The Certified Computer Forensics Examiner (CCFE) tests a candidate's fundamental knowledge of the computer forensics evidence recovery and analysis process. Candidates are evaluated on their relevant knowledge of both hard and soft skills. Candidates will be tested on soft skills; they must prove that they have the requisit background knowledge of the complex legal issues that relate to the computer forensics field. Candidates' hard skills are vetted via a comprehensive practical examination that is given to candidates that pass the online mutliple choice exam. Only candidates that complete both the online multipe choice exam and the practical exam are granted active CCFE certification status.
The exam consists of two parts, a traditional multiple choice, true/false and multiple answer examination and a take-home practical exam. The multiple choice exam consists of 50 questions randomly pulled from a master list of questions. The certification candidate has 2 hours to complete the mutliple choice exam. Cadidates that pass the multiple choice exam are then given access to the practical examination files. These files are case files from a mock computer forensics case, the case files will also include scenario description of the case in question. The candidate must then perform a computer forensics examination on the case files, write up a report that could be used as evidence in a court of law, and then submit the report for grading within 60 days.
The 9 Certified Computer Forensics Examiner (CCFE) Domains are as follows:
- Law, Ethics and Legal Issues
- The Investigation Process
- Computer Forensic Tools
- Hard Disk Evidence Recovery & Integrity
- Digital Device Recovery & Integrity
- File System Forensics
- Evidence Analysis & Correlation
- Evidence Recovery of Windows-Based Systems
- Network and Volitile Memory Forensics
- Report Writing
Skilled information assurance professionals are the most important piece in the information security puzzle. Candidates that achieve a certification that requires proficiency beyond book knowledge is a valuable method of differentiating skill levels of information assurance professionals.
Benefits of IACRB certification to the Professional:
- Demonstrates theoretical knowledge of information assurance.
- Confirms commitment to information assurance profession.
- Serves as a differentiator in the highly competitive information security job market.
- Provides access to a network of certified individuals.
Benefits of IACRB certification to the Employers:
- Establishes a base-line skill level requirement for highly technical positions.
- Ensures that individuals have required hands-on skills to perform on the job.
- Access to a network of subject matter experts.