CyberSecurity Forensic Analyst (CSFA)
Credential: CyberSecurity Forensic Analyst (CSFA)
Credentialing Agency: CyberSecurity Institute
Renewal Period: 2 years
The CyberSecurity Institute, CyberSecurity Forensic Analyst (CSFA) certification validates that an analyst has the skills needed to conduct a thorough, sound forensic examination of a computer system and other digital devices, properly interpret the evidence, and communicate the results clearly and effectively. Candidates should meet experience requirements and must pass a written and practical exam.
More information can be found on the certifying agency's website.
CyberSecurity Forensic Analyst (CSFA)
MINIMUM REQUIREMENTS
Attainability:
Eligibility Requirements (View Details)
- Credential Prerequisite
- Experience: 2 years recommended
- Education
- Training
- Membership
- Other
- Fee
Note: This credential may have multiple options for a Service member to meet eligibility requirements. Requirements listed here are based on the minimum degree required. To view other options, see the Eligibility tab.
Exam Requirements (View Details)
- Exam
- Written Exam
- Oral Exam
- Practical Exam
- Performance Assessment
Exam Administration (View Details)
- In-person exam
- Remote proctored on-line exam
- Third-party test vendor
RECERTIFICATION SUMMARY
Renewal Period: 2 years
AGENCY CONTACT INFORMATION
CyberSecurity Institute
14751 N. Kelsey St. Suite 105
PMB 162
Monroe, WA 98272-1353
Phone: (800) 726-1433
Fax: (800) 726-1433
Email: CSFA@csisite.net
Experience REQUIREMENTS
Candidate should have at least two years of experience with both the technical and administrative aspects of conducting forensic analysis, including creating the verbiage for subpoenas, motions, and affidavits, as well as experience creating comprehensive forensic analysis reports.
Other REQUIREMENTS
The CyberSecurity Forensic Analyst (CSFA) credential has the following other requirements:
- Candidate must submit an FBI Criminal Background Check and a completed CSFA Certification Test Application and Agreement prior to taking the certification exam.
Written Exam
- Active, archival and latent data
- Affidavits, motions, and subpoenas
- Compact Disc analysis
- Conducting keyword boolean searches
- Creating understandable and accurate reports
- Creating forensically sound working copies or images of media
- Documentation, chain of custody, and evidence handling procedures
- FAT 16/32 file systems
- File Headers and Footers
- File slack, ram slack, drive slack, and unallocated space
- Hashes and Checksums
- Imaging handheld devices
- Insurance/liability issues
- Interpretation of various log formats
- Interpreting Internet History and HTTP concepts
- Manual and automated data recovery
- Metadata for Microsoft Office and PDF documents
- NTFS
- Overcoming encryption mechanisms and password protection
- PC hardware concepts
- Privacy issues
- Rules of evidence
- TCP/IP concepts
- Windows print spool files
- Windows Prefetch
- Windows registry
- Windows shortcuts
- Windows swap file
- Windows Volume Shadow Copy
- Working as an expert technical witness
Practical Exam
- During the hands-on portion of the exam, candidate is given a scenario that includes processing a hard drive and may include other media such as a CD, DVD, or USB drive. Some scenarios include a cellular phone or other handheld devices. The test candidate may be presented with a running computer to analyze or may have the media/devices to be analyzed delivered by courier.
Exam Preparation Resources
There are a number of resources available to help you prepare for the CyberSecurity Forensic Analyst (CSFA) examination:
- Best Sources
An additional resource is O'Reilly Learning Safari Books Online, a searchable digital library that provides online access to thousands of books, training videos and conference sessions. See the Educational Resources section on the Related Sites page here on COOL to learn how to get free access.
Testing Information
-
Exam Administration
Credential exams may be administered in-person at a testing site, proctored on-line remotely, or have options for both. If an exam is administered through a test vendor, the third-party test vendor box will be checked. The following test administration options apply to the CyberSecurity Forensic Analyst (CSFA) credential where checked:
- In-person exam
- Remote proctored on-line exam
- Third-party test vendor
For more information on the CyberSecurity Institute testing process, visit the agency website.
RECERTIFICATION
CyberSecurity Forensic Analyst (CSFA)
Renewal Period: 2 years
Additional considerations for the CyberSecurity Forensic Analyst (CSFA) include:
- Although not required, it is highly recommended that candidate hold one of the following certifications:
- AccessData Certified Examiner (ACE)
- Certified Forensic Computer Examiner (CFCE)
- Certified Computer Examiner (CCE)
- Computer Hacking Forensic Investigator (CHFI)
- EnCase Certified Examiner (EnCE)
- GIAC Certified Forensics Analyst (GCFA)