GIAC Certification Forensic Analyst: GCFA

GIAC Certification Forensic Analyst: GCFA

When a person obtains the Global Information Assurance Certification Forensic Analyst (GCFA) it ensures that they have an advanced understanding of computer forensics tools and techniques to investigate: data breach intrusions, tech-savvy rogue employees, nation state threats, and complex digital forensic cases.

The GCFA certifies that the individual has the knowledge, skills, and abilities to utilize state-of-the-art forensic analysis techniques to solve complicated Windows- and Linux-based investigations. GCFA experts can articulate complex forensic concepts such as the file system structures, enterprise acquisition, complex media analysis, and memory analysis.

GCFAs are front line investigators during computer intrusion breaches across the enterprise. They can help identify and secure compromised systems even if the adversary uses anti-forensic techniques. Using advanced techniques such as file system timeline analysis, registry analysis, and memory inspection, GCFAs are adept at finding unknown malware, rootkits, and data that the intruders thought had eliminated from the system.

This certification will ensure you have a firm understanding of advanced incident response and computer forensics tools and techniques to investigate data breach intrusions, tech-savvy rogue employees, advanced persistent threats, and complex digital forensic cases.

GCFA certification tests knowledge that is not geared for only law enforcement personnel, but for corporate and organizational incident response and investigation teams that have different legal or statutory requirements compared to a standard law enforcement forensic investigation.

How Does The GCFA Training or Certification Program Differentiate Itself From Other Offerings?

  1. Unique: The GCFA is the industry's largest vendor neutral digital forensic certification with over 2,150 analysts certified. The GCFA is also the only ANSI/17024 accredited digital forensic certification offering. Combined, this makes the GCFA an unique and desired certification among professionals in the community.
  2. Skill Set: GCFA's are able to tackle investigations that regular examiners cannot solve. Using techniques such as memory and registry analysis, GCFA experts can answer questions that several years ago were thought to have been unanswerable.
  3. Legal: GCFA is the only vendor neutral certification that tests for both technical fundamental concepts and key legal knowledge required in both the United States and European Union.
  4. Community Outreach: Certified GCFA professionals actively build the forensic community by encouraging members to participate in the popular GCFA computer forensic blog, resulting in publishing over 356 articles in the past two years.

Why Choose the GIAC Certified Forensic Analyst Certification Over Other Forensic Certifications?

  • SANS and GIAC constantly update the Computer Forensic course and certification information to keep you on top of current techniques, legal precedents, and methodologies used to solve crime.
  • We use real-world, hands-on incident and forensic scenarios to test your forensic analysis capabilities.
  • The GCFA certification tests not only law enforcement legal information but also a firm understanding of civilian legal statutes and requirements such as the Sarbanes-Oxley Act (SOX), the Gramm-Leach-Bliley Act (GLB), the Health Insurance Portability, Accountability Act (HIPAA), and many others.
  • SANS Certified analysts have a firm grasp of Electronic Evidence Discovery (EED) and how to apply their skills in responding to EED requests.

How Well Does the GCFA Professional Training or Certification Program Meeting the Needs of the IT Security Professional?

First, each GCFA is an advanced investigator ensuring that digital forensic professionals know how to investigate advanced cases utilizing cutting edge techniques such as memory, registry, shadow volume, and timeline analysis. These techniques are pushing digital forensics beyond traditional "file recovery" into capabilities that allow a skilled analyst to track the every move of an adversary across a system or enterprise. The level of analysis and comprehension needed for digital forensics experts is immense and the GCFA tests and certifies these skills and knowledge base.

Second, an alarming trend has developed in several states regarding legislation of licensing of digital forensic specialists as private investigators without regard to digital forensics qualifications. The GCFA will set apart a true professional from the untrained amateur. Due to the in-depth competency requirements of a digital forensic specialist, a professional will desire to show that they have had their skills tested and accredited.

Certified Skills that GCFAs Possess

  • Acquiring Data and Evidence
  • Application Footprinting
  • Autopsy Forensic Browser
  • Computer Forensics Primer
  • Critical Analysis Tools
  • Data Preservation
  • File Name Layer
  • File System and Data Layer Tools
  • Forensic Imaging and Filesystem Media Analysis
  • Forensic Investigation Process
  • Hash Comparisons and Fuzzy Hashing
  • Linux File System Basics
  • Metadata Layer
  • Unallocated Metadata and File Content Types
  • Windows FAT File System Basics
  • Windows File System Basics
  • Windows Live Imaging
  • Windows Media Analysis
  • Windows Media and Artifact Analysis
  • Windows NTFS File System Basics
  • Windows Response and Volatile Evidence Collection
  • Advanced Forensic Evidence Acquisition and Imaging
  • File System Timeline Analysis
  • Super Timeline Analysis
  • Live Incident Response and Volatile Evidence Collection
  • Advanced Windows Registry Analysis
  • Discovering Malware on a Host
  • Recovering Key Windows Files
  • Application Footprinting and Software Forensics