GCFA - GIAC Certified Forensics Analyst
The GCFA is a security certification that demonstrates that the owner has the ability to perform forensic and incident investigations in organizations.
It is maintained by the SANS Institute (SysAdmin, Audit, Network, Security).
The GCFA is a hands-on certification that covers how file systems work, and the technical and legal issues surrounding a forensic investigation. This includes concepts such as preparing a system for analysis, data recovery, interaction with law enforcement and legal concerns.
The SANS Institute offers a course for preparing for this certification. The course is called System Forensics, Investigation & Response and is listed as SEC-508.
The course can be taken through self-study or via a SANS conference or course.
Three separate levels are available through the GIAC certification tree (of which GCFA is part). By completing this certification, the individual is at the Silver level of certification.
The Gold level of certification requires the candidate to write a detailed technical report/white paper. If the paper is accepted, they will be certified as Gold level.
The Platinum level is the highest certification available and requires multiple Silver certifications. To obtain this certification, extensive testing, research and assignments are required.
To be considered certified, the following criteria must be satisfied:
This certification must be renewed every four years.
- The candidate must pay an examination fee. This fee can be added onto a self-study course, a conference course or paid by itself (called a challenge certificate);
- The candidate must pass two online exams, both multiple choice with time limits.