Cybercrime is the fastest-growing type of crime in the U.S. That means the days of detectives in deerstalker caps are gone, and in their place are tech-savvy cybercrime experts.
Cybercrime investigation is a fascinating field because it straddles the line between cybersecurity and law enforcement. Succeeding in this unique field means having a versatile set of skills including cybercrime investigation, digital forensics and evidence recovery.
In this article, we’ll take a look at certifications for cybercrime roles. Spoiler alert: there are a lot of them! For the sake of time, we’ve narrowed the list down to five of the most popular. These are the certs that are the most in-demand among employers, and therefore have the best odds of netting you that new gig as a cybercrime investigator you’ve had your eye on.
What is cybercrime investigation?
Before we jump into the certifications, let’s take a look at what cybercrime investigators do. For the most part, they assist law enforcement agencies, businesses and attorneys with criminal investigations and court proceedings related to computer crimes. These crimes can include identity theft, intellectual property theft, fraud and harassment to name a few.
The cybercrime investigator’s job is to recover data, analyze it and present it for use as evidence in investigations. This can be tricky, as evidence is often hidden, encrypted, deleted or destroyed.
Here’s a deeper dive into what cybercrime investigators handle:
- Analyzing computer-related crimes
- Recovering destroyed or damaged data
- Collecting digital evidence
- Recovering encrypted files and password-protected information
- Testifying in court
- Recommending methods for preserving and presenting computer evidence
- Drafting reports, affidavits and testimonies
As you can see, cybercrime investigators play a crucial role in investigating and prosecuting computer-related crimes.
Top cybercrime certifications
One silver lining of living in a world rife with cybercrime is that there are many cybercrime-related educational opportunities to choose from. The options range from foundational credentials for newcomers to advanced credentials for seasoned cybercrime veterans. That means professionals of all career stages will find something that suits their professional needs.
Keep in mind that some certs are geared towards law enforcement officers while others are better suited for professionals on the cybersecurity/information technology side of things.
Here are a few of the most common cybercrime certifications, according to CyberSeek:
- Certified Ethical Hacker (CEH)
- Certified Penetration Tester (CPT)
- Certified Computer Forensics Examiner (CCFE)
- Certified Reverse Engineering Analyst (CREA)
While these certs will give you a solid foundation in cyber investigation, they are by no means the only ones you can choose from. Which certification is the best for you? That comes down to which ones best fit your learning goals and career objectives.
The lineup: Cybercrime certification programs
Certified Ethical Hacker (CEH)
To beat cybercriminals at their own game, you need to be able to think like one. Cybercrime professionals put their ethical hacking skills to work on a daily basis, whether they’re recovering evidence from a hard drive or reverse-engineering a malware attack. The Certified Ethical Hacker (CEH) credential is immensely popular among cybersecurity experts and sets the bar for ethical hackers across the globe. It demonstrates that you have the skills and abilities to understand what a hacker is doing when they intrude into a system or network.
The CEH is a popular option for newcomers to cybersecurity because it teaches you the foundational skills to succeed in a number of entry-level roles.
The CEH validates that you have knowledge of the following:
- Background in technologies and malware
- Analysis and assessment
- Footprinting and reconnaissance
- System hacking
- Regulation and policy
- Evading IDS, firewalls and honeypots
- Buffer overflow
Certified Ethical Hackers are well-acquainted with how cybercriminals go about hacking wireless networks, mobile platforms, web applications and web servers. You’ll also learn how hackers go about executing their attacks, like social engineering, SQL injection and denial of service. But instead of using this high-level knowledge for malicious purposes, you’ll use it to investigate cybercrimes and take down the people who perpetrated them.
Certified Penetration Tester (CPT)
Penetration testers are ethical hackers who use a hacker’s toolkit to find exploits in security systems. Unlike hackers, penetration testers aren’t actually looking to steal anything or cause any damage; instead, they share their findings with IT staff to make the system stronger than ever.
A solid understanding of pentesting is a huge benefit to cybercrime investigators. It demonstrates that you understand the many techniques hackers use to break into systems. As a cybercrime investigator, you won’t be running simulated attacks like a pentester, but understanding how hackers search for exploits and vulnerabilities is still very helpful.
A Certified Penetration Tester is an expert at the following:
- Penetration testing methodologies
- Vulnerability identification
- Network reconnaissance
- Network protocol attacks
- Operating system exploits
- Wireless security flaws
- Web application vulnerabilities
- Covert channels and rootkits
Certified Computer Forensics Examiner (CCFE)
This certification demonstrates that you’ve mastered the nuts and bolts of the computer forensics evidence recovery and analysis process. The exam covers a wide range of proficiencies; hard skills like evidence recovery and analysis are a must, but the basic knowledge of legal issues related to the computer forensics field is equally important.
Here are a few of the core areas covered by the CCFE:
- Law, ethics and legal issues
- The investigation process
- Computer forensic tools
- Hard disk evidence recovery and integrity
- Digital device recovery and integrity
- File system forensics
- Evidence analysis and correlation
- Network forensics
Earning the CCFE certification opens up doors to technical positions in a variety of niches, including law enforcement, government and private firms.
Certified Reverse Engineering Analyst (CREA)
Once a cyberattack or crime has been detected, investigators put together a detailed play-by-play of exactly what happened and what sort of malicious programming was involved. Reverse engineering the attack is a critical part of the investigation. That’s where the Certified Reverse Engineering Analyst (CREA) comes in.
This credential teaches you the skills you need to reverse-engineer and analyze malware. Upon completion, you’ll know the different tools and techniques for reversing malware as well as how to reverse different types of malware.
The CREA covers these areas and more:
- Unpacking malware
- Creating a sandbox to isolate malware
- Working with encrypted binaries
- Understanding hashing functions
- Identifying malware communication channels
- Reversing UPX and other compression types
The CREA is a valuable credential for cybersecurity professionals who deal heavily with malware analysis and security research.
GIAC®️ Certified Forensics Analyst
The GCFA certifies that you have the skills to conduct formal incident investigations. The exam covers topics like digital forensics, anti-forensics techniques used by hackers and data breach intrusions. For the most part, you’ll be tested on how to collect and examine data from Windows and Linux computer systems.
The GCFA is useful for both law enforcement and corporate incident response teams. Digital forensics analysts, SOC analysts and federal agents will find the GCFA particularly beneficial.
Bonus certification for law enforcement
FBI Cyber Investigator Certification
This one is specifically for law enforcement first responders. Traditional training teaches officers to be experts at investigating physical crime scenes, but the rise in digital crime requires a whole different skill set.
The FBI CICP certification teaches first responders key technical skills to strengthen their ability to investigate cybercrimes. This six-hour course is available online to federal, state and local law enforcement officers.
And there you have it: the top five cybercrime certifications. Keep in mind that this is just the tip of the iceberg — there are tons of certifications out there that will teach you the skills you need to succeed in the cybercrime investigation field.
With a few certifications under your belt, you’ll be ready to start investigating cybercrime and taking down criminals. The game’s afoot!
- Protect against the fastest-growing crime: cyber attacks, CNBC
- What does a computer crime investigator do?, CareerExplorer
- How to Become a Cyber-Investigator, ThoughtCo.
- Certified Computer Forensics Examiner (CCFE), Infosec Institute