to go to the CCE site and take their practice test for the CCE, the questions from the practice test were exact word for word on the CHFI. So it may seem like since the CCE questions have been around for awhile, that quite possible EC-Council has copied those questions. I can't confirm that, but I do know they were word for word!
Now that I review this post, I have a few questions….
Where did you take this test? Who was the offical testing authority? If you passed, then you no doubt have your CHFI. Please inform us of your certificate number when it arrives. I'm VERY curious to see if your number is near my number since we both took the test around the same time.
Its very odd that your first and ONLY post would be to challenge the CHFI certification. You do realize that you are dealing with a former LEO investigator, a 20 year systems analyst and posts like yours raise WAY more flags than they resolve? Do you think you are dealing with 20 year old newbs? Anemic attack + Total lack of response or evidence on your part equals bulllchit. I am calling your hand. For no other reason than I enjoy a challenge. D I suspect you've met your match.
My plans are to achieve my CCE next, so this is not a challenge of that cert, just your BS post. roll
I am in Colorado right now, with my company (A1 Network Associates) based out of Montana.
There are three ways to take the CHFI and CEH tests.
1.) Pearson Vue
2.) Prometric
3.) ATC - Prometric prime (web version)
ECSA/CEP/Security5 and other tests can only be taken at an ATC
My company is an Authorized Training Partner / Testing Center. I will look into the CCE practice test and see what the similarities are. I have heard something similar from a couple of our students in the past. I didn't think much of it at the time, but will I'm very interested in finding out now.
Personally, I like the test and the coverage and think the CEH should be attached with the CHFI. This is why I've worked with EC-Council so much and look forward to a long partnership with them.
I took the test CCE Sample Online Examination and did not see any similarity in the questions. With this said, I can neither confirm or deny what was said about the word for word matches since I do not have access to the entire test question databases.
I took the test CCE Sample Online Examination and did not see any similarity in the questions. With this said, I can neither confirm or deny what was said about the word for word matches since I do not have access to the entire test question databases.
I wonder if "krazeeguy" has access to the entire test question database so that he can really compare the two. I doubt it.
Do you have this information, KraZeeGuy?
I just so love a really good win. Can you spell S-P-A-N-K-E-D ? D
lol dawg. . .
I also enjoyed the class. Nathan was also our instructor. I scored a 90% on the test. I wish ProMetric would tell us which questions we missed.