Cybersecurity Certifications

Cybersecurity Certifications

Digital Forensics and Incident Response Certifications

It takes intuition and specialized skills to find hidden evidence and hunt for elusive threats. GIAC's Digital Forensics and Incident Response certifications encompass abilities that DFIR professionals need to succeed at their craft, confirming that professionals can detect compromised systems, identify how and when a breach occurred, understand what attackers took or changed, and successfully contain and remediate incidents. Keep your knowledge of detecting and fighting threats up to date - and your work role secure - with DFIR certifications.

GIAC with CyberLive

Real world, virtual machine testing for specialized certifications

CyberTalent Assessments

Measure your skills and competency levels to decide what's next

Operating System & Device In-Depth

Prove your ability to detect, respond to, and recover from an attack.

Learn More

Incident Response & Threat Hunting

Prove your mastery of essential skills needed to defend the enterprise.

Learn More

"Intrusion detection, incident response and digital forensics are my everyday working areas. My GIAC certs provided a practical framework that is comprehensive and effective. Clients trust my work when they know I'm certified and after when the see the result." - Juan Manzano, GSE

Operating System & Device In-Depth Certifications

GIAC Battlefield Forensics & Acquisition (GBFA)

The GBFA certification demonstrates that an individual is trained and qualified in the proper collection, acquisition, and rapid triage analysis of many forms of data storage.

  • Efficient data acquisition from a wide range of devices
  • Rapidly producing actionable intelligence
  • Manually identifying and acquiring data

Affiliated Training: FOR498: Battlefield Forensics & Data Acquisition

GIAC Certified Forensic Examiner (GCFE)

The GCFE certification validates a practitioner's knowledge of computer forensic analysis, with an emphasis on core skills required to collect and analyze data from Windows computer systems.

  • Windows Forensics and Data Triage
  • Windows Registry Forensics, USB Devices, Shell Items, Email Forensics and Log Analysis
  • Advanced Web Browser Forensics (Chrome, Edge, Firefox, Internet Explorer)

Affiliated Training: FOR500: Windows Forensic Analysis

GIAC Advanced Smartphone Forensic (GASF)

The GASF certification confirms practitioners can perform forensic examinations on a range of mobile devices and collect data from a variety of files and applications.

  • Fundamentals of mobile forensics and conducting forensic exams
  • Device file system analysis and mobile application behavior
  • Event artifact analysis and the identification and analysis of mobile device malware

Affiliated Training: FOR585: Smartphone Forensic Analysis In-Depth

Incident Response & Threat Hunting Certifications


GIAC Certified Forensic Analyst (GCFA) with CyberLive

The GCFA certification proves that candidates have the knowledge, skills, and ability to conduct formal incident investigations and handle advanced incident handling scenarios.

  • Advanced Incident Response and Digital Forensics
  • Memory Forensics, Timeline Analysis, and Anti-Forensics Detection
  • Threat Hunting and APT Intrusion Incident Response

Affiliated Training: FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics

GIAC Network Forensic Analyst (GNFA)

The GNFA certification validates a practitioner's ability to perform examinations employing network forensic artifact analysis.

  • Network architecture, network protocols, and network protocol reverse engineering
  • Encryption & encoding, NetFlow analysis & attack visualization, security event & incident logging
  • Network analysis tools & usage, wireless network analysis, & open source network security proxies

Affiliated Training: FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response

GIAC Cyber Threat Intelligence (GCTI)

The GCTI certification proves practitioners have mastered strategic, operational, and tactical cyber threat intelligence fundamentals and application.

  • Open source intelligence and campaigns, intelligence applications and intrusion analysis
  • Analysis of intelligence, attribution, collecting and storing data sets
  • Kill chain, diamond model, and courses of action matrix
  • Malware as a collection source, pivoting, and sharing intelligence

Affiliated Training: FOR578: Cyber Threat Intelligence

GIAC Reverse Engineering Malware (GREM)

The GREM certification proves that professionals possess the knowledge and skills to reverse-engineer malicious software (malware) that targets common platforms, such as Microsoft Windows and web browsers.

  • Analysis of Malicious Document Files, Analyzing Protected Executables, and Analyzing Web-Based Malware
  • In-Depth Analysis of Malicious Browser Scripts and In-Depth Analysis of Malicious Executables
  • Malware Analysis Using Memory Forensics and Malware Code and Behavioral Analysis Fundamentals
  • Windows Assembly Code Concepts for Reverse-Engineering and Common Windows Malware Characteristics in Assembly

Affiliated Training: FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques


GIAC Certified Incident Handler (GCIH) with CyberLive

The GCIH with CyberLive certification focuses on methods used to detect, respond, and resolve computer security incidents.

  • Incident Handling and Computer Crime Investigation
  • Computer and Network Hacker Exploits
  • Hacker Tools (Nmap, Nessus, Metasploit and Netcat)

Affiliated Training: SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling

GIAC Response and Industrial Defense (GRID)

The GRID certification is for professionals who want to prove that they can perform active defense strategies specific to and appropriate for an Industrial Control System (ICS) network and systems.

  • Active Defense Concepts and Application, Detection and Analysis in an ICS environment
  • ICS-focused discovery and monitoring, digital forensics, and incident response
  • Malware Analysis Techniques, Threat Analysis in an ICS environment, and Threat Intelligence Fundamentals

Affiliated Training: ICS515: ICS Active Defense and Incident Response