Course Description


EC-Council’s Certified Incident Handler v2 (E|CIH) certification and training imparts and validates extensive skills to address post-security breach consequences in the organization by condensing the financial and reputational impact of the incident. This E|CIH program has been devised by globally recognized cybersecurity and incident handling & response practitioners. The certification is highly ranked and helps enhances the employability of cybersecurity professionals worldwide.

Why Certified Incident Handler v2?

This Incident Handler certification training course instills comprehensive understanding to:

  • Understand basics of incident handling and response
  • Understand the process of incident handling and response
  • Get forensic ready and understand first response procedures
  • Handle and respond to various malware incidents
  • Respond to various email security incidents
  • Handle and respond to diverse network security incidents
  • Handle and respond to the incidents related to web application security
  • Deal with various incidents related to the cloud security
  • Detecting and responding to the inside threats

Course Objectives

The CIH V2 certification and training targets to explain:

  • Primary issues that plague information security domain
  • Combating various kinds of cybersecurity threats, vectors of attack, threat actors and their objectives
  • Core incident management fundamentals that include incident signs and costs
  • Basics of vulnerability management, risk management, threat assessment, and automation and orchestration of the incident response
  • Best practices of incident handling and response, cybersecurity frameworks, standards, acts, laws, and compliance
  • The process to devise incident handling and response program
  • Core essentials of computer forensics and readiness to forensics
  • Anticipate the importance of procedure of the first response along with collecting evidence, packaging, storing, transportation, data acquisition, collection of the volatile and static evidence, and analyzing evidence
  • Anti-forensics techniques adopted by attackers to discover cover-ups for cybersecurity incident
  • Implement the appropriate techniques to different types of cybersecurity incidents systematically such as malware, network security, email security, web application security, cloud security, and insider threat-related incidents

Target Audience

  • Penetration Testers
  • Application Security Engineers
  • Vulnerability Assessment Auditors
  • Cyber Forensic Investigators/ Analyst and SOC Analyst
  • Risk Assessment Administrators
  • System Administrators/ Engineers
  • Network Administrators
  • Firewall Administrators
  • Network Managers/ IT Managers


  • At least one year of experience to manage Windows/ Unix/ Linux systems or equivalent
  • In-depth understanding of general network and security services

Exam Information

To get E|CIH certified, the candidates need to appear and pass in the following exam:

Certification Name EC-Council Certified Incident Handler Exam Code 212-89
Test Format Multiple choice questions
Number of Questions 100
Test Duration 3 hours
Passing Score 70%