EC-Council Certified Incident Handler (ECIH)
The EC-Council Certified Incident Handler (ECIH) v3 is a specialist certification that trains professionals to effectively handle and respond to security incidents in enterprise environments. ECIH covers the complete incident response lifecycle — from preparation and detection through containment, eradication, and recovery — and aligns with industry frameworks including NIST, SANS, and ISO. It is the go-to credential for professionals responsible for coordinating and executing incident response activities.
What is the EC-Council Certified Incident Handler (ECIH)?
The EC-Council Certified Incident Handler (ECIH) v3 is a specialist certification that trains professionals to effectively handle and respond to security incidents in enterprise environments. ECIH covers the complete incident response lifecycle — from preparation and detection through containment, eradication, and recovery — and aligns with industry frameworks including NIST, SANS, and ISO. It is the go-to credential for professionals responsible for coordinating and executing incident response activities.
Who Should Take This Course?
- Incident Response Team members and coordinators
- SOC Analysts responsible for incident escalation and response
- Network Administrators handling security breaches
- IT Security Officers and Risk Management professionals
- Digital Forensics Investigators supporting IR efforts
- Security Consultants advising on incident response planning
- Anyone building or improving an organisational IR capability
What You Will Learn in the ECIH Course
A comprehensive curriculum covering all exam objectives with hands-on labs and real-world practice.
Incident Response Fundamentals
Understand the principles, frameworks, and processes of incident response.
- Incident response lifecycle: NIST, SANS, and ISO frameworks
- Building and managing a Computer Security Incident Response Team (CSIRT)
- Incident classification and severity assessment
- Legal and regulatory considerations in incident response
Incident Triage and Initial Response
Rapidly assess and triage security incidents to prioritise response.
- First responder procedures for containment
- Evidence preservation and chain of custody
- Initial triage: determining scope and impact
- Escalation procedures and stakeholder communication
Handling Specific Incident Types
Respond to the most common and damaging cyber incident categories.
- Malware incidents: ransomware, Trojans, and worms
- Phishing and social engineering incident handling
- Insider threat detection and response
- DDoS attack response and mitigation strategies
Network and Cloud Incident Response
Respond to network-based attacks and cloud environment breaches.
- Network intrusion detection and traffic forensics
- Web application attack response (OWASP incidents)
- Cloud incident response on AWS, Azure, and GCP
- Email and communication system compromise response
Containment, Eradication, and Recovery
Execute containment strategies and restore operations securely.
- System isolation, quarantine, and containment strategies
- Malware removal and system reimaging procedures
- Business continuity and disaster recovery coordination
- Post-incident system hardening and security improvements
Post-Incident Analysis and Reporting
Learn lessons from incidents and produce professional reports.
- Post-incident review and lessons-learned process
- Root cause analysis methodologies
- Incident report writing for technical and executive audiences
- Evidence documentation and regulatory breach notification
Course Prerequisites
Pre-requisites training is free when you purchase the course from ProSupport
- Basic understanding of networking and common protocols (TCP/IP, HTTP, DNS)
- Familiarity with Windows and Linux operating systems
- Fundamental knowledge of cybersecurity threats and attack techniques
- Understanding of firewalls, IDS/IPS, and SIEM concepts
- No prior incident response experience required
Exam Information
Everything you need to know about the ECIH certification exam.
| Exam Component | Details |
|---|---|
Exam Name | EC-Council Certified Incident Handler v3 |
Exam Code | 212-89 |
Exam Type | Multiple Choice |
Total Questions | 100 |
Passing Score | 70% |
Exam Duration | 180 minutes |
Language | English |
Exam Provider | EC-Council / Pearson VUE |
Exam Focus | Incident response lifecycle, handling malware/phishing/DDoS/APT incidents, forensic evidence, recovery, and reporting |
Exam Registration | EC-Council Exam Center (eccouncil.org/programs/ec-council-certified-incident-handler-ecih/) |
Retake Policy | EC-Council retake policies apply; additional exam fee required |
Certification Validity | 3 years (120 ECE credits for renewal) |
Exam Topics
Training Plans
Select the plan that matches your career goals
Basic
Certification Program
- Certification syllabus training
- Private instructor-led live classes
- Hands-on labs
- Practice exams
- Certification exam guidance
Pro
Certification + Projects
- Everything in Basic
- Real-world industry projects
- Case studies
- GitHub portfolio project
- Assignment reviews
- Capstone mini project
Premium
Career Acceleration
- Everything in Pro
- Resume building
- LinkedIn profile optimization
- Interview preparation
- Mock interviews
- Career mentoring sessions
- Capstone project
- Certification exam strategy
- Industry use-case training
Need custom enterprise pricing? info@prosupportconsulting.in
Learning Path
Your certification journey — from prerequisites to advanced roles.
ECIH — EC-Council Certified Incident Handler
Related Certifications
Ready to Get Certified?
Start your EC-Council Certified Incident Handler (ECIH) journey with private 1-to-1 training from certified industry developers.