SANS Digital Forensics and Incident Response Blog

GIAC Certifications in High Demand: GCFA (GIAC Certified Forensic Analyst)

Excellent article discussing the increased demand for real technical skills. It has an excellent writeup on GIAC Certifications including the GIAC Certified Forensic Analyst (GCFA).



Why are certifications in high demand? From the article:

Increased Usage and Dependency on Digital Devices: We constantly use computer and other digital mobile devices for making calls, texting messages, surfing the internet, accessing email and bank accounts, paying bills, watching videos and more. "For better or worse, our lives and our personal/private data are now recorded on these devices moment-by-moment," says Rob Lee, Curriculum Lead for Digital Forensic Training at the SANS Institute and Director of Mandiant, a leading provider of information security consulting services and software to Fortune 500 organizations and the U.S. Government. As a result, crimes, civil litigation cases, and incidents exploiting stored data found on these devices are increasing.

Insider Theft: Insider threat is a growing criminal activity, especially in the event of organizations merging, being acquired and employees being laid off. "In today's economy more people are working remotely, which provides greater opportunities for malicious employees to create harmful attacks," says Paul Henry, SANS Institute certified instructor in Forensics and cyber crime and President of Forensics & Recovery LLC, an independent network breach and computer forensics investigative company based in Florida.

Increase in Utilization of Electronically Stored Evidence: Civil law suits are seeing an increase in utilization of electronically stored evidence. For criminal cases, it is becoming the norm to collect the subject or victim's cell phone, computer and other electronic devices in order to help solve the crime, maintains Lee.

2. GIAC Certified Forensics Analyst (GCFA)

GCFA is the leading vendor-neutral digital forensic certification, with more than 1,550 certified individuals. GIAC GCFAs have the knowledge, skills and abilities to handle advanced incidents, legally collect and secure evidence, conduct incident investigations, perform Electronic Evidence Discovery (EED), write forensic reports that can be utilized in litigation, and legally carry out forensic investigation of computers, networks and hard drives. GCFA-certified personnel are able to demonstrate how commercial forensic tools function step-by-step and can describe the process in a court of law. They are adept at both live and dead evidence acquisition, as well as complete deep-dive forensic analysis. In addition, certified analysts are able to articulate and ensure an exact legal and forensically sound process is utilized in the event that they will need to testify in court.

"We test not only for core computer forensic knowledge, we also cover areas cutting edge in the field," says Lee. These areas include memory collection and analysis, registry analysis, restore point examination, and volume shadow analysis. The SANS Institute adds the latest techniques to the material multiple times every year. "For example, some elements for Windows 7 are already covered in our material," indicates Lee.

"I prefer hiring SANS-certified candidates for my firm because they are innovative, broad thinking and exposed to different tools, techniques and programs," says Kevin Cohen, CISA, CISSP EnCE, GCFA, GCIA, President of Data Triage Technologies a boutique shop that performs computer forensics and electronic discovery. The GCFA certification with SANS has helped him to become an expert witness and has infused a high level of confidence in his problem solving and conceptual understanding abilities.

  • Who's Hiring? - Three broad industries need qualified digital forensic expertise on a daily basis.
  1. Information Security: to stop hackers, computer based attacks, and recover from data breach incidents.
  2. Legal: Win civil and criminal cases involving electronically stored evidence.
  3. Law Enforcement/Defense Industrial Base: Arrest and prosecute criminals/Deter enemies
  • Job Roles Include -
    • Information Security Crime Investigator/Forensic Expert - This expert analyzes how intruders breached the infrastructure in order to identify additional systems/networks that have been compromised.
    • Forensic Analyst -focuses on collecting and analyzing data from computer systems to track user-based activity that could be used internally or in civil/criminal litigation.
    • Incident Responder - the first-line defense during the breach. Cost — The cost of the certification is $499 when one signs up with training, or $899 if attempting the certification exam without associated training.

    Posted January 21, 2012 at 5:31 AM | Permalink | Reply

    Mirek Burnejko

    GCFA is amazing, but I believe not all IT departments know about the GIAC certifications. I would love to add some type of campaign to give a view for the employers that they can find something different than CISSP or Security .
    Thank you,