The importance of digital forensic experts cannot be ignored, especially when the crimes happening through digital means are on the rise. The digital forensic experts are hired to investigate cyber-crimes and protect organizations through incidence response strategies. Becoming a digital forensic expert requires deep cyber-security knowledge and skills in the related field. There are a number of certification bodies who assess the individuals’ knowledge and expertise in digital forensics, while offering certifications as an endorsement. However, there are only few certifications that are highly acknowledged by big organizations and employment companies who look for digital forensic experts. Following is a brief summary of the forensics certifications to consider while pursuing a career in digital forensics.
Computer Hacking Forensic Investigator (CHFI)
CHFI by EC-Council is one of the most demanded digital forensic certification. EC-Council not only assesses the forensic expertise of the candidates through CHFI exam, but it also provides on demand training to the interested candidates. CHFI certified professionals are considered experts in performing forensic related tasks, such as evidence collection, intrusion analysis, information recovery, and maintenance of audit trails.
CHFI Exam & Requirements
Candidates having prior Information Security experience of 2 years are eligible to take CHFI exam. The interested candidates with no prior experience can also take the exam. In the latter case, the candidates are required to complete the EC-Council official training at accredited training centers.
| Total questions |
150 |
| Questions format | Multiple Choice Questions (MCQs) |
| Exam duration | 4 Hours |
| Exam delivery | ECC Exam |
More about CHFI can be found on the official EC-Council page: https://www.eccouncil.org/programs/computer-hacking-forensic-investigator-chfi/
Certified Forensic Computer Examiner (CFCE)
CFCE certification is offered by the International Association of Computer Investigative Specialists (IACIS). IACIS offers two types of memberships to those interested in certifications offered by IACIS. The regular membership is offered only to serving/retired government employees/contractors in the field of computer/digital forensics. Other people can apply for associate membership.
CFCE Exam & Requirements
Since IACIS primarily caters law enforcement personnel, those who do not belong to such government institutions must pass the background check to become IACIS member and take CFCE exam. CFCE exam is a two-step process: (1) Peer Review Phase and (2) Certification Phase.
Peer Review Phase: In the Peer review phase, the candidates are assigned scenario based questions to solve and submit the report to an assigned forensic expert. The expert evaluates the ability and skills of the candidates through the submitted results. If the forensic expert (mentor) finds the candidate eligible, the candidate enters into the next phase challenge i-e certification phase.
| Total questions | Four (4) |
| Questions format | Practical problems |
| Time to solve each problem | 30 Days |
| Passing criterion | Solve all 4 questions |
Certification Phase: After passing the peer review phase, the successful candidates are assigned a practical task of analyzing hard drive image and preparing a report based on their findings. Upon the acceptance of the report, the candidates proceed to the final exam (objective test).
| Time to attempt a hard drive image problem | Within 7 days of passing Peer Review Phase |
| Time to complete the hard drive problem | 30 days |
| Number of questions in Objective test | 100 |
| Questions format | MCQs, True/False, Matching, Fill in the blanks |
| Time to complete the Objective test | 14 days |
The candidates must obtain 80% or above marks to pass the exam. The successful candidates are awarded with CFCE certification. The certification is valid for a period of 3 years. IACIS offers proficiency tests in the 3rd year to recertify the CFCE holders. Check the IACIS official page to know more about CFCE: https://www.iacis.com/certification-2/cfce/.
Certified Forensic Security Responder (CFSR)
OpenText is an Enterprise Information Management (EIM) solutions and services provider that validates forensic expertise of the professionals through CFSR certification. The CFSR certification is considered an acknowledgement of various forensic skills, such as cyber-attacks detection, attack analysis, incident response, and remediation skills.
CFSR Exam & Requirements
The interested candidates must have at least 1 year of incident investigation experience to take the CFSR examination. Those who do not possess the required experience can attend (1) Incident Investigation and (2) Host Intrusion Methodology and Investigation courses offered by OpenText. CFSR exam comprises of written and practical exams. Those who fail the written exam can retake the exam after a period of two months. Candidates who pass the written exam are tested with practical exam. If the candidates fail to obtain the minimum passing score in the second exam phase (practical exam), they are given another opportunity. If the candidates fail in the second attempt, they have to wait for at least 2 months to retake the exam. The exam particulars of first and second phase are listed below.
| Written exam format | MCQs, True/False Statements |
| Exam interface | ExamBuilder |
| Exam duration | 2.5 hours |
| The minimum passing percentage for both exams | 80% |
CFSR certification is valid for a period of 3 years. The certification can be renewed by submitting a documented proof of attending 32 credit hours of continuing education in computer forensics or incident response. Other option to renew CFSR certification is either to get certified in another computer forensics/incident response or attend at least 10 sessions organized by Enfuse. Find more about CFSR here: https://www.opentext.com/products-and-solutions/services/training-and-learning-services/encase-training/forensic-security-responder-certification
Encase Certified Examiner (EnCE)
EnCe is another forensics certification offered by OpenText. EnCE certification validates the individuals’ forensics skills and use of Encase software. Encase is OpenText’s computer forensics software that is used for the recovery of the evidences from the seized hardware.
EnCE Exam Requirements
The candidates with one year of computer forensic experience are eligible for EnCE exam. The individuals with no prior experience must attend an authorized 64 hours of (online or classroom) forensic training by OpenText. EnCE exam comprises of written and practical exam phases. Candidates who pass the written test are allowed to take the practical exam. Those who fail the written exam must wait for a period of two months before reappearing in the exam. The exams details are mentioned in the following table.
| Number of written Exam questions | 180 |
| Allotted time | 2 hours |
| Minimum passing score | 80% |
| Number of practical questions | 18 |
| Allotted time | 60 days (plus additional 30 days if required) |
| Minimum passing score | 85% |
EnCe certifications are valid for a period of 3 years. The certification renewal policy is similar to that of CFSR certification. Find more about EnCE certification on the official page: https://www.opentext.no/products-and-solutions/services/training-and-learning-services/encase-training/examiner-certification.