What is computer forensics? It is the science of locating, extracting, and preserving information/data from IT, wireless, and backup/storage devices. Later, this is used to determine the origin of attack, how it can be prevented in the future, as well as bringing to justice the Cyber attacker(s) in question.
Experienced and certified professionals are high in demand, yet computer forensics certs remain something of a wild frontier.
There are a number of computer forensics certifications available:
Vendor-Neutral Computer Forensic Certifications
- CHFI (Computer Hacking Forensic Investigator): EC-Council
- CCE (Certified Computer Examiner): ISFCE
- CCFE (Certified Computer Forensics Examiner): IACRB/IACIS
- CDFE (Certified Digital Forensics Examiner): Mile2
- CEDS (Certified E-Discovery Specialist): ACEDS
- CSFA (Cybersecurity Forensic Analyst): Cybersecurity Institute
- GIAC (GIAC certified forensic analyst): SANS
- GCFA (Certified Forensic analyst): SANS
Vendor-Specific Computer Forensics Certifications
- ACE (Access Data Certified Examiner): AccessData Group, LLC
AccessData also offers certifications in Summation litigation product
- Certified Forensic Investigation Practitioner
- Certified Mac Forensics Specialist
- Certified Malware Investigator
- Encase Certified Examiner: Encase from Guidance Software
- Encase Certified eDiscovery Practitioner: EnCEP
From the above list, the most popular computer forensics certs are:
The Certified Computer Examiner (CCE) is offered the International Society of Forensic Computer (aka the “ISFCE.”) It is a highly coveted cert amongst forensics investigators and the law enforcement industry.
|Certification Name||Certified Computer Examiner (CCE)|
|Prerequisites & Required Courses||Any one of the following is a course prerequisite:
Any education received from a CCE training school;
Any other type or kind of forensics-based education;
OR, any other related work experience, with the minimum being 18 months.
|Number of Exams
||An online exam (pass=70%);
An applications exam (three specific scenarios must be successfully examined; pass=70%).
EnCe: EnCase Certified Examiner
Guidance Software is a leader in the forensics tools and services arena. It is well-known and highly used EnCase Forensics software helps professionals acquire data from many different types of devices, complete disk-level examinations and produce reports of findings. The company also sells software for remote investigations (EnCase Endpoint Investigator), eDiscovery, risk management and endpoint security.
Guidance Software offers the following certs:
|Certification Name||EnCase Certified Examiner (EnCe)|
|Number of Exams||One two-phase exam:
The following exams are required:
Passing the Phase I exam earns an electronic license to complete the Phase II exam.
CFCE: Certified Forensic Computer Examiner
The International Association of Computer Investigative Specialists (aka IACIS) offers the Certified Forensic Computer Examiner (aka CFCE) cert. However, you must be involved in law enforcement some or manner as a prerequisite.
|Certification Name||Certified Forensic Computer Examiner (CFCE)|
|Prerequisites & Required Courses||Basic Computer Forensics Examiner (BCFE) training course is recommended,
Training in computer/digital forensics comparable to CFCE core competencies
|Required Exams||The IACS takes a unique approach in that the candidate must first pass a peer review to ensure that credentials are met, and then he or she can go onto the written exam to qualify for the cert.|
Ethical Hacking Training – Resources (InfoSec)
GCFA and GCFE Certifications
SANS is the organization behind the Global Information Assurance Certification (GIAC) program. It is a well-respected and highly regarded player in the information security field in general.
The SANS Organization Is among the largest and best-known cert entities. They offer one of the leading forensics certs known as the Global Information Assurance Certification (aka GIAC).
|Certification Name||GIAC Certified Forensic Examiner (GCFE)
GIAC Certified Forensic Analyst (GCFA)
|Prerequisites & Required Courses||GCFE recommended course: FOR408: Windows Forensic Analysis,
GCFA recommended course: FOR508: Advanced Digital Forensics and Incident Response.
|Number of Exams||One exam for each credential (115 questions, 3 hours, passing score of 71 percent)
Exams proctored by Pearson VUE. Registration with GIAC required to schedule an exam.
CSFA: Cybersecurity Forensic Analyst
The CyberSecurity Institute offers forensics based services exclusively to the law enforcement sector. It also offers the CyberSecurity Forensic Analyst (aka CSFA) cert.
|Certification Name||CyberSecurity Forensic Analyst (CSFA)|
||Candidates must have at least two years of relevant work experience, be able to pass a criminal background check conducted by the FBI, and possess one of the following certs:
AccessData Certified Examiner (aka ACE)
2) Certified Forensic Computer Examiner (aka CFCE)
3) Certified Computer Examiner (aka CCE)
4) Computer Hacking Forensic Investigator (aka CHFI)
5) EnCase Certified Examiner (aka EnCe)
6) GIAC Certified Forensics Analyst (aka GCFA)
|Required Exams||Candidates are required to take two parts to get this cert:
A written exam;
An application based exam.
Why Forensics as Career?
Given the extreme, fast-paced growth of technology, computer forensics can be a lucrative career. Mastering basics of all verticals like operating systems, networking, vulnerability assessments, penetration testing, programming knowledge, ethical hacking, mobile tools, and so forth, necessitates would-be entrants into the field to update themselves with latest cyber info. Regular practice with forensics tools is essential. Candidates who can demonstrate critical thinking skills and the ability to pick up new concepts will find the most success, regardless of specific degree. If the possibility of working hard and adapting to a fast-changing environment excites you, computer forensics is for you.