GIAC Certified Forensic Analyst
What is GCFA certification?
The GCFA certification is for professionals working in the information security, computer forensics, and incident response fields. The certification focuses on core skills required to collect and analyze data from Windows and Linux computer systems.
The GCFA certifies that candidates have the knowledge, skills, and ability to conduct formal incident investigations and handle advanced incident handling scenarios, including internal and external data breach intrusions, advanced persistent threats, anti-forensic techniques used by attackers, and complex digital forensic cases.
Why should you attend?
The GCFA enables you to learn:
- Advanced Incident Response and Digital Forensics
- Memory Forensics, Timeline Analysis, and Anti-Forensics Detection
- Threat Hunting and APT Intrusion Incident Response
Who Should Attend?
- Incident Response Team Members
- Threat Hunters
- SOC Analysts
- Experienced Digital Forensic Analysts
- Information Security Professionals
- Federal Agents and Law Enforcement Professionals
- Red Team Members, Penetration Testers, and Exploit Developers
- GCFE and GCIH Cert Holders
The topic areas for each exam part following:
- Enterprise Environment Incident Response
- File System Timeline Artifact Analysis
- Identification of Malicious System and User Activity
- Identification of Normal System and User Activity
- Introduction to File System Timeline Forensics
- Introduction to Volatile Data Forensics
- NTFS Artifact Analysis
- Volatile Data Artifact Analysis of Malicious Events
- Volatile Data Artifact Analysis of Windows Events
- Windows Artifact Analysis
A fundamental understanding of Microsoft, Linux
- 1 proctored exam
- 82-115 questions
- Time limit of 3 hours
- Minimum Passing Score of 72%
- Training is available in a variety of modalities including live conference training, online, and self study.
- Practical work experience can help ensure that you have mastered the skills necessary for certification
- College level courses or study through another program may meet the needs for mastery.
- The procedure to contest exam results can be found at https://www.giac.org/about/procedures/grievance.