GIAC GCFA : GIAC Certified Forensic Analyst Exam
The GIAC GCFA: GIAC Certified Forensic Analyst exam is designed for individuals who work in information security, computer forensics, and incident response fields. The GCFA certifies that candidates have the knowledge, skills, and ability to conduct formal incident investigations and handle advanced incident handling scenarios, including internal and external data breach intrusions.
The GIAC GCFA exam will be proctored, and this exam contains a range of 115 questions. A candidate will be allotted 180 minutes in which to complete the exam. In order to pass the exam, a minimum score of 69% will need to be achieved.
A candidate is encouraged to prepare for this exam by enrolling in the SANS training course: FOR508: Advanced Computer Forensic Analysis and Incident Response. This certification will need to be renewed once every four years. An example of one of the topics that will appear on this exam includes Acquiring and Analyzing Volatile Data, which will require a candidate to demonstrate an understanding of how to acquire and analyze local and remote volatile evidence during an intrusion.
Other topics that will arise on the GIAC GCFA exam include Analyzing Timelines, Data Layer Extermination, and Operating Systems and Filesystems. These are general guidelines for the content of the exam, and additional questions about related content may appear.