Coming soon! GMOB - GIAC's new Mobile Device Security Certification! Click here to learn more.

Certification: GCFA

Certification:

GIAC Certified Forensic Analyst (GCFA)

Target

The GCFA certification is for professionals working in the information security, computer forensics, and incident response fields. The certification focuses on core skills required to collect and analyze data from Windows and Linux computer systems.

The GCFA certifies that candidates have the knowledge, skills, and ability to conduct formal incident investigations and handle advanced incident handling scenarios, including internal and external data breach intrusions, advanced persistent threats, anti-forensic techniques used by attackers, and complex digital forensic cases.

Course

Preparing for the GCFA Exam: Candidates may choose to prepare for the GCFA exam by taking the SANS Training Course: FOR508: Advanced Computer Forensic Analysis and Incident Response

*No Specific training is required for any GIAC certification. If candidates need help in mastering the objectives for this certification, there are many sources of information available. Practical experience is one option; there are also numerous books on the market covering Computer Information Security. Another option is SANS training, or any relevant courses from other training providers.*

Requirements

  • 1 proctored exam
  • 115 questions
  • Time limit of 3 hours
  • Minimum Passing Score of 69%

Note:

GIAC reserves the right to change the specifications for each certification without notice. Based on a scientific passing point study, the passing point for the GCFA exam has been determined to be 69% for all candidates receiving access to their certification attempts on or after August 2nd, 2012. To verify the format of your current certification attempt, please read the Certification Information found in your portal account at https://exams.giac.org/pages/attempts.

Renew

Certifications must be renewed every 4 years. Click here for details.

Delivery

NOTE: GIAC exams are NOT given the day after the conference ends.

Exams are delivered online through a standard web browser. For exams purchased with SANS training, access to the exam will be available 7-10 days following the end of the conference. Certification attempt exams are issued within 24 hours upon receipt of payment. You will receive an email from GIAC when your exam has been issued to your portal account. You have 120 days to complete the exam from the time we send notice that it is available. The exams are proctored and should be scheduled using our proctored exam procedure.

Links


Bulletin (Part 2 of Candidate Handbook)

Exam Certification Objectives & Outcome Statements

The topic areas for each exam part follow:

Acquiring and Analyzing Volatile Data
The candidate will demonstrate an understanding of how to acquire and analyze local and remote volatile evidence during an intrusion.
Analyzing Timelines
The candidate will demonstrate an understanding of creating and analyzing a timeline using file system, artifacts, and other available means and be able to use that timeline to analyze temporal events on the computer system around a specific time or artifact.
Data Layer Examination
The candidate will demonstrate an understanding of how to analyze and recover evidence from the file system and data layer on major file systems.
Digital Forensic Investigation Methodology
The candidate will demonstrate a fundamental understanding of the forensic process, methodology, common legal guidelines, documentation, and the common duties of a Digital Forensic Analyst and Incident Responder.
Digital Forensics and Incident Response
The candidate will demonstrate an understanding of how to properly acquire, validate and analyze evidence on systems across the enterprise during the incident response identification and containment phases.
Forensic Intrusion Analysis
The candidate will demonstrate the ability to apply methodology to perform forensic analysis during an intrusion investigation.
Metadata and Filename Layers
The candidate will demonstrate an understanding of how to analyze and recover evidence from the metadata and file name layers on major file systems.
Operating Systems and Filesystems
The candidate will demonstrate an understanding of the essential forensic concepts for identifying and examining file systems, including attributes, file system metadata, and data organization, with an emphasis on Windows file systems.

Where to Get Help

Training is available from a variety of resources including on line, course attendance at a live conference, and self study.

Practical experience is another way to ensure that you have mastered the skills necessary for certification. Many professionals have the experience to meet the certification objectives identified.

Finally, college level courses or study through another program may meet the needs for mastery.

The procedure to contest exam results can be found at http://www.giac.org/about/procedures/grievance.

SANSFIRE 2013 - Washington
Latest Papers

Logging and Monitoring to Detect Network Intrusions and Compliance Violations in the Environment
By Sunil Gupta | GCIA | 7008

Using and Configuring Security Onion to detect and prevent Web Application Attacks
By Ashley Deuble | GCIA | 7994

Attributes of Malicious Files
By Joel Yonts | GCIH | 7194

Small Business: The New Target What can they Do?
By Robert Comella | GCIA | 5138

View More Papers »

Latest Professionals

Christiaan Ehlers | GWAPT | 3648

Valerie Feehan | GCFW | 3805

Tim Kitchens | GREM | 3386

View More Professionals »

 
Contact Us

Phone: 301-654-7267
Mon-Fri 9am-8pm EST/EDT
Questions: info@giac.org
More »