Last week, I got a phone call from one of my publishers asking for a revision to this Sybex title Computer Forensics Jump Start by Michael Solomon, Diane Barrett, and Neil Broom (Sybex, 2005, ISBN: 9780782143751). Always glad to revise a book (which means it’s still selling, and the publisher thinks it will stay that way, or it wouldn’t risk the costs of writing, editing, laying out, and printing a different version), I’m in the process of building a revision plan.
Part of the coverage in that book deals with various Computer Forensics certifications. In fact, here’s the very list that the book currently includes:
- Advanced Information Security (AIS): An old Security University offering, now defunct. Will be replaced by the Q/FE Qualified Forensic Expert credential instead.
- Certified Computer Examiner (CCE): still going strong, and shows strong signs of a thriving and vibrant certification program.
- Certified Cyber-Crime Expert (C3E): Warren Kruse, the tech editor for the last edition of this book had his hand somewhere in this program, but I can’t find any evidence that it’s still up and running (all links lead to a dead end on the parent organization’s home page, which is not a good thing, and the toll-free number listed on the page is out of service). I’m going to axe this one.
- Certified Information Forensics Investigator (CIFI): This is a cert from the International Information Systems Forensics Association (IISFA). You can’t access information about the cert directly from the Website, and they don’t provide contact information other than a general email address. I’ve sent an email to this address to see what kind of response it elicits, but I get the willies whenever a cert program isn’t fully-fledged with a public website, transparent info, and complete contact information for the parent organization.
- Certified Computer Crime Investigator (CCCI): The High Tech Crime Network is still plumping its various credentials, including basic and advanced versions of this cert, as well as the CCFT that follows next. I need to do some more digging here (and for the next item, ditto).
- Certified Computer Forensic Technician (CCFT): see previous item.
- Certified Forensic Computer Examiner (CFCE): The brainchild of the International Association of Computer Investigative Specialists (IACIS). The same organization that offers the credential also offers training on the background and bundles the exam costs in with those charges. Their phone rings into voicemail, and while I see signs of legitimacy in this program, I want to interview some principals before I let this one stand in our revised list.
- Certified Information Systems Auditor (CISA): ISACA is well-known for this cert, but because it’s aimed at audit in general rather than at computer forensics in particular (it does include coverage of forensics, but its coverage goes well beyond forensics alone) I’m not sure I’m going to keep this one on the list.
- EnCase Certified Examiner Program (EnCE): EnCase is one of the biggest and best-known names in the forensic software space, and one of the few to offer its own dedicated certification program. For those who use this tool, this cert becomes a badge of competency and legitimacy. Like IACIS, the same company that offers the cert also offers (and requires) the related training.
- GIAC Certified Forensic Analyst (GCFA): The GCFA is a well-known and widely available source of vendor-neutral security certifications from an active and well-respected player in the infosec field. They, too, offer (but don’t require) training to prepare candidates for the related certification exam.
- Professional Certified Investigator (PCI): ASIS International is the parent organization for this senior-level security/forensics certification, which has been around longer than any of the others mentioned here. It offers considerable cachet and comes with a well-established sense of validity and legitimacy.
What I’d like to hear from readers is any experiences they’ve had with any of the certs mentioned here, or their recommendations for other certs to add to this list (I’ve indicated which ones are likely to be removed: if you want to object, that’s also entirely welcome). As you can tell from my comments, forensics certification remains a kind of “wild frontier” where anybody who wants to hang up a shingle can start a cert program in this area, and try to grow a certified population. Separating the wheat from the chaff in this big field of dreams and drama will be an important part of revising the book. Please help!