SANS is the organization behind the Global Information Assurance Certification (GIAC) program, and is a well-respected and highly regarded player in the information security field in general. SANS not only teaches and researches in this area, it also provides breaking news, operates a security alert service and serves on all kinds of government, research and academic information security task forces, working groups and industry organizations.
The organization's forensics credentials include the following:
- GIAC Certified Forensic Examiner (GCFE)
- GIAC Certified Forensic Analyst (GCFA)
- GIAC Reverse Engineering Malware (GREM)
- GIAC Network Forensic Analyst (GNFA)
- GIAC Advanced Smartphone Forensics (GASF)
The intermediate-level GCFE and the more senior GCFA are the focus of this section. Neither credential requires taking SANS courses (which enjoy a strong reputation as among the best in the information security community, with high-powered instructors to match), but they are recommended to candidates, and often offered before, during or after SANS conferences held around the USA at regular intervals.
Both GCFE and GCFA focus on computer forensics in the context of investigation and incident response, and thus also focus on the skills and knowledge needed to collect and analyze data from Windows and/or Linux computer systems in the course of such activities. Candidates must possess the necessary skills, knowledge and ability to conduct formal incident investigations and advanced incident handling, including dealing with internal and external data breaches, intrusions and cyber threats, collecting and preserving evidence, understanding anti-forensic techniques, and building and documenting advanced digital forensic cases.
Most SANS GIAC credentials are valid for four years. Candidates may recertify for the GCFE and GCFA by earning 36 continuing professional experience (CPE) credits. In addition, credential holders must pay a certification maintenance fee of $399 every 4 years.
The SANS GIAC program encompasses about 30 information security certifications across a broad range of topics and disciplines. IT professionals interested in information security in general, as well as computer forensics in particular, would be well advised to investigate further at the GIAC home page.
GCFE and GCFA Facts & Figures
|Certification Name||GIAC Certified Forensic Examiner (GCFE)|
GIAC Certified Forensic Analyst (GCFA)
|Prerequisites & Required Courses||None|
GCFE recommended course: FOR408: Windows Forensic Analysis, $5,910
GCFA recommended course: FOR508: Advanced Digital Forensics and Incident Response, $5,620
|Number of Exams||One exam for each credential (115 questions, 3 hours, passing score of 71 percent)
Exams proctored by Pearson VUE. Registration with GIAC required to schedule an exam.
|Cost per Exam||$689 if part of training/bootcamp
$1,249 (no training – referred to as a "certification challenge" or "certification attempt")
|Self-Study Materials||Practice exams available on the GIAC exam preparation page. Study guides and practice exams can be found on Amazon and other typical channels.|