Professional development

The big list of computer forensics certifications [Updated 2019]

Fakhar Imam
July 7, 2019 by
Fakhar Imam

Computer forensics certifications have gained tremendous popularity over the past few years. Many public and private organizations have developed certifications for digital forensics analysts. Some organizations offer courses in certain areas, while others take a “general overview” approach, but all of them provide adequate training to the investigators so that they can conduct accurate, credible, and result-oriented investigations.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

The best computer forensics certifications

There are mainly two types of computer forensics certifications available today, namely, vendor-neutral and vendor-specific. Vendor-neutral programs cover the best practices in a particular field of development, such as project or security management. On the other hand, vendor-specific programs deal with a specific developer’s software platforms or products and provide training in specific tools.

Both types of certifications are widely acknowledged and will be discussed in the subsequent sections.

Vendor-neutral certifications

Certified Forensic Computer Examiner (CFCE)

The CFCE certification has two stages, peer review and certification testing, which must be completed to acquire this certification.

Peer Review Phase: This phase has some essential elements, such as:

  • There are four practical problems.
  • The candidate has 30 days to solve these problems.
  • The coach is assigned for guidance.
  • Passing each problem is necessary to enter the second phase.

Certification Phase: This phase consists of two elements:

  • The candidate has 40 days to complete hard drive practical problems.
  • The candidate has 14 days to solve knowledge-based objective test.

Vendor: The International Association of Computer Investigative Specialists (IACIS) is a non-profit organization that offers CFCE certification.

Pros: Membership in IACIS has several benefits, including:

  • File library access
  • Free annual proficiency testing
  • Free recertification testing

Cons: CFCE certification has some disadvantages, such as:

  • CFCE is more expensive than other certifications because the candidates have to complete the basic computer forensics examiner (BCFE) training course ($2,795) before appearing to both practical exercises and written exam.
  • Fail candidates cannot retake the exam immediately. Instead, they have to wait for the next certification cycle. There are only two certification cycles that are held each year. A candidate who fails CCE exam can retake the exam after 60 days.

Certified Computer Examiner (CCE)

The need for CCE certification is widely acknowledged by government agencies as well as many other organizations.

The CCE certification is completed in two rounds:

  1. Online written exam is conducted, in which a candidate has to complete 75 questions within 45 minutes. More important, the candidate must score 70% to qualify for the next round of practical examination.
  2. Practical examination also requires 70% marks. An overall average of 80% is required to earn CCE certification.

Vendor: The International Society of Forensic Computer Examiners (ISFCE) confers CCE certification.

Pros: CCE certified professional has several benefits, including:

  • The ISFCE is a member of “The Alliance Group of Associations,” therefore all CCE professionals are eligible to place insurance coverage through Insurance Tek Company.
  • CCEs automatically subscribe to the CCE’s “list serve,” which allows all CCEs worldwide to share information among themselves regarding their computer forensics experiences.
  • ISFCE members enjoy discounts on some specific software and hardware products.

Cons: CCE certification is valid for only two years, while CFCE and GIAC certifications are valid for three and four years, respectively.

Global Information Assurance Certification (GIAC)

The GIAC awards over 30 certifications in forensics, software security, security administration, legal, audit, and management. GIAC is widely trusted by government organs and various organizations, including the U.S. National Security Agency.

There are five GIAC certifications related to digital forensics and incident response.

  1. GIAC Certified Forensic Analyst (GCFA)
  2. GIAC Advanced Smartphone Forensics (GASF)
  3. GIAC Certified Forensic Examiner (GCFE)
  4. GIAC Network Forensic Analyst (GNFA)
  5. GIAC Reverse Engineering Malware (GREM)

Each exam has a different format. For example, the GCFE exam is a single exam that has 115 questions and the candidate has three hours in which answer them. The minimum passing score is 72%. The GNFA exam consists of 50 questions with a 2-hours time limit and a passing score of 70%.

Vendor: The SysAdmin, Audit, Network, Security (SANS) Institute offers the GIAC certifications program.

Pros: A GIAC certification ensures that the certified professional keeps his/her knowledge and skills current through the periodic recertification program and access to up-to-date and latest information. GIAC has several benefits, such as:

  • GIAC’s eleven certifications are accredited by ANSI/ISO/IEC 17024.
  • GIAC’s exams are based on psychometric tests. The exam contents and the design of each question are reviewed by technical experts.
  • The GIAC-certified can earn the “GIAC Gold Status.” In fact, the candidate works with an advisor to submit a peer-reviewed “gold paper” in his/her area of information security expertise. If the paper is approved, it will be published in the “SANS Reading Room” for industry reference.
  • GIAC’s certified professionals are encouraged and authorized to use all GIAC Logo(s) for website, signature, resume, letterhead, business cards, etc.

Cons: GIAC credentials have some disadvantages, including:

  • Since GIAC is an open book exam, it only tests candidates’ knowledge (analytical and logical reasoning) rather than testing their memory or memorizing abilities.
  • The retaking policy is stricter than with other certifications. If the candidate fails the exam, he will have to wait for one month. After three failed attempts, the student must wait for one year to continue his/her attempt.

Vendor-Specific Certifications

Various vendors of computer forensics tools have established their own certifications. These vendor-specific certifications assure that those attaining these certifications are competent enough to use their forensics applications. Two well-established vendor-specific certifications are described below.

EnCase Certified Engineer (EnCE)

EnCE certification certifies both private and public sector professionals who use Guidance Software’s EnCase computer forensics application. The EnCE program assures that the experts have learned computer examination methodologies as well as the use of the EnCase tool during computer investigations.

EnCE certification has some requirements. The candidates must attend 64 hours authorized computer forensic training or have 12 months of working experience in computer forensics.

The exam has two phases:

  1. Phase 1 is a written test consisting of 180 questions and requiring an 80% score to pass.
  2. Phase 2 is a practical exam containing 18 questions and requiring an 85% score to pass.

Vendor: Guidance Software offers EnCE certification.

Pros: The following advantages are associated with EnCE certification.

  • EnCE certification enhances the examiners’ marketability and provides opportunities for advancement.
  • It increases the examiners’ professional credibility when testifying in court.
  • It provides peer recognition.

Cons: Unlike some other certification exams, EnCE doesn’t have a clear code of ethics.

AccessData Certified Examiner (ACE)

The ACE credential shows that the examiners are proficient with Forensic Toolkit (FTK) technology. Like EnCE, the ACE also has two phases with similar scoring criteria; the only difference is that the first phase follows the Thomson Prometric testing method.

Vendor: AccessData offers the ACE certification.

Pros: ACE credential has some advantages, including:

  • ACE members benefit from having the AccessData Boot Camp and Windows Forensics—Core courses as a foundation.
  • ACE certification maintenance doesn’t impose educational requirements.
  • AccessData doesn’t charge for ACE certification maintenance.
  • AccessData provides top notch study material, including videos overview of each tool, lessons, and practice test.

Cons: Retaking the initial ACE credential exam CANNOT be substituted for ACE certification continuation. If the ACE credential expires, the candidate will have to wait for 1 year before being permitted to take the initial ACE certification examination.

What forensics certification adds the most value to your resume?

If you are looking for a job, vendor-neutral certifications are the best choices for you. On the other hand, if you want to work with a specific company, find out what platform that company is running and get certified in those vendor-specific subjects.

If you're looking for a top digital forensics course, check out Infosec's course offerings.

What type Of training can Be utilized to get certified?

Certain kinds of training programs can be used to get certified. Institutions may offer traditional in-person training, live learning, or remote learning, and self-paced training. It’s up to the candidate to decide what type of training is the best fit for him.

In-person training is traditional classroom training that requires the candidates to attend lectures at the institution.

Live training offers candidates video lectures, documents, and other study material in the form of soft copy through the internet. Although online training is cost-effective, the candidates have a lack of interaction with their instructors.

Self-paced learning enables candidates to make their own decisions within the time they need, instead of answering questions within a certain amount of time.

Infosec’s Training program

Infosec offers all three types of training:

Infosec’s In-person training program has 20 years of success with immersive experience.

Infosec’s live training is very convenient and provides exam pass guarantee.

Infosec’s self-paced program trains you on your own time and provides access to any place.

Instead of just going through textbooks or using a traditional form of studying, Infosec promotes the use of hands-on labs and provides live mock cases to assist you with your investigative skills on real cases, to see how well you can prepare reports and present your findings.

Infosec’s Boot Camps

Did you find this article very useful? Are you aspiring to the certified cyber forensics professional (CCFP) examination? Infosec offers a uniquely designed Authorized Computer Forensics Boot Camp Course for the students of CCFP and CCFE examinations. You can join this course to acquire a professional CCFP certification.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Infosec also offers thousands of articles on a variety of security topics.

Fakhar Imam
Fakhar Imam

Fakhar Imam is a professional writer with a master’s program in Masters of Sciences in Information Technology (MIT). To date, he has produced articles on a variety of topics including on Computer Forensics, CISSP, and on various other IT related tasks.