The GBFA certification demonstrates that an individual is trained and qualified in the proper collection, acquisition, and rapid triage analysis of many forms of data storage.

• Efficient data acquisition from a wide range of devices
• Rapidly producing actionable intelligence
Manually identifying and acquiring data

Affiliated Training: FOR498: Battlefield Forensics & Data Acquisition

The GCFE certification validates a practitioner's knowledge of computer forensic analysis, with an emphasis on core skills required to collect and analyze data from Windows computer systems.

• Windows Forensics and Data Triage
• Windows Registry Forensics, USB Devices, Shell Items, Key Word Searching, Email and Event Logs
• Web Browser Forensics and Tools

Affiliated Training: FOR500: Windows Forensic Analysis

The GASF certification confirms practitioners can perform forensic examinations on a range of mobile devices and collect data from a variety of files and applications.

• Fundamentals of mobile forensics and conducting forensic exams
• Device file system analysis and mobile application behavior
• Event artifact analysis and the identification and analysis of mobile device malware

Affiliated Training: FOR585: Smartphone Forensic Analysis In-Depth

The GCFA certification proves that candidates have the knowledge, skills, and ability to conduct formal incident investigations and handle advanced incident handling scenarios.

• Advanced Incident Response and Digital Forensics
• Memory Forensics, Timeline Analysis, and Anti-Forensics Detection
• Threat Hunting and APT Intrusion Incident Response

Affiliated Training: FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics

The GNFA certification validates a practitioner's ability to perform examinations employing network forensic artifact analysis.

• Network architecture, network protocols, and network protocol reverse engineering
• Encryption & encoding, NetFlow analysis & attack visualization, security event & incident logging
• Network analysis tools & usage, wireless network analysis, & open source network security proxies

Affiliated Training: FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response

The GCTI certification proves practitioners have mastered strategic, operational, and tactical cyber threat intelligence fundamentals and application.

• Open source intelligence and campaigns, intelligence applications and intrusion analysis
• Analysis of intelligence, attribution, collecting and storing data sets
• Kill chain, diamond model, and courses of action matrix
• Malware as a collection source, pivoting, and sharing intelligence

Affiliated Training: FOR578: Cyber Threat Intelligence

The GREM certification proves that professionals possess the knowledge and skills to reverse-engineer malicious software (malware) that targets common platforms, such as Microsoft Windows and web browsers.

• Analysis of Malicious Document Files, Analyzing Protected Executables, and Analyzing Web-Based Malware
• In-Depth Analysis of Malicious Browser Scripts and In-Depth Analysis of Malicious Executables
• Malware Analysis Using Memory Forensics and Malware Code and Behavioral Analysis Fundamentals
• Windows Assembly Code Concepts for Reverse-Engineering and Common Windows Malware Characteristics in Assembly

Affiliated Training: FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques

The GCIH with CyberLive certification focuses on methods used to detect, respond, and resolve computer security incidents.

• Incident Handling and Computer Crime Investigation
• Computer and Network Hacker Exploits
• Hacker Tools (Nmap, Nessus, Metasploit and Netcat)

Affiliated Training: SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling

The GRID certification is for professionals who want to prove that they can perform active defense strategies specific to and appropriate for an Industrial Control System (ICS) network and systems.

• Active Defense Concepts and Application, Detection and Analysis in an ICS environment
• ICS-focused discovery and monitoring, digital forensics, and incident response
• Malware Analysis Techniques, Threat Analysis in an ICS environment, and Threat Intelligence Fundamentals

Affiliated Training: ICS515: ICS Active Defense and Incident Response