Professional development

Computer forensics certifications

Ravi Das
December 31, 2017 by
Ravi Das

What is computer forensics? It is the science of locating, extracting, and preserving information/data from IT, wireless, and backup/storage devices. Later, this is used to determine the origin of an attack, how it can be prevented in the future, as well as bringing to justice the cyberattacker(s) in question.

Experienced and certified professionals are high in demand, yet computer forensics certs remain something of a wild frontier.

There are a number of computer forensics certifications available:

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Vendor-Neutral Computer Forensic Certifications

  • CHFI (Computer Hacking Forensic Investigator): EC-Council
  • CCE (Certified Computer Examiner): ISFCE
  • CCFE (Certified Computer Forensics Examiner): Infosec Institute/IACIS
  • CDFE (Certified Digital Forensics Examiner): Mile2
  • CEDS (Certified E-Discovery Specialist): ACEDS
  • CSFA (Cybersecurity Forensic Analyst): Cybersecurity Institute
  • GIAC (GIAC certified forensic analyst): SANS
  • GCFA (Certified Forensic analyst): SANS

Vendor-Specific Computer Forensics Certifications

  • ACE (Access Data Certified Examiner): AccessData Group, LLC
  • AccessData also offers certifications in Summation litigation product
    • Certified Forensic Investigation Practitioner
    • Certified Mac Forensics Specialist
    • Certified Malware Investigator
  • Encase Certified Examiner: Encase from Guidance Software
  • Encase Certified eDiscovery Practitioner: EnCEP

Most popular digital forensics certifications

Certified Computer Examiner (CCE)

The Certified Computer Examiner (CCE) is offered the International Society of Forensic Computer (aka the "ISFCE.") It is a highly coveted cert amongst forensics investigators and the law enforcement industry.

Certification Name Certified Computer Examiner (CCE)

Prerequisites & Required Courses Any one of the following is a course prerequisite: Any education received from a CCE training school;Any other type or kind of forensics-based education;OR, any other related work experience, with the minimum being 18 months.

Number of Exams An online exam (pass=70%); An applications exam (three specific scenarios must be successfully examined; pass=70%).

EnCe: EnCase Certified Examiner

Guidance Software is a leader in the forensics tools and services arena. It is well-known and highly used EnCase Forensics software that helps professionals acquire data from many different types of devices, complete disk-level examinations and produce reports of findings. The company also sells software for remote investigations (EnCase Endpoint Investigator), eDiscovery, risk management and endpoint security.

Certification Name EnCase Certified Examiner (EnCe)

Required Experience
  • One year of work experience and/or 64 hours of verifiable training.
  • In addition to required training or experience, Guidance Software recommends the DF310-EnCe Prep course

Number of Exams One two-phase exam:

The following exams are required:

  • A written exam (pass=80%);
  • An application-based exam (pass=85%).
Passing the Phase I exam earns an electronic license to complete the Phase II exam.

CFCE: Certified Forensic Computer Examiner

The International Association of Computer Investigative Specialists (aka IACIS) offers the Certified Forensic Computer Examiner (aka CFCE) cert. However, you must be involved in law enforcement in some or manner as a prerequisite.

Certification Name Certified Forensic Computer Examiner (CFCE)

Prerequisites & Required Courses Basic Computer Forensics Examiner (BCFE) training course is recommended, Training in computer/digital forensics comparable to CFCE core competencies

Required Exams The IACS takes a unique approach in that the candidate must first pass a peer review to ensure that credentials are met, and then he or she can go onto the written exam to qualify for the cert.

GCFA and GCFE Certifications

SANS is the organization behind the Global Information Assurance Certification (GIAC) program. It is a well-respected and highly regarded player in the information security field in general.

The SANS Organization Is among the largest and best-known cert entities. They offer one of the leading forensics certs known as the Global Information Assurance Certification (aka GIAC).

Certification Name GIAC Certified Forensic Examiner (GCFE) GIAC Certified Forensic Analyst (GCFA)

Prerequisites & Required Courses GCFE recommended course: FOR408: Windows Forensic Analysis, GCFA recommended course: FOR508: Advanced Digital Forensics and Incident Response.

Number of Exams One exam for each credential (115 questions, 3 hours, passing score of 71 percent) Exams proctored by Pearson VUE. Registration with GIAC is required to schedule an exam.

CSFA: Cybersecurity Forensic Analyst

The CyberSecurity Institute offers forensics-based services exclusively to the law enforcement sector. It also offers the CyberSecurity Forensic Analyst (aka CSFA) cert.

Certification Name CyberSecurity Forensic Analyst (CSFA)

Required Experience Candidates must have at least two years of relevant work experience, be able to pass a criminal background check conducted by the FBI, and possess one of the following certs:

AccessData Certified Examiner (aka ACE)2) Certified Forensic Computer Examiner (aka CFCE)3) Certified Computer Examiner (aka CCE)

4) Computer Hacking Forensic Investigator (aka CHFI)

5) EnCase Certified Examiner (aka EnCe)

6) GIAC Certified Forensics Analyst (aka GCFA)

Required Exams Candidates are required to take two parts to get this cert: A written exam;An application-based exam.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Why Forensics as a Career?

Given the extreme, fast-paced growth of technology, computer forensics can be a lucrative career. Mastering the basics of all verticals like operating systems, networking, vulnerability assessments, penetration testing, programming knowledge, ethical hacking, mobile tools, and so forth, necessitates would-be entrants into the field to update themselves with the latest cyber info.

Regular practice with forensics tools is essential. Candidates who can demonstrate critical thinking skills and the ability to pick up new concepts will find the most success, regardless of their specific degree. If the possibility of working hard and adapting to a fast-changing environment excites you, computer forensics is for you.

Ravi Das
Ravi Das

Ravi is a Business Development Specialist for BiometricNews.Net, Inc., a technical communications and content marketing firm based out of Chicago, IL. The business was started in 2009, and has clients all over the world. Ravi’s primary area of expertise is Biometrics. In this regard, he has written and published two books through CRC Press. He is also a regular columnist for the Journal of Documents and Identity, a leading security publication based out of Amsterdam.

You can visit the company’s website at www.biometricnews.net (or http://biometricnews.blog/); and contact Ravi at ravi.das@biometricnews.net.