Read what Nilson Sangy had to say on LinkedIn: https://www.linkedin.com/posts/nilsonsangy_chfi-ecih-activity-6607234773226184704-EyaZ/
ECIH It is a certification that has helped me a lot in incident response, and I recommend it to incident analysts, SOCs, CSIRTs and forensic analysts in addition to CHFI. The ECIH addresses the 9 phases of an incident response as well as highlighting incident handling involving malware, email, networking, web applications, cloud, insider threats, and a bit of risk management and compliance. Of course, such incidents are recurring today and being prepared for these situations is essential for business continuity and maintaining the good image of the organization. As for tools, the following are discussed: AlienVault OSSIM, Kiwi Syslog, Process Explorer, Regshot, Autoruns, Windows and Linux commands, FTK Imager, Autopsy, Acunetix, Pilar, ObserveIT and many others.