What is the GCFE?
The GIAC® Certified Forensic Examiner (GCFE) is a vendor-neutral certification created and administered by the Global Information Assurance Certification (GIAC).
Digital forensics analysis is of paramount importance in today’s computer-centric world. The GCFE provides a way for professionals to demonstrate that they have the necessary skills, knowledge and ability to conduct typical incident investigations, including e-discovery, forensics analysis and reporting, evidence acquisition, web browser forensics, and tracing application and user activities on Windows computer systems.
What is on the GCFE Certification Exam?
Obtaining a GCFE certification requires passing a proctored exam that consists of 115 questions. Candidates are given 3 hours to take the exam and will need to have a passing score of at least 71% to earn the certification.
GCFE exam sections include:
- Analysis and profiling of systems and devices
- Analysis of file and program activity
- Acquisition, preparation, and preservation of digital evidence
- Analysis of user communications
- Analysis of Windows system user artifacts
- Fundamental digital forensics
- Host and application event log analysis
- Microsoft browser forensics
- Third-party browser forensics and browser artifact analysis
- Windows registry artifact analysis
- Windows registry fundamentals
Who Should Earn the GCFE Certification?
The GCFE certification is for information technology, information security, law enforcement and legal professionals with a need to understand digital forensics analysis. Examples of these professionals include:
- Information security professionals that need to analyze employee computer misuse
- Attorneys tasked with analyzing forensic data
- Law enforcement professionals involved in cases centering on data stored on Windows computer systems.
The need to analyze computer forensic information is very much in demand today across a variety of industries.
What Experience is Needed to Earn the GCFE Certification?
There is no specific schooling or training necessary to gain GCFE certification. Working professionals may find that their existing experience and knowledge provides a solid foundation to begin training for passing the GCFE exam.
Those with limited computer skills may wish to first obtain an A+ certification or take a similar type of training course.
How Does the GCFE Compare to Other Forensics Certifications?
GCFE is like other digital forensics certifications in that it tests the candidate’s knowledge and training in a broad range of digital forensics concepts, methods, strategies and best practices. There are many digital forensics certifications being offered currently, and all will denote a level of proficiency with digital forensics that will set the certification holder apart from those who lack certification.
GCFE is described as being “the intermediate” of the digital forensics certifications offered by GIAC, with GCFA being considered the more advanced certification. Another important point to distinguish GCFE from other digital forensics certifications is that candidates are not required to earn a minimum amount of training hours in computer forensic training or time worked in the field. GCFE also does not require a candidate to previously have a computer forensics or incident-response related certification unlike some other digital forensics certifications.
These differences could be deciding factors for a candidate that has only spent a few months in the field or those with no previous digital forensics certifications.
What is the Best Way to Train for the GCFE?
There are a variety of ways to train for the GCFE certification exam, including:
- Self-studying GCFE topic areas via books, practice exams and other resources
- Using websites like SkillSet to test your computer forensics knowledge until you are confident you will be able to pass the exam
- Taking a training course with an instructor, such as the ones provided by InfoSec Institute