EnCE – EnCase® Certified Examiner

| February 24, 2006


Cost: $150.00
Other Requirements: Experience varies on path taken. See details.
Renewal: Every 2 years, 64 credit hours of continuing education

Phase I – Exam:

Questions: >100
Time: 120 Minutes
Passing Score: 80%
Format: Multiple Choice

Phase II – Practical:

Phase II is a practical test requiring students to examines computer evidence that is sent to them via CD-Rom. Students must submit their findings report to the certification coordinator within 60 days and receive a grade of 85% of higher to pass. A 30-day extension may be granted in certain circumstances. Candidates successfully passing Phase I and II of the process are awarded the EnCE designation.

Editors' Quick Thoughts

In security topics such as ethical hacking, forensics and incident response, it is generally a good idea to go for a vendor neutral cert. But (EXs: Microsoft in OSs, Cisco in networking, etc.) no one can dispute that Guidance Software's EnCase product line dominates the forensics field. So if you are looking for a more advanced forensics cert and work in an EnCase shop, this is a good one to get. Since law enforcement and the legal profession (even those without technical knowledge) know EnCase, being certified in this product can only help your career.

From the Horse's Mouth (Guidance Software's Web Site Content):


The EnCase® Certified Examiner (EnCE) program certifies both public and private sector professionals in the use of Guidance Software's EnCase® computer forensic software. EnCE certification acknowledges that professionals have mastered computer investigation methodology as well as the use of EnCase® during complex computer examinations. Recognized by both the law enforcement and corporate communities as a symbol of in-depth computer forensics knowledge, EnCE certification illustrates that an investigator is a skilled computer examiner.

Note: Qualified applicants will receive a free EnCE study guide.

More from Guidance Software.

EH-Net Resources

CHFI – Computer Hacking Forensic Investigator

| February 24, 2006

InfoSec Training Online with EC-Council iClass. Online, Live, Instructor Led

Exam Details:

Questions: 50
Time: 120 Minutes
Passing Score: 70%
Format: Multiple choice
Cost: $150.00
Other Requirements: Must sign an Ethics Agreement.
Renewal: None.

Editors’ Quick Thoughts

This cert may not be as hot as CEH, but it is definitely covering a hot area of security – forensics. Think of this as CSI for computers. There’s defintiely a need for vendor-neutral certifications in forensics. This is one of them. CCE is probably it’s biggest competitor. SANS is also in this space. But the big boy on the block is a vendor-specific credential, EnCase. As the federal government and the court system move into a future where eDiscovery is already the law for pretty much every type of case, the need for forensics professioanls is without a doubt growing. One word of caution (and this is less about CHFI and more about forensics in general)is that this is an exciting field technically, but sometimes the evidence you must see is disturbing.

ec-council--logo.gifFrom the Horse’s Mouth (EC-Council’s Web Site Content):

Computer hacking forensic investigation  is the  process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks. Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. CHFI investigators can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information.

Securing and analyzing electronic evidence is a central theme in an ever-increasing number of conflict situations and criminal cases. Electronic evidence is critical in the following situations:

  • Disloyal employees
  • Computer break-ins
  • Possession of pornography
  • Breach of contract
  • Industrial espionage
  • E-mail Fraud
  • Bankruptcy
  • Disputed dismissals
  • Web page defacements
  • Theft of company documents

Computer forensics enables the systematic and careful identification of evidence in computer related crime and abuse cases. This may range from tracing the tracks of a hacker through a client’s systems, to tracing the originator of defamatory emails, to recovering signs of fraud.

The CHFI course will provide participants the necessary skills to identify an intruder’s footprints and to properly gather the necessary evidence to prosecute in the court of law.

The CHFI course will benefit:

  • Police and other law enforcement personnel
  • Defense and Military personnel
  • e-Business Security professionals
  • Systems administrators
  • Legal professionals
  • Banking, Insurance and other professional
  • Government agencie
  • IT managers

More from EC-Council.

EH-Net Resources

CCE – Certified Computer Examiner

| February 24, 2006


Requirements: Adhere to Code of Ethics, No criminal record
Renewal: Every 2 years, $45.00

CCE: Exam

Questions: Varies
Time: 90 Days for Entire Process
Passing Score: 80%
Format: Multiple Choice, 3 Hands-On Forensic Exams
Cost: $395.00

MCCE: Practical

The Master CCE Program consists of a practical exam.

Editors’ Quick Thoughts

This is a vendor neutral and training neutral security cert. It’s considered to be a mid-level cert delving deep into the world of forensics. Be prepared for this one. Not only does the exam consist of an online multiple choice exam, but it also includes a hands-on section where you have to actually perform forensics tasks on different media including a floppy, CD & HDD.

From the Horse’s Mouth (ISFCE Web Site Content):

The Certified Computer Examiner(CCE)® certification is provided in association with the International Society of Forensic Computer Examiners. Sponsoring schools include the Southeast CyberCrime Institute at Kennesaw State University, the Tri County Technical College, Pendleton, SC and Sir Sanford Fleming College, Ontario, Canada. 

The Certified Computer Examiner certification is a result of our desire to:

  • Professionalize and further the field and science of computer forensics
  • Provide a fair, uncompromised process for certifying the competency of forensic computer examiners
  • To set high forensic and ethical standards for forensic computer examiners
  • To provide a universally recognized, unblemished certification that is available to all who can qualify, for a reasonable cost.
  • Conduct research and development into new and emerging technologies and methods in the field and science of computer forensics

The CCE certification is available world wide to both law enforcement and non law enforcement forensic computer examiners who have no criminal record** and who have the appropriate training, experience or are self taught.   A police clearance may be required.

MCCE Requirements:

Those CCEs who obtain three or more operating system endorsements will become Master Certified Computer Examiners (MCCE). Various operating system specific endorsements are/will be available including:

  • The Microsoft FAT (Windows 95/98) file systems and forensic issues related to those file systems.
  • The Microsoft NTFS (Windows NT/2000/XP) file systems and forensic issues related to those file systems.
  • The Unix/Linux file systems and forensic issues related to those file systems.
  • The MAC/Apple file systems and forensic issues related to those file systems.

More from ISFCE.

EH-Net Resources

GCFA – GIAC Certified Forensics Analyst

| February 24, 2006


Silver: Exam

Passing Score:
Other Requirements:

Gold: Practical

Many had feared that the practical portion of the GIAC certification program had disappeared. It actually has just been renamed to allow for 2 levels of certification. Silver for the exam alone and gold for the practical.

Editors' Quick Thoughts

Coming Soon.

From the Horse's Mouth (GIAC's Web Site Content):

Course: System Forensics, Investigation & Response, SEC-508

Target: Individuals responsible for forensic investigation/analysis, advanced incident handling, or formal incident investigation. GIAC Certified Forensic Analysts (GCFAs) have the knowledge, skills, and abilities to handle advanced incident handling scenarios, conduct formal incident investigations, and carry out forensic investigation of networks and hosts.

Requirements: Two online exams

Credit Hours: 3

Renewal: Every 4 years

More from GIAC.

EH-Net Resources