| Issuer | IASCIS |
| Level | Advanced level |
| Career Opportunities | Cyber Defense Incident Responder, All Source-Collection Manager, All Source-Collection Requirements Manager, Cyber Operator, Cyber Crime Investigator, Law Enforcement / Counterintelligence Forensics Analyst, Cyber Defense Forensics Analyst |
| Skills | Ability to identify current partition schemes, Define Globally Unique Identifier (GUID), Understand the structure of FAT directory entries, Ability to distinguish, examine, analyze, and parse the contents of the NTFS master file table, Knowledge of deleted/orphaned files, Be able to identify file systems used by Apple and Linux, Understand hashing and hash sets, Ability to generate and validate forensically sterile media, Ability to generate and validate a forensic image of media, Ability to capture data from Random Access Memory, Understand file fragmentation, Ability to extract file metadata from common file types, Ability to extract data from compound files, Knowledge of encrypted files/media and strategies for recovery, Knowledge of Internet and Browser artifacts, Understand Cloud storage and how to obtain the data, Knowledge of the locations of common Windows artifacts, Be able to identify and extract specific data from the registry, Be able to extract and examine Event Logs, Ability to locate, mount and examine virtual drive files, Understand the Swap and Hibernation files and the evidence they may contain |
| Cost | Paid |
| Validity | 3 years |
| Renewal | Earn 40 CECs (continuing education credits) and then take the Recertification Exercise |
| Themes | Digital Forensics, Computer Forensics, windows Forensics, Forensics Analysis, Malware, Attackers, APTs, Cyber Crime, Cyber Defense, Incident Response |
Certification Overview
The Certified Forensic Computer Examiner (CFCE) certification program is based on a series of core competencies in the field of computer/digital forensics. IACIS offers the CFCE certification program to prospective candidates who wish to attain the CFCE certification.
Exam Details
The CFCE certification program consists of a two stage process:
- Peer Review
- Certification Testing
Both stages are required to be completed to become CFCE certified. The candidate is required to demonstrate their knowledge of the CFCE core competencies and practical skills by successfully completing the peer review, practical and written examination instruments.
PEER REVIEW PHASE
The peer review phase consists of the following elements:
- Four (4) practical problems
- 30 days to complete each problem
- You are assigned a coach to guide you through the problem’s learning points.
- Must pass all four problems to be eligible to enter the certification phase.
CERTIFICATION PHASE
The certification phase consists of the following elements:
- Hard Drive practical problem – 30 days to complete
- Knowledge based objective test – 14 days to complete
Entry into the Certification Phase is automatic once the peer review phase has been completed. The candidate will have 7 days to begin the hard drive problem and 30 days to complete it. Seven days after the peer review phase has been completed whether the candidate logs in or not, the 44 day clock will begin.
The candidate will then go directly into the Knowledge Based test, which consists of 100 general forensic knowledge questions. The written exam consists of questions composed of true/false, multiple-choice, matching, and short essay (fill in the blank) questions. Candidates must obtain a minimum score of 80% on the exam and practical to pass. Failure to achieve the requisite score will result in failure, and the CFCE certification will not be awarded.
