Skip to main content

EC Council Computer Hacking Forensic Investigator Certification FSCT 0213

Forensic Investigation Part-time Studies Course

Course details

​Upon registration in FSCT 0213, students will receive an access code to enrol in EC-Council's online, self-paced Computer Hacking Forensic Investigator certification course. Students will have online access to EC Council materials including an e-book, labs, lecture videos, and the certification exam. Upon successful completion of the certification exam, students will achieve CHFI certification through EC Council. Students will not receive a grade from BCIT for this course. This class will provide the participants with the necessary skills to perform an effective digital forensics investigation. The course presents a methodological approach to computer forensics, including searching and seizing, chain-of-custody, acquisition, preservation, analysis, and reporting of digital evidence. It is a comprehensive course, covering major forensic investigation scenarios that enables students to acquire necessary hands-on experience on various forensic investigation techniques and standard forensic tools necessary to successfully carry out a computer forensic investigation leading to the prosecution of perpetrators. Course Length: 45 Instructional hours (plus practice/study).​


  • No prerequisites are required for this course.





Course offerings

Fall 2022

Below is one offering of FSCT 0213 for the Fall 2022 term.

CRN 49638


Start any time

  • 2 weeks
  • CRN 49638
  • $1809.30
Continuous Entry, Distance or Online

This is an online learning course. Start any time. You have 2 weeks from the date you register to complete this course.



Course outline

Course outline TBD — see Learning Outcomes in the interim.



Important information
  1. Internet delivery format.
  2. Departmental approval needed
  3. Upon registration, students receive a code for 12 months of access to the EC-Council materials and certification exam. You will need to complete the course within 12 months. Please contact with your name, BCIT student ID number (A0#). If you do not have a A0#, you can create one here: Please be aware there are NO REFUNDS for this course.

Learning Outcomes

Upon successful completion of this course, the student will be able to:

  • Understand fundamental concepts of incident response and forensic, perform electronic evidence collection, and digital forensic acquisition.
  • Understand the strict data and evidence handling procedures, maintain an audit trail (i.e., chain of custody) and/or evidence of integrity, work on technical examination, analysis, and reporting of computer-based evidence, preparing and maintaining case files.
  • Utilize forensic tools and investigative methods to find electronic data, including Internet use history, word processing documents, images, and other files, gather volatile and non-volatile information from Windows, MAC, and Linux, and recover deleted files and partitions in Windows, Mac OS X, and Linux.
  • Understand different types of disk drives and their characteristics, examine file systems using autopsy and the sleuth kit tools, and understand data acquisition fundamentals and methodology.
  • Illustrate file carving techniques and ways to recover evidence from deleted partitions and understand anti-forensic techniques that exploit CFT bugs and CFT activities, and interpret their countermeasures.
  • Search file slack space where PC type technologies are employed, file MAC times (Modified, Accessed, and Create dates and times) as evidence of access and event sequences, examine file type and file header information, review e-mail communications; including webmail and Internet Instant Messaging programs, and examine the internet browsing history.
  • Understand network forensics and its steps involved, examine the network traffic and explain how to perform incident detection and examination using SIEM tools.
  • Understand web application forensics and its architecture, interpret the steps for web attacks, Apache web server architecture, and its logs investigation. Explain how to perform and identify the traces of the Tor browser during the investigation.
  • Understand database forensics, determine the database repositories, understand the cloud concepts and attacks on the cloud. The significance of cloud forensics and distinguish their types.
  • Understand email basics, review the steps for investigating the email crimes and explain malware forensics fundamentals and identify the techniques used to spread malware.
  • Perform the mobile forensics and illustrate its architecture, determine the mobile storage and its evidence.
  • Perform the IoT forensics, examine different types of IoT threats and explain how to perform forensics on IoT devices.

Effective as of Winter 2022


Interested in being notified about future offerings of EC Council Computer Hacking Forensic Investigator Certification (FSCT 0213)? If so, fill out the information below and we'll notify you by email when courses for each new term are displayed here.

  • Privacy Notice: The information you provide will be used to respond your request for BCIT course information and is collected under Section 26(c) of the Freedom of Information and Protection of Privacy Act (FIPPA). For more information about BCIT’s privacy practices contact: Associate Director, Privacy, Information Access & Policy Management, British Columbia Institute of Technology, 3700 Willingdon Ave. Burnaby, BC V5A 3H2, email: