Become a Certified Ethical Hacker (C|EH)

Please enable JavaScript in your browser to complete this form.

Introduction of E|CIH

EC-Council’s Certified Incident Handler program equips students with the knowledge, skills, and abilities to effectively prepare for, deal with, and eradicate threats and threat actors in an incident.

This program provides the entire process of Incident Handling and Response and hands-on labs that teach the tactical procedures and techniques required to effectively Plan, Record, Triage, Notify and Contain. Students will learn the handling of various types of incidents, risk assessment methodologies, as well as laws and policies related to incident handling. After attending the course, students will be able to create IH&R policies and deal with different types of security incidents such as malware, email security, network security, web application security, cloud security, and insider threat-related incidents.

The E|CIH (EC-Council Certified Incident Handler) also covers post incident activities such as Containment, Eradication, Evidence Gathering and Forensic Analysis, leading to prosecution or countermeasures to ensure the incident is not repeated.


The E|CIH is a method-driven course that provides a holistic approach covering vast concepts related to organizational IH&R, from preparing/planning the incident handling response process to recovering organizational assets from the impact of security incidents. These concepts are essential for handling and responding to security incidents to protect organizations from future threats or attacks.


The E|CIH program addresses all stages involved in the IH&R process, and this attention toward a realistic and futuristic approach makes E|CIH one of the most comprehensive IH&R-related certifications in the market today.

E|CIH FAQs

The answer is undoubtedly yes. EC-Council’s E|CIH course is a lab-intensive specialist-level program that offers candidates a well-rounded but tactical approach to planning for, dealing with, and eradicating threats in a cyber incident. Candidates get exposed to over 95 labs and 800 tools to develop practical skills in effectively planning, recording, triaging, notifying and containing cyber attack incidents.

To become an EC-Council Certified Incident Handler, one must complete the 3-hour E|CIH exam by pursuing the E|CIH program training via any of the program delivery modes available (in-person, self-study, or live online).
The E|CIH program enables interested candidates to avail themselves of various delivery modes while undertaking the E|CIH training. Should you want to get started, you can either take the training via EC-Council’s Accredited Training Centers (ATCs) or enroll in the live online training (iWeek) or join the self-study program (iLearn).

Candidates can become E|CIH experts by completing the E|CIH certification exam and earning the E|CIH credential. Once certified, candidates can prove their competence in all 9 incident handling and response stages, from planning to evidence gathering and forensic analysis.

After becoming E|CIH-certified, you can become eligible for roles of not just an incident handler or an incident responder but a variety of other cybersecurity jobs such as cyber forensic investigators, CSIRT analysts, digital forensic analysts, SOC analysts, and more.

No, the E|CIH course is designed to cater to mid-level to senior-level cyber security professionals. Candidates with a minimum of 3 years of experience in the cyber security domain can apply for this program. Individuals who have experience in information security and who want to expand their knowledge and skills in incident handling and response are also eligible.

An E|CIH candidate is responsible for handling post-breach consequences. They apply various incident handling and response standards and best practices to reduce the financial and reputational damage organizations endure after a cyber attack incident.

EC-Council’s E|CIH training has been developed in collaboration with incident handling and response practitioners around the world. It is a highly sought-after program, owing to its comprehensive curriculum that incorporates concepts and hands-on learning in tackling real-world incidents. The E|CIH course is globally recognized and is trusted by employers in evaluating the skills and knowledge of potential hires.

The E|CIH is highly demanded by professionals who deal with cyber security incidents regularly. The program was created after a rigorous job task analysis (JTA) of various incident handling and response roles. Therefore, cyber security professionals worldwide pursue the E|CIH course to acquire market-relevant skills and boost their employability.

EC-Council Certified Incident Handler (E|CIH) is one of the best incident handling programs that equips candidates with the knowledge and skills organizations require to handle post-data breach consequences. This program offers a structured approach and trains students in the 9 incident handling and response stages, including post-incident activities (containment, eradication, evidence gathering, forensic analysis, etc.).

Since the E|CIH is an advanced/specialization course, cyber security professionals pursuing the E|CIH course can take an executive learning path and aim to transition into a C-suite career by training with the EC-Council’s Certified Chief Information Security Officer (C|CISO) certification. E||CIH candidates can also pursue EC-Council’s Computer Hacking Forensic Investigator (C|HFI) program to become a digital forensics and incident response (DFIR) specialist. Alternatively, they can become blue team specialists by pursuing the Certified Network Defender (C|ND) and the Certified SOC Analyst (C|SA).

With cyber attacks growing in intensity and frequency, the need for incident handling is becoming increasingly critical. Incident handling is an essential part of a cybersecurity strategy, which helps in effectively responding to cyber attack incidents to reduce financial and reputational damage and restore business operations by improving recovery time.

The best way to learn incident handling and response is by enrolling in EC-Council’s E|CIH program, which offers comprehensive, method-driven instruction in organizational incident handling and response. By pursuing this course, candidates acquire skills to successfully prepare, plan, and recover organizational assets after a cyber attack incident.

Some of the main industries that require incident handlers include finance and banking, healthcare, government, retail and e-commerce, energy and utilities, technology, education, transportation and logistics, manufacturing, and media and entertainment.

An Exciting Career Awaits A E|CIH

Time of Completion

3 Hours, 100 Questions, Multiple Choice Questions

⁠Job Vacancies

25k+

⁠⁠Average Salary

35Lakhs+ in India

Making an informed decision is difficult, and that’s where EC-Council’s E|CIH brochure comes to your rescue. The EC-Council Certified Incident Handler v3 (E|CIH) credential is the most trusted cybersecurity and incident handling certification that employers worldwide value, and for good reasons.

The comprehensive curriculum has a method-driven program focusing on organizational incident handling and response. It covers everything from preparing and planning the incident handling response process to recovering organizational assets after a security incident.

When you successfully achieve the E|CIH certification, you will be equipped with the skills needed to effectively handle post-breach consequences by reducing the impact of the incident from both a financial and a reputational perspective.

This is only an overview of E|CIH and what you will learn.

For complete information, download the brochure now.