Cyber Security Certification: GBFA

GIAC Battlefield Forensics and Acquisition (GBFA)

Exam Certification Objectives & Outcome Statements
How to Prepare

The GBFA certification is now available for pre-sale in conjunction with affiliated SANS training. Exam will be available in early August. SANS FOR498 Alumni will be eligible to challenge the GBFA exam. Alumni of FOR498 will receive a special offer email with a discount code once the exam is live to the public in August.

"The GIAC Battlefield Forensics and Acquisition (GBFA) certification demonstrates that an individual is trained and qualified in the proper collection, acquisition, and rapid triage analysis of many forms of data storage. Certified GBFA professionals can traverse each point from arriving at a scene, through determining and establishing the "quick wins" necessary to rapidly move an investigation forward. They have shown skill and excellence in the use of a wide variety of tools and techniques across a vast spectrum of media storage repositories from portable devices, servers, and endpoints, through to IoT and Cloud data. This industry certification will convey that the holder is prepared to handle every facet of the collection and rapid triage process." - Kevin J Ripa, SANS FOR498 Course Co-Author

Areas Covered

Efficient data acquisition from a wide range of devices
Rapidly producing actionable intelligence
Manually identifying and acquiring data

Who is GBFA for?

Federal agents and law enforcement personnel
Digital forensic analysts
Information security professionals
Incident response team members
Media exploitation analysts
DoD and intelligence community professionals
Anyone who has a background in information security and is interested in an understanding of the proper preservation of systems

Requirements

Minimum Passing Score To Be Determined

Delivery

NOTE: All GIAC Certification exams are web-based and required to be proctored. There are two proctoring options: remote proctoring through ProctorU, and onsite proctoring through PearsonVUE. Click here for more information.

GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.

*No Specific training is required for any GIAC certification. There are many sources of information available regarding the certification objectives' knowledge areas. Practical experience is an option; there are also numerous books on the market covering Computer Information Security. Another option is any relevant courses from training providers, including SANS.*

Other Resources

Training is available in a variety of modalities including live conference training, online, and self study.
Practical work experience can help ensure that you have mastered the skills necessary for certification.
College level courses or study through another program may meet the needs for mastery.
The procedure to contest exam results can be found at https://www.giac.org/about/procedures/grievance.