Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.

GCFA And GCFE Certifications

Best Digital Forensics Certifications 2018

SANS is the organization behind the Global Information Assurance Certification (GIAC) program, and is a well-respected and highly regarded player in the information security field in general. SANS not only teaches and researches in this area, it also provides breaking news, operates a security alert service and serves on all kinds of government, research and academic information security task forces, working groups and industry organizations.

The organization's incident response and forensics credentials include the following:

  • GIAC Certified Forensic Examiner (GCFE)
  • GIAC Certified Forensic Analyst (GCFA)
  • GIAC Reverse Engineering Malware (GREM)
  • GIAC Network Forensic Analyst (GNFA)
  • GIAC Advanced Smartphone Forensics (GASF)
  • GIAC Cyber Threat Intelligence (GCTI)

The intermediate-level GCFE and the more senior GCFA are the focus of this section. Neither credential requires taking SANS courses (which enjoy a strong reputation as among the best in the information security community, with high-powered instructors to match), but they are recommended to candidates, and often offered before, during or after SANS conferences held around the U.S. at regular intervals.

Both the GCFE and GCFA focus on computer forensics in the context of investigation and incident response, and thus also focus on the skills and knowledge needed to collect and analyze data from Windows and/or Linux computer systems during such activities. Candidates must possess the necessary skills, knowledge and ability to conduct formal incident investigations and advanced incident handling, including dealing with internal and external data breaches, intrusions and cyber threats, collecting and preserving evidence, understanding anti-forensic techniques, and building and documenting advanced digital forensic cases.

Most SANS GIAC credentials are valid for four years. Candidates may recertify for the GCFE and GCFA by earning 36 continuing professional experience (CPE) credits. In addition, credential holders must pay a certification maintenance fee of $429 every 4 years.

The SANS GIAC program encompasses more than 30 information security certifications across a broad range of topics and disciplines. IT professionals interested in information security in general, as well as digital forensics, would be well advised to investigate further at the GIAC home page.

GCFE and GCFA Facts & Figures

Certification NameGIAC Certified Forensic Examiner (GCFE)
GIAC Certified Forensic Analyst (GCFA)
Prerequisites & Required CoursesNone
GCFE recommended course: FOR500: Windows Forensic Analysis, $5,910
GCFA recommended course: FOR508: Advanced Digital Forensics and Incident Response, $5,910
Number of ExamsOne exam for each credential (115 questions, 3 hours, passing score of 71 percent)

Exams proctored by Pearson VUE. Registration with GIAC required to schedule an exam.
Cost per Exam$729 if part of training/bootcamp

$1,699 (no training – referred to as a certification challenge)
Additional details available here.
Self-Study MaterialsPractice tests available on the GIAC exam preparation page (two tests included in exam fee; additional practice tests are $149 each). Study guides and practice exams can be found on Amazon and other typical channels.

MORE: SANS GIAC Certifications & Career Paths