The company behind GIAC (Global Information Assurance Certification) program is SANS. It is regarded highly and well-respected player in field of information security generally. SANS researches and teaches in the area.
It gives provision to breaking news, working industry and group organizations, operation of service of security alert, serves all government kinds, academic and research of task forces of information security.
The forensic certification of organization includes levelled as intermediary GIAC Certified Forensic Examiner (GCFE) and more senior levelled GIAC Certified Forensic Analyst (GCFA). This credential provided by SANS topics enjoys reputation strongly in community of information security because of its instructors who are highly powered.
But there is candidate recommendations offered during, after or before conferences of SANS which are held in USA at good intervals. Both GCFA and GCFE focuses on computer forensics in incident response and investigation context. It also focuses on knowledge and skills that is required for analyzing and collecting data from Linux and Windows computer systems in the activities courses.
Students should have necessary abilities, skills and knowledge for conducting handling of incidents advanced, investigations of incidents formally. It includes dealing with external and internal breaches of data, intrusions, persistent threats that are advanced, knowledge of techniques of anti-forensics and documenting, building digital advanced forensic cases.
Most SANS GIAC certifications need validity of 4 years. Students can be recertified by re-attempting exams or to earn 36 CPEs. Added to these, certificate holders pay credential maintenance fees of $399 USD for each 4 years. Program of SANS GIAC does encompassing of 30 credentials of information security across broad disciplines and topics range.
- Course recommended for GCFE: FOR408: Windows Forensic Analysis
- Course recommended for GCFA: FOR508: Advanced Digital Forensics and Incident Response
- $5350 USD for each training course
- Exam number-
- 1 exam per certification (3 hours, 115 questions)
- GCFE: Pass mark 71%
- GCFA: Pass mark 69%
- Fees: $1049 USD for no training. Attempts of recertification: $599 USD
Topics of GCFE:
- Browser Forensics
- The individual will demonstrate a solid understanding of Browser Forensics
- Digital Forensics Fundamentals
- The candidate will demonstrate an understanding of forensic methodology, key forensics concepts, and identifying types of evidence on current Windows operating systems.
- Evidence Acquisition, Preparation and Preservation
- The candidate will demonstrate understanding of evidence chain-of-custody and integrity, E-discovery concepts, evidence acquisition and preservation, and the tools and techniques used by computer forensic examiners.
- File and Program Activity Analysis
- The candidate will demonstrate an understanding of how the Windows registry, file metadata, memory, and file system artefacts can be used to trace user activities on suspect systems.
- File Carving and Data Extraction
- The candidate will demonstrate an understanding of stream-based data carving and extraction, using tools like those contained in The Sleuth Kit.
- File system Structure and Analysis
- The candidate will demonstrate an understanding of FAT and NTFS file systems, and the ability to recover and analyze evidence from file system layers, including the data storage layer, metadata layer, and filename layer.
- Forensic Image Acquision, Preservation, and Handling
- The candidate will demonstrate an understanding of how and when to collect, document, and handle logical and physical images from file systems for the purpose of performing evidence analysis, and how to preserve evidence integrity.
Scope and importance-
- GCFA credentials is for those professionals who work in fields of incident response, computer forensics and information security. This credential focus on key, core and important skills needed for analyzing and collecting data from Linux and Windows systems of computer.
- GCFA gives certification to students having abilities, knowledge and skills for conducting investigations of incidents formally and handling scenarios of incidents advanced which includes external and internal breach intrusions of data, techniques of anti-forensic, threats that are persistent and advanced that are used by difficult cases of digital forensics and attackers.
- GCFE credentials are for those professionals who work or are interested in law enforcement, information security and legal aspects and industries who have requirement to know analysis of computer forensics. Credential focus on important skills needed for analyzing and collecting data from Windows systems of computer.