Use this quick start guide to collect all the information about GIAC GCFA Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the GIAC Forensic Analyst (GCFA) exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual GIAC Certified Forensic Analyst (GCFA) certification exam.
The GIAC GCFA certification is mainly targeted to those candidates who want to build their career in Incident Response and Forensics domain. The GIAC Certified Forensic Analyst (GCFA) exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of GIAC GCFA.
GIAC GCFA Exam Summary:
|Exam Name||GIAC Certified Forensic Analyst (GCFA)|
|Exam Price||$1899 (USD)|
|Number of Questions||115|
|Schedule Exam||Pearson VUE|
|Sample Questions||GIAC GCFA Sample Questions|
|Practice Exam||GIAC GCFA Certification Practice Exam|
GIAC GCFA Exam Syllabus Topics:
|Identification of Malicious System and User Activity||- The candidate will demonstrate an understanding of the techniques required to identify and document indicators of compromise on a system, detect malware and attacker tools, attribute activity to events and accounts, and identify and compensate for anti-forensic actions.|
|Incident Response in an Enterprise Environment||- The candidate will demonstrate an understanding of how to rapidly assess and analyze systems in an enterprise environment and scale tools to meet the demands of large investigations.|
|Incident Response Process and Framework||- The candidate will demonstrate an understanding of the steps of the incident response process, attack progression, cyber threat intelligence, malware and adversary fundamentals.|
|Timeline Artifact Analysis||- The candidate will demonstrate an understanding of the Windows filesystem time structure and how these artifacts are modified by system and user activity.|
|Timeline Collection||- The candidate will demonstrate an understanding of the process required to collect timeline data from a Windows system.|
|Timeline Processing||- The candidate will demonstrate an understanding of the methodology required to process Windows timeline data from multiple system sources.|
|Volatile Artifact Analysis||- The candidate will demonstrate an understanding of normal and abnormal activity within the structure of Windows volatile memory and be able to identify artifacts such as malicious processes, network connections, system data and memory resident files.|
|Volatile Data Collection||- The candidate will demonstrate and understanding of how and when to collect volatile data from a system and how to document and preserve the integrity of volatile evidence.|
|Windows Filesystem Structure and Analysis||- The candidate will demonstrate an understanding of core Windows filesystems, and the ability to identify, recover, and analyze evidence from any file system layer, including the data storage layer, metadata layer, and filename layer.|
|Windows System Artifact Analysis||- The candidate will demonstrate an understanding of Windows system artifacts and how to collect and analyze data such as system back up and restore data and evidence of application execution.|
To ensure success in GIAC GCFA certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for Forensic Analyst (GCFA) exam.