GCFA Forensic Certification

1644 certified GCFA analysts as of 2009-11-07.

GIAC Certified Forensic Analysts (GCFAs) have the knowledge, skills, and abilities to handle advanced incident handling scenarios, legally collect and secure evidence, conduct incident investigations, perform Electronic Evidence Discovery (EED), write forensic reports that can be utilized in litigation, and legally carry out forensic investigation of computers, networks, and hard drives.

GCFA certified personnel understand and can articulate fundamental forensic concepts such as the file system structures, evidence handling and acquisition, computer based media analysis, and computer forensic report writing. GCFA certified personnel are able to demonstrate how commercial forensic tools function step-by-step and can describe the process in a court of law. They are adept at both live and dead evidence acquisition as well as complete deep-dive forensic analysis. In addition, certified analysts are able to articulate and ensure an exact legal process is followed to protect...

The GIAC & GCFA




Five Reasons to Get
GCFA Certified:



1. Recognized and accepted in courts around the world for expert witness testimony.

2. GIAC is ANSI certified. Compared to other forensic certifications, the process in which a candidate earns and maintains their certification is certified itself.

3. Helps Forensic personnel get promoted faster and earn more money.

4. Reinforces and affirms the 'hands on' forensic knowledge you possess.

5. Know how to respond to and perform Electronic Evidence Discovery using the forensic skills they posses.


Why Chose the GIAC Certified Forensic Analyst Certification Over Other Forensic Certifications?

  • SANS and GIAC constantly update the Computer Forensic course and certification information to keep you on top of current techniques, legal precedents, and methodologies used to solve crime.
  • We use real-world, hands-on incident and forensic scenarios to test your forensic analysis capabilities.
  • The GCFA certification tests not only law enforcement legal information but also a firm understanding of civilian legal statutes and requirements such as the Sarbanes-Oxley Act (SOX), the Gramm-Leach-Bliley Act (GLB), the Health Insurance Portability, Accountability Act (HIPAA), and many others.
  • SANS Certified analysts have a firm grasp of Electronic Evidence Discovery (EED) and how to apply their skills in responding to EED requests.
A Sampling of the
    Certified Skills
that GCFAs Possess
  • Acquiring Data and Evidence
  • Application Footprinting
  • Autopsy Forensic Browser
  • Computer Forensics Primer
  • Critical Analysis Tools
  • Data Preservation
  • File Name Layer
  • File System and Data Layer Tools
  • Forensic Imaging and Filesystem Media Analysis
  • Forensic Investigation Process
  • Hash Comparisons and Fuzzy Hashing
  • Linux File System Basics
  • Metadata Layer
  • Unallocated Metadata and File Content Types
  • Windows FAT File System Basics
  • Windows File System Basics
  • Windows Live Imaging
  • Windows Media Analysis
  • Windows Media and Artifact Analysis
  • Windows NTFS File System Basics
  • Windows Response and Volatile Evidence Collection
"This is awsome! We're seeing details that most people don't even know exist" - John Wright, Info Tech, Inc.
"The class provided in-depth, real world, hands-on information" - Robert Dale Drollinger, General Dynamics
SANS Institute