Use this quick start guide to collect all the information about GIAC GCFA Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the GIAC Forensic Analyst (GCFA) exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual GIAC Certified Forensic Analyst (GCFA) certification exam.
The GIAC GCFA certification is mainly targeted to those candidates who want to build their career in Digital Forensics, Incident Response & Threat Hunting domain. The GIAC Certified Forensic Analyst (GCFA) exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of GIAC GCFA.
GIAC GCFA Exam Summary:
| Exam Name | GIAC Certified Forensic Analyst (GCFA) |
| Exam Code | GCFA |
| Exam Price | $979 (USD) |
| Duration | 180 mins |
| Number of Questions | 82 |
| Passing Score | 71% |
| Books / Training | FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics |
| Schedule Exam | Pearson VUE |
| Sample Questions | GIAC GCFA Sample Questions |
| Practice Exam | GIAC GCFA Certification Practice Exam |
GIAC GCFA Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Analyzing Volatile Malicious Event Artifacts | - The candidate will demonstrate an understanding of abnormal activity within the structure of Windows memory and be able to identify artifacts such as malicious processes, suspicious drivers and malware techniques such as code injection and rootkits. |
| Analyzing Volatile Windows Event Artifacts | - The candidate will demonstrate an understanding of normal activity within the structure of Windows memory and be able to identify artifacts such as network connections, memory resident command line artifacts and processes, handles and threads. |
| Enterprise Environment Incident Response | - The candidate will demonstrate an understanding of the steps of the incident response process, attack progression, and adversary fundamentals and how to rapidly assess and analyze systems in an enterprise environment scaling tools to meet the demands of large investigations. |
| File System Timeline Artifact Analysis | - The candidate will demonstrate an understanding of the Windows filesystem time structure and how these artifacts are modified by system and user activity. |
| Identification of Malicious System and User Activity | - The candidate will demonstrate an understanding of the techniques required to identify and document indicators of compromise on a system, detect malware and attacker tools, attribute activity to events and accounts, and identify and compensate for anti-forensic actions using memory and disk resident artifacts. |
| Identification of Normal System and User Activity | - The candidate will demonstrate an understanding of the techniques required to identify, document, and differentiate normal and abnormal system and user activity using memory and disk resident artifacts. |
| Introduction to File System Timeline Forensics | - The candidate will demonstrate an understanding of the methodology required to collect and process timeline data from a Windows system. |
| Introduction to Memory Forensics | - The candidate will demonstrate an understanding of how and when to collect volatile data from a system and how to document and preserve the integrity of volatile evidence. |
| NTFS Artifact Analysis | - The candidate will demonstrate an understanding of core structures of the Windows filesystems, and the ability to identify, recover, and analyze evidence from any file system layer, including the data storage layer, metadata layer, and filename layer. |
| Windows Artifact Analysis | - The candidate will demonstrate an understanding of Windows system artifacts and how to collect and analyze data such as system back up and restore data and evidence of application execution. |
To ensure success in GIAC GCFA certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for GIAC Forensic Analyst (GCFA) exam.