Become a certified digital forensics expert!Digital crime is on the rise in India. Between 2011 and 2013, official registrations and investigations of cybercrime incidents grew from 1,800 to almost 4,400 cases.[1] The demand for IT professionals skilled in digital forensics is greater than ever.

Certified Forensic Computer Examiners (CFCE) regularly work with law enforcement and private firms to track down and prosecute cyber criminals. Their typical duties include keeping current with the latest hardware and software technology for recovering and examining data from a multitude of electronic storage devices. Forensic examiners must also practice great caution when recovering data in order to protect the integrity of evidence and maintain its admissibility into formal court proceedings. Once the data has been analyzed, the examiners produce technical reports to be used as evidence.

Annual salary for a CFCE, with a bachelor’s degree, and relevant certifications and experience, is approximately ₹ 1,100,000 ($17,292 U.S.). In you are interested in pursuing a career in the high-demand field of digital forensics, you should consider the following seven certifications.

Computer Hacking Forensic Investigator (CHFI)

CHFI is a vendor neutral certification offered by the International Council of E-Commerce Consultants (EC-Council). CHFI enjoys wide spread popularity and acceptability throughout the Industry. This certificate authenticates individuals in the security discipline of computer forensics.

Although not mandatory, most candidates undergo training through an EC-Council authorized training center before sitting for the required exam. Candidates may petition to sit for the exam if they have two years of information security related experience, an educational background reflecting specialization in information security, and complete the Exam Eligibility Application. The 312-49 exam consists of 150 multiple-choice questions (MCQs) administered in a four-hour timeframe. 70 percent is a passing score, and the cost for the exam is $500 (U.S.).

The EC-Council is also the provider of other popular well known certifications like Certified Ethical Hacker (CEH), EC-Council Certified Security Analyst (ECSA), EC-Council Certified Incident Handler (ECIH) and Licensed Penetration Tester (LPT).

Certified Forensic Computer Examiner (CFCE)

Because of the expense and effort required to earn CFCE, it’s seen as the Industry’s gold-standard. CFCE is offered by the International Association of Computer Investigative Specialists (IACIS), and has an excellent reputation in the computer forensic world because of its comprehensive and rigorous validating process. IACIS deals primarily with individuals working in law enforcement (regular membership is restricted to individuals currently employed in law enforcement). IACIS also offers associate memberships to retired law enforcement personnel; and full/time contractors working with law-enforcement.

Certification requires completion of a two-step process that includes peer-review and CFCE testing. Prior to peer review, candidates must accept and complete four practical problems involving the core knowledge of forensics. Each problem must be solved within 30 days and presented to a mentor for evaluation before going on for a peer review.

Upon completion of the peer review, candidates enter the certification phase — independently analyzing and reporting on a forensic image of hard drive and writing a proper report within 40 days. A passing score for the forensic exercise and report is 80 percent.

After completing this step, candidates may finally sit for the written exam — 100 questions (multiple choice, true/false, and short answer) with an 80 percent score to pass. After successfully completing all of the above candidates must still submit a notarized form stating “that the practical and written exams” were done independently and without help. IACIS provides the Training solely for the certification.

Candidates must also possess 72 hours of CFCE core competency training. The easiest way to obtain the core competency training is to enroll in IACIS’ two-week basic Computer Forensic Examiner course. Completion of the basic course allows candidates to enroll directly into the CFCE program. If you don’t attend the basic course you will be required to pay a $750 (U.S.) fee and pass a background check before enrolling in the CFCE course.

CFCE is difficult to earn, but considered essential for IT forensic professionals.

Certified Computer Examiner (CCE)

CCE is another highly-respected, vendor-neutral certification offered by the International Society of Forensic Computer Examiners (ISFCE). Due to its wide acceptance, reasonable costs and high professional standards CCE is highly recommended.

Successful candidates should have at least 18 months of experiences working with digital examination, if not, attendance at an ISFCE authorized boot camp is recommended. You can do self-study if you prefer, but your study materials will need to be checked by the certification board for relativity with the field of digital forensics.

Certification is a two-step process. The first step is an online exam — 75 multiple choice questions to be answered in 45 minutes with a score of 70 percent required to pass. The second step is a practical exam, dealing with three different scenarios, where candidates have 90 days to conduct a forensic examination, and write a report on their findings.

Candidates must score at least 70 percent to pass the first scenario in order to proceed to the next two scenarios. An average score of 80 percent must be must be achieved on all three scenarios to achieve certification.

GIAC Certified Forensic Examiner (GCFE) & GIAC Certified Forensic Analyst (GCFA)

GCFE and GCFA are two excellent certifications with wide acceptance and a low complexity process. Both are provided by SANS, the largest source for information security training and certification in the world, from the Global Information Assurance Certification program (GIAC). GIAC certifications are well known in the market and are much sought after by the companies like Microsoft, Oracle, and JP Morgan, and so forth. SANS provide many of the courses GIAC has to offer.

Both certs are vendor-neutral, and relatively straight forward to obtain. No specific training is required for either cert. There are lots of sources regarding the covered knowledge areas available including books and videos. However, the best source for relevant, up-to-date information is a SANS training course.

GCFE certifies candidates have the knowledge and skills to manage typical incident investigations, forensic analysis and reporting, and so forth. GCFE candidates must achieve a passing score of 71 percent on a proctored exam consisting of 115 questions with a duration of three hours.

The GCFA certificate is primarily for IT professionals with experience in forensics. GCFA like its little brother, GCFE, does not require any formal training to sit for the 115 question, three hour exam. Candidates must earn a score of 69 percent to pass.

Professional Certified Investigator (PCI)

ASIS International offers a top-notch, vendor-neutral certification for those who want to work on legal cases and look forward to “fighting” at trial. A PCI certification demonstrates an individual’s credibility in conducting all aspects of a computer forensic case from evidence collection to analyses and reporting as well as providing on-the-stand expert testimony. PCI certificate holders have extensive knowledge on case management, techniques and procedures.

To sit for the exam candidates must have a high school diploma, or a GED equivalent, and a minimum of five years of experience in investigations – with at least two years in case management investigation.

The PCI exam typically consists of 140 MCQ questions (125 scored questions and 15 randomly inserted unscored questions). Candidates need to achieve an 81 percent to pass. To ensure competency, the PCI exam covers basic skills, knowledge and tasks in three primary domains at the following percentages:

Case Management (29 percent)

Investigative Techniques and Procedures (50 percent)

Case Presentations (21 percent)

The cost for an exam is $300 (U.S.) for ASIS members and $450 (U.S.) for non-members.

Become a certified digital forensics expert!EnCase Certified Examiner (EnCE)

IT professionals working with forensics have used or at least heard of EnCase® computer forensic software from Guidance Software. EnCase® certificate holders are widely respected by law enforcement and corporate communities for their in-depth knowledge of computer forensics.

EnCE certified professionals possess strong capability in computer investigation, and the expert use of Encase software in forensic examinations. Though not vendor-neutral, this cert is highly valued in the legal and corporate worlds.

Candidates should have at least twelve months of work experience in computer forensics, or have attended 64 hours of an authorized training course, and submit an application to sit for the exam. The exam has two phases:

Phase 1 is the written portion exam in which you have two hours to complete. A minimum passing score is 80 percent. If you fail to pass the written portion of the exam, you will have to pay the testing fee again and wait two months to retest.

Successful completion of phase I gives you entry to Phase II, the Practical Exam. This portion of the exam needs to be completed within 60 day (30-day extensions may be granted on a case-by-case basis). Candidates must earn a score of 85 percent or more to pass Phase II. Failure to pass will cause you wait two months for a re-test. There are other administrative issues to be aware of so as not to delay a re-take of the exam.

EnCE certifications must be renewed every three years, and the cost is only $200 (U.S.). However, candidates should be aware of additional testing and renewal requirements to avoid fouling up their certifications:

  • Contacting an EnCE examiner or trainer during either Phase I or Phase II is considered cheating and results in “immediate failure and exclusion from future testing.”
  • Certificate holders are responsible to know the date their certificate expires. If it expires, you’ll have to begin the certification process from the very beginning — “extensions will not be granted.”

The above certifications all have their strengths and weaknesses. Which cert you pursue is solely your choice. We think any of them will have a positive impact to your digital forensic career. So whether you’re new to the world of computer forensics or an old pro, rest assured that relative job experience along with proper certifications do make a difference.

[1] “Cyber Crimes in India: Which State Tops the Chart?”