EC-Council Certified Incident Handler (ECIH)

Wissenhive’s ECIH Training course is professionally designed for equipping pupils with the fundamental skills in handling incidents of computer security and ideally responding to it. Once qualified in this course, you will become a skilled professional at dealing with several computer security incidents such as network incidents, inside attack threats, and malicious code incidents.

4.5 (574) 432 Learner

Course Features
  • Accredited Training Partner
  • Lifetime Training Access
  • Study Guides
  • Access to I labs
  • Exam Voucher Included
  • 24/7 Support


ECIH certification by Wissenhive focuses on imparting and validating extensive skills of pupils for addressing the post-security breach consequences in the firm by condensing the reputational and financial impact of the incident. This program has been devised by globally recognized cybersecurity incident handling & response practitioners, making it highly ranked and helping in enhancing the employability of cybersecurity experts worldwide.

What you will learn

  • Preparing for the ECIH Examination 
  • Handle numerous cyber security incidents types 
  • Utilizing effectively risk assessment methodologies
  • Navigate policies and laws related for incident handling


International industry expertise at your disposal as you deep-dive into the research topic and sector of your choice.

Course Content

Introduction to Incident Handling and Response (13 Lectures)

Information Security Concepts

Information Security Threats and Attack Vectors

Information Security Incident

Incident Management

Vulnerability Management

Threat Assessment

Risk Management

Incident Response Automation and Orchestration

Handling and Response Best Practices

Overview of Standards

Cybersecurity Frameworks

Laws in Incident Handling

Incident Handling and Legal Compliance

Incident Handling and Response Process (9 Lectures)

Preparation for Incident Handling and Response

Incident Recording and Assignment

Incident Triage



Evidence Gathering and Forensics Analysis



Post-Incident Activities

Forensic Readiness and First Response (12 Lectures)

Introduction to Computer Forensics

Forensic Readiness

First Response

Digital Evidence

Understanding the Principles of Digital Evidence Collection

Collecting the Evidence

Securing the Evidence

Data Acquisition

The Volatile Evidence Collection

The Static Evidence Collection

Evidence Analysis


Handling and Response to Malware Incidents (7 Lectures)

Malware Incident Response

Handling Malware Incidents

Detecting Malware Incidents

Containment of Malware Incidents

Eradication of Malware Incidents

Recovery after Malware Incidents

Guidelines for Preventing Malware Incidents

Handling and Responding to Email Security Incidents (5 Lectures)

Email Security Incidents

Preparation for Handling Email Security Incidents

Detection and Containment of Email Security Incidents

Eradication of Email Security Incidents

Recovery after Email Security Incidents

Handling and Responding to Network Security Incidents (7 Lectures)

Network Security Incidents

Preparation for Handling Network Security Incidents

Detection and Validation of Network Security Incidents

Handling Unauthorized Access Incidents

Handling Inappropriate Usage Incidents

Handling Denial-of-Service Incidents

Handling Wireless Network Security Incidents

Handling and Responding to Web Application Security Incidents (8 Lectures)

Overview of Web Application Incident Handling

Web Application Security Threats and Attacks

Preparation to Handle Web Application Security Incidents

Detecting and Analyzing Web Application Security Incidents

Containment of Web Application Security Incidents

Eradication of Web Application Security Incidents

Recovery from Web Application Security Incidents

Best Practices for Securing Web Applications

Handling and Responding to Cloud Security Incidents (9 Lectures)

Cloud Computing Concepts

Overview of Handling Cloud Security Incidents

Cloud Security Threats and Attacks

Preparation for Handling Cloud Security Incidents

Detecting and Analyzing Cloud Security Incidents

Containment of Cloud Security Incidents

Eradication of Cloud Security Incidents

Recovering from Cloud Security Incidents

Best Practices Against Cloud-based Incidents

Handling and Responding to Insider Threats (7 Lectures)

Introduction to Insider Threats

Handling Insider Threats

Analyzing Insider Threats

Containment of Insider Threats

Eradication of Insider Threats

Recovery after Insider Attacks

Best Practices Against Insider Threats

Course Details

  • Primary issues for plaguing information security domain
  • Combating different sets of cybersecurity threats, threat actors, vectors of attack, and their objectives
  • Management of core incident fundamentals, including incident costs and signs 
  • Basics of vulnerability management, threat assessment & automation, risk management, and orchestration of the incident response
  • Best practices of incident handling and response, cybersecurity standards, frameworks, compliance, acts, and laws 
  • The process to devise incident handling and response program.
  • Understanding of core essentials in computer forensics and readiness to forensics
  • Anticipating the procedure importance of the first response along with collecting packaging, evidence, storing, data acquisition, transportation, collection of the static and volatile evidence, and analyzing evidence
  • The advanced techniques of Anti-forensics adopted by attackers for discovering cover-ups for an incident of cybersecurity 
  • Implementation of the appropriate techniques to various types of cybersecurity incidents systematically, such as network security, malware, web application security, email security, cloud security, and insider threat-related incidents

Who should take this course?

The ECIH Professional Certification is ideal for IT professionals who are want to make a career as a professional in ECIH 

  • Risk assessment administrators
  • Cyber forensic investigators
  • Incident handlers
  • Penetration testers
  • System administrators and engineers
  • Venerability assessment auditors
  • Network managers
  • Firewall administrators
  • IT managers


There are prerequisites for the ECIH Professional, but Wissenhive recommends having at least 1 year of experience to manage Unix/ Windows/ Linux systems and In-depth understanding of general security and network services.

Enquire Now

Training Options


Exam & Certification

The E|CIH exam can be attempted after the completion of the official E|CIH course taught either by any ECCouncil Authorized Training Center (ATC) or by EC-Council directly. Candidates that successfully pass the exam will receive the E|CIH certificate and membership privileges. Members are required to adhere to the policies of EC-Council’s Continuing Education Policy.

Exam Title: EC-Council Certified Incident Handler

Exam Code: 212-89

Number of Questions: 100

Duration: 3 hours

Exam Availability: EC-Council Exam Portal

Test Format: Multiple Choice

Passing score: 70%

EC-Council Certified Incident Handler (ECIH)

Frequently Asked Questions

You must have at least One year of work experience in the domain to attempt ECIH certification. You have to provide a proof of the same along with the application.

ECIH Exam consists of 100 multiple choice questions to be answered in 3 hours. The cut-off passing score is 70%.

If a candidate does not clear the exam on the first attempt, you can appear for the 1st retake immediately without any waiting period. However, thereafter you have to wait for a period of 14 days between every next attempt. You cannot attempt an exam more than 5 times in a year.

When you clear the ECIH exam, you will receive a digital ECIH certificate within 7 working days. You are permitted to use the Certification name and logo. Your ECIH credential is valid for 3 years.

Upgrade Your Skills with Our Advanced Courses

Speak with

Our Advisor

Mail Us

Contact Us

Drop a query