How I achieved the CHFI

Juan Fernando Arteaga
4 min readMar 14, 2023

First of all, let’s answer the question: why did I choose this certification over the bunch of certifications in the digital forensics field? When I was looking for a course about digital forensics, at that time I had few choices, because I only knew about EC-COUNCIL, GIAC, and SANS, and for my budget, I could only afford the course that EC-COUNCIL offered. The Computer Hacking Forensic Investigator, known as CHFI. If you take a look at the content, it covers the main fields if you are interested in digital forensics, and at first sight, the content looked good. Just to remember, at that moment, my background in this area was a little limited. So, for that reason, I decided to pay for this course.

A few days later, I discovered a new website that was quite good and had a roadmap. I don’t know if they have every certification, but they do have the main ones, and they are structured by different fields, such as Red Team, Blue Team, Network Security, Auditing, Governance, Risk, and more. Here is the link, take a look (

Now you know why I choose this course lets review it.

what about the count

When you pay for the course, they send you a code to access the virtual material. To be honest, I was hoping for snapshots of the VMs that we were going to use, but there was only one digital book and a link with all the tools that we will be using throughout the course, including evidence, malware, RAM captures, and more. At the beginning, it looked pretty good. I took a quick look at the book, and it was very big — more than 3,000 pages — but it was divided into two sections: the theoretical section and the lab section. That was all the content that EC-COUNCIL provided us after paying $1400.

When the course began, I realized that we did not have enough time to take a look at all the content and complete all the labs suggested for the course. The instructor told us that the course was designed to review the theory and complete 3 to 5 labs, depending on the time we had to cover all the theorical content. Since the course was 44 hours long, I could only do 5 labs, and personally, I only completed another 4, including the RAM analysis and labs in the malware section.

But if you think 44 hours is the time you need only to see the theoretical part of the course because it is very long. I guess this course could be studied on your own, but what I found more interesting about the course (excluding the book and material — as I mentioned earlier, my knowledge was quite limited) was the experience and real-life cases that the instructor shared with us. The instructor discussed how they handled certain types of cases, the tools they use every day, and certain tricks to gain experience in this field. I won’t lie; digital forensics can be one of the most challenging jobs to get because employers always look for individuals with a lot of experience and a good understanding of different hacking techniques. Unfortunately, this was a virtual course so I could connect with other professionals.

Finally, when the course ended, I started studying all the material again. I didn’t read the entire book, but focused on the slides. When I encountered topics that were unclear, I read the pages that explained them in detail. The hardest parts for me were the first and second ones chapters that explained the US laws and forensic frameworks, that everyone should remember because there were few questions about them on the test. Another study technique I used was making flashcards for all the important concepts, which took me a lot of time as I had to write every concept down on paper, but it was helpful. To practice for the test, I used questions that were available for free on different websites such as quizzes and other random pages. It took me 2 months to complete the course and take the test. To conclude, I think this certification is for someone who is looking to learn about digital forensics, but whose knowledge is quite limited because it’s not the hardest certification, and the material is quite approachable. All the topics and concepts are well-explained. I’m still believe that the course is overpriced, but I’m happy with the knowledge I gained. Now, I’m focusing deeply on malware, and soon I hope to start posting about it.

In a scale from 0 to 10, I give this certification a 7 just because one should focus on reading the objectives proposed by EC-COUNCIL and the target audience of professionals.

#CHFI #DFIR #Cybersecurity #Eccouncil



Juan Fernando Arteaga

cybersecurity enthusiastic, with different likes such as fields infrastructure, malware analysis and cyber threat intelligence