Professional development

Certifications compared: GCFA vs. CSFA vs. CCFP

Daniel Brecht
April 22, 2020 by
Daniel Brecht

Introduction: The importance of forensic analysts

An increase in computer crimes is driving the need for more certified forensics analysts. These specialists have a crucial role in gathering information from computer systems to support investigations. These analysts can successfully retrieve previously deleted or erased files and recover information from any electronic device or storage media to build a case against lawbreakers.

Analysts not only perform technical tasks but write detailed reports based on their findings or conclusions as asked by law enforcement. They may be called to testify in court as expert witnesses to give information on motives and connections. Their importance is not only essential in resolving digital crimes but their forensic testimony can confirm or dispute alibis.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Roles and skills of digital forensic experts 

Forensic science technicians (or analysts) either travel to the scene of the crime to collect evidence themselves or fill laboratory roles. They are responsible for the preservation, identification, extraction, documentation and interpretation of the source material and are responsible for sufficiently explaining and justifying their findings before a court of law. 

Forensic analysts may work independently retrieving and analyzing data, or they may work alongside a team of digital forensic examiners and cyber intrusion analysts for crime scene investigations and event reconstructions. They may also work in conjunction with highly specialized police units.

Their job is, in any case, to apply methods and computer forensic tools to gather the data needed to support an investigation. For example, they could be asked to examine the actions linked to the loss of a company’s confidential data and intellectual property. The professional would then explore the involvement of the computer hardware or software used, as well as the possible vectors of attack and the damage done.

Although the job duties of forensic analysts will vary, they all must have unique skill sets in addition to in-depth and up-to-date knowledge of systems and software. To do well in this role, one needs strong analytical and investigative skills to examine evidence, extract information and support their inquiries.

Because there’s a large volume of information contained on digital devices that can make the difference in an investigation, analysts are required to be familiar with the latest forensic tools to address ever-changing technologies. Professionals will need formal education or training that pushes the teaching of computer forensics towards the more applied aspects of the discipline. Earning a degree is an option, particularly a degree that adheres to the Forensic Science Education Programs Accreditation Commission (FEPAC) — see the college-level academic programs that leads to a baccalaureate or graduate degree. 

However, while many begin such a career pursuing a degree in computer forensics, professionals may opt to prepare themselves for this profession by studying for and acquiring one of the related computer forensics certifications. These include the GCFA, CSFA and CCFP.

The ideal certifications and career paths to follow

GCFA certification

The GIAC®️ Certified Forensic Analyst (GCFA) is a vendor-neutral certification that tests the candidate’s knowledge and skills in using computer forensics tools and techniques, in information security and incident response. 

This is an intermediate-level computer forensics credential that assesses the holder’s aptitude in performing incident investigations in scenarios including data breaches, APTs and complex forensic analysis needed in Windows and Linux systems. The topics potentially covered in the exam include incident response, file system timeline artifact analysis, volatile data forensics and file system timeline forensics, Windows artifact analysis and more.

GIAC is valid for four years. The certification requirements include passing a three-hour proctored open-book online examination of 82-115 questions with topics covering forensic methodology, incident response, evidence gathering, file systems forensics, Windows forensics and more. Passing score is 72%. 

Once they’ve earned the certification, professionals can then work towards a Gold status. For this, they will need to write a 20-page technical report under the supervision of an advisor within six months. Technical reports are assessed according to four criteria: technical accuracy, clear explanation of advanced concepts, extension of ideas beyond courseware and organization of report.

Typical job titles for GCFA-qualified professionals include:

  • Computer forensics analyst
  • Law enforcement forensics analyst 

Name GIAC Certified Forensic Analyst (GCFA)

Prerequisites & required courses GCFA-recommended course: FOR508 — Advanced Incident Response, Threat Hunting and Digital Forensics.

Exam info The exam cost is $1,999. Each certification attempt includes 2 practice tests (a $338 value). The test consists of 115 questions, has a time limit of three hours and a passing score of 72 percent. Exams are proctored by Pearson VUE. Registration with GIAC is required to schedule an exam. Click the following link for instructions on How to Schedule Your GIAC Proctored Exam.

CSFA certification

The CyberSecurity Institute’s CyberSecurity Forensic Analyst (CSFA) certification is an advanced test designed for professionals who already possess practical experience in the field of digital forensics. 

CSFA is ideal for those well-versed in the administrative aspects of conducting digital forensic analysis, as it consists of exam scenarios that a forensic analyst will encounter in the real world. Those qualified must be capable of conducting a thorough forensic analysis using sound examination and handling procedures while also being able to communicate the results of their analysis effectively.

There are many knowledge areas that may be covered in the test. Scenarios can include technical topics like imaging handheld devices, hashes and checksums, FAT file systems, NTFS and more. It may add in other skills like creating understandable and accurate reports, working as an expert technical witness and documentation, understanding the chain of custody and evidence-handling procedures.

The CSFA designation is held exclusively by the most qualified digital forensic professionals and is a testament that the holder has the skills necessary to perform a comprehensive analysis within a limited time frame,” states the Cyber Security and Information Systems Information Analysis Center (CSIAC). 

Typical job titles for CSFA-qualified professionals include:

  • Computer forensics investigator
  • Digital crime forensics specialist 

Name CyberSecurity Forensic Analyst (CSFA)

Required experience Candidates must have at least two years of relevant work experience conducting forensic analysis on devices running a Windows operating system. They must be able to pass an FBI Criminal Background Check, along with completing the CSFA Certification Exam Application and Agreement. It is also highly recommended that candidates have obtained one of the following certifications at the very least: AccessData Certified Examiner (ACE), Certified Forensic Computer Examiner (CFCE), Certified Computer Examiner (CCE), Computer Hacking Forensic Investigator (CHFI), EnCase Certified Examiner (EnCE) or GIAC Certified Forensics Analyst (GCFA).

Exam info Candidates are required to take two parts to get this cert. There is a written component of 50 multiple-choice questions, which will comprise 30% of the total score; however, the majority of the test will be hands-on (candidates will be given a scenario) comprising 70% of the total score. The exam costs $750 and is proctored in a testing center. Reference materials cannot be used for the written test but may be used for the practical, where it's possible to bring your own forensic software and imaging hardware for the analysis that relates to the scenario.

CCFP certification

The (ISC)² Certified Cyber Forensics Professional (CCFP) is a certification for experienced professionals who already have the proficiency and perspective to effectively apply their expertise to other information security disciplines, such as e-discovery, malware analysis or incident response.

Note by the (ISC)² Community: "The CCFP will be designated an inactive credential August 21, 2020. The credential will remain a recognized (ISC)² certification until that date." Therefore, the CCFP exam is no longer being offered. It’s also understood that those who carry a valid designation will have it invalidated by Aug 2020. What’s more, “there are currently no plans to replace CCFP with a new (ISC)² certification.”

What training is available?

In order to be in this growing field, one must learn current industry best practices for the analysis of digital evidence in hypothetical and real-case scenarios. Analysts are required to use a variety of commercial forensics tools to analyze computer threats, as well as use scientifically accepted and validated processes. Hands-on training is necessary to supplement a professional’s theoretical skills.

Forensic scientists need to stay updated on current methodologies, techniques and technologies in the field to perform their job and maintain the certifications that are often required in their positions. The National Initiative for Cybersecurity Careers & Studies (NICCS) Training Catalog connects professionals to many courses, including Computer Forensic Analyst Training.

In addition, the National Institute of Justice (NIJ) offers free, self-paced online courses, such as Law 101: Legal Guide for the Forensic Expert, as well as audio recordings of procedures, like that on Digital and Multimedia Forensics: The Impact of Disturbing Media. Also worth checking out is NFSTC’s Introduction to Crime Scene Investigation online course for $129 that offers a step-by-step introduction to scene processing and evidence collection.

Certification holders should also look at all the opportunities to earn continuing professional education (CPE) credits for individual attendance at webinars, seminars and workshops. The IEEE International Workshop on Information Forensics and Security (WIFS), for example, is an annual event that features keynote lectures, tutorials and technical sessions on an array of topics.

Professionals may also consider attending the 8th International Symposium on Digital Forensics and Security (ISDFS 2020) that will be held in Beirut, Lebanon, on June 1-2. “ISDFS conference will continue to promote and disseminate knowledge concerning several topics and technologies related to Digital Forensics and Security,” say the organizers. Otherwise, there’s the 9th Annual Forensic Science Symposium at the Florida International University Modesto A. Maidique Campus in Miami which will be held June 2-4. This covers digital forensics and includes expanded criminal justice subjects beyond the laboratory.

Alternatively, there’s the continental conferences by the International Institute of Certified Forensic Investigation Professionals (IICFIP) USA, Inc. or the Certified Digital Forensic Professional (CDFP) courses to understand the role of technology in investigating computer-related crimes. Here, students can learn to apply current industry best practices for the analysis of digital evidence in hypothetical and real-world scenarios.

The job outlook (and salary prospects) for computer forensic analysts

There is a growing need for analysts. According to the National Initiative for Cybersecurity Careers & Studies (NICCS), the following professionals are in high demand:

  • Law enforcement/counterintelligence forensics analyst
  • Cyber defense forensics analyst

For those who do pursue this field, the job outlook is bright. The news is especially good for analysts with a degree in computer-related forensics from an accredited college or university and possess pertinent qualifications that prove “first-hand familiarity with the techniques and duties of the job, such as processing evidence, completing laboratory work, and testifying in court.”

This “position receives a letter grade rating of A for its faster than average job growth,” as a computer forensics investigator or forensic analyst who works for state or federal law enforcement agencies could earn a starting salary of between $50,000 and $75,000. Private corporations or consulting firms might pay starting salaries of between $50,000 and $60,000.

Job opportunities for forensic science technicians are expected to grow 14 percent from 2018 to 2028, according to the U.S. Bureau of Labor Statistics. This will result in about 2,400 new jobs over the 10-year period, with state and local governments expected to hire additional personnel.

According to PayScale, the average forensic computer analyst salary is $72,417. The average annual salary varies based on subspecialties:

  • Computer forensics analyst: $68,236.00
  • Computer forensics investigator: $75,660.00
  • Computer forensic specialist: $90,120.00
  • Computer forensics technician: $68,121.00
  • Digital forensics specialist: $119,400.00

Of course, it also depends upon one’s experience, education and geographic location. 

So, who’s hiring? The Department of Homeland Security (DHS) is currently recruiting cybersecurity professionals skilled in digital forensics and forensics analysis. DHS is actively hiring dynamic professionals in its National Cybersecurity and Communications Integration Center (NCCIC). Specialists need to have experience in malware and forensic incident analysis.

The National Cyber Forensics and Training Alliance (NCFTA) is also hiring. This non-profit organization is in search of a cyber intelligence analyst who can research current and emerging cyber threats. NCFTA also proposes a cyber intelligence analysis training program and offers students an intensive 12-week paid internship.

Conclusion

Cybersecurity-related crimes are on the rise. With so much focus on cybersecurity, the need for more analysts is growing. This is a great time to consider this high-demand career. 

As competition for vacancies is expected to be strong, a proper certification will not only show a professional is well qualified but also proves they’re willing to keep current on the latest trends of technology in the field. So, which of these computer forensic analyst certifications will you consider?

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Sources

Daniel Brecht
Daniel Brecht

Daniel Brecht has been writing for the Web since 2007. His interests include computers, mobile devices and cyber security standards. He has enjoyed writing on a variety of topics ranging from cloud computing to application development, web development and e-commerce. Brecht has several years of experience as an Information Technician in the military and as an education counselor. He holds a graduate Certificate in Information Assurance and a Master of Science in Information Technology.