Certified Incident Handler (ECIH)

Disclaimer: Tech-Act is an independent training services provider. Any use of third party trademarks, brand names, products and services is only referential.Tech-Act disclaims any sponsorship, affiliation or endorsement of or by any third parties. Tech-Act is an authorized training partner only where explicitly stated and as listed here.


IT Certification Training Courses
mta certification
microsoft technology associate certification
mcsa certification

Certified Incident Handler – ECIH

About This Course

EC-Council (International Council of E-commerce Consultants) is a leading cybersecurity technical certification authority across the globe. Known all over for its professional certifications in IT and cybersecurity including programming, disaster recovery, e-Business and others, certifications from EC-Council enjoy global acceptance and recognition.

EC-Council Certified Incident Handler (ECIH) certification provides candidates with industry relevant recognition as risk administrator, incident handler, forensic investigator, penetration tester, etc. The course is designed to offer necessary skills to respond and handle to cybersecurity incidents.

The certification covers a range of critical concepts and principles to help detect and respond to emerging as well as current cybersecurity or computer security threats/vulnerabilities. Professionals will be trained to handle several types of cyber incidents, policies and laws pertaining to incident handling and risk assessment.

Who Should Attend This Course

ECIH certification is perfect for:

  • Incident handlers
  • Risk assessment admins
  • Penetration testers
  • Cyber forensic experts
  • System admins
  • Firewall admins
  • IT and network managers

And anyone, who has a penchant for incident response and handling.

Why This Course

The ECIH certification will prepare candidates to be skilled to handle and respond to several cyber security incidents such as insider threats, malicious code threats and network security vulnerabilities. Moreover, professionals will learn cyber forensics as well as its role to handle and respond to cyber incidents. The certification also includes training on training methods and techniques for incident response and handling. Most importantly, the ECIH course bestows the candidates with greater industry recognition as an expert incident handler.

Also, the course opens up the doors for a range of advanced cybersecurity professions such as:

  • Firewall admin
  • Cyber forensic investigator
  • Penetration tester
  • Incident responder and handler

Course Objectives

The coursework will help you:

  • Prep up for ECIH exam
  • Handle and manage different types of computer security incidents
  • Perform risk assessment principles

Understand the various policies and laws pertaining to incident handling and response.

Course Prerequisites

EC-Council suggests the candidates enrolling for the ECIH course to have at least one year of prior experience in managing Linux/Unix/Windows operating systems or equivalent skills. In addition, basic understanding of security and networking is like cherry on cake.

Course Benefits

The course entitles you to the following benefits:

  • Learn skills for becoming incident security expert
  • Understanding of incident handling and response
  • Learn to analyze risks and perform risk assessment methodologies
  • Learn about various security protocols and policies.


Introduction to Incident Response and Handling


This section covers the objectives of EC-Council’s Certified Incident Handler (ECIH) program. It discusses the basic skills to handle and respond to security events and addresses various underlying principles and techniques for detecting and responding to current and emerging computer security threats.

Intro to Incident Response

This section covers the foundational knowledge for Certified Incident Handler(E|CIH). It explains defining a security incident, classifying assets and data, and explaining some of the not-so-glamorous aspects of the job.It also covers terms like Attack, Risk, Threat, Threat Source, and Vulnerability as well as Types of Incidents.

Risk Assessment


This section discusses about Risk and Risk Management with regards to Incident Response/Handling. It covers types of Risk Matrixes and Methodologies for performing Risk Assessments and explains the 5 steps involved in the risk assessment.

Incident Response and Handling Steps

Incident Response Steps

This section explains how to identify an incident and the three functions of Incident Handling. It explores the goals of the Incident Response Team or Handlers.



This section explores the purpose, goals, and strategies of the Computer Security Incident Response Team(CSIRT) as well as their constituency and best practice steps for CSIRT creation. It covers CSIRT Roles, Services, Policies Procedures, and Case Management.

Handling Network Security Incidents

Network Security Incidents

This section explores common threats that an Incident Handler might encounter such as Denial of Service (DoS) and Distributed Denial of Service(DDoS). It also discusses how to handle unauthorized access as an incident, what unauthorized access is and how to prepare for those types of attacks.

Handling Malicious Code Incidents

Malicious Code Incidents

This section explains the common types of malware that a CIH will have to deal with during any given incident such as Viruses, Worms, Spyware, and Trojans. It also discusses how to identify whether a client is infected and the steps to be taken to handle these incidents.

Handling Insider Threats

Insider Threats

This section dives into handling insider threat incidents. It demonstrates the tools and/or techniques to be used such as key logger that an insider may employ to attack an environment.

Forensic Analysis and Incident Response

Forensic Analysis and Incident Response

This section explores forensic analysis from the perspective of a CIH. It explains what computer forensics is and present methodology for implementation. It covers the types of computer forensics, the computer forensics process, and even looks at forensics tools like Helix for performing an investigation.

Incident Reporting

Incident Reporting

This section clarifies important details to include within the incident report. It also references US-CERT event categories to help create standardization. It discusses incident recovery steps such as restoration, system validation, system operations, and system monitoring.

Security Policies and Laws

Security Policy and Law

This section discusses how polices and law impact an organization’s infrastructure. It explains characteristics of a good security policy in addition to where to find good templates. It also covers issues to consider when involving external entities.

Schedule & Fees

Online Instructor Led Certified Incident Handler (ECIH) Certification Training

Please contact us for more information on course fees and upcoming batch schedule.

Course FAQ

Why Tech-Act for ECIH certification?

Tech-Act takes great pride in serving the IT industry since a few decades and is quite aware of the cybersecurity threats that the industry poses. We ensure that all our students get trained by expert and certified crew of trainers for all our certification programs. In addition, Tech-Act is authorized training partner for EC Council, Red Hat, Project Management Institute, CompTIA and many others. It is also a Person Vue Authorized Test Center offering both classroom and online training.

Do you have certified trainers onboard?

Yes! All our expert trainers are industry experienced and certified to offer you with the best learning quality.

What are the primary benefits of ECIH certification?

The ECIH course helps you attain the following benefits:
•Skills for incident security investigations
•Incident handling and response
•Risk assessment
•Security laws and protocols

What’s the eligibility criteria?

EC-Council recommends having one-year prior experience in handling Unix/Linux/Windows operating systems or skills equivalent. In addition, basic knowledge of security and networking makes you good to go for this course.



Your Cart