Problem solve Get help with specific problems with your technologies, process and projects.

Certifications with a focus on forensics

I have MCSE, CISSP and CISA. I would like to specialize in forensics. What next certification would you suggest...

for me to pursue?

If you meet experience requirements, check out the Certified Protection Professional (CPP). On the other hand, you might want to investigate more nuts-n-bolts certs from SANS (www.giac.org), or look into network forensics or protocol analysis certifications (both of which have highly technical security-related aspects that would add to your current expertise and knowledge base).

Hands-on experience is essential to any kind of forensics proficiency and knowledge. Whether you get that experience at work or on your own time elsewhere, you really can't pursue such credentials without spending lots of time learning and doing packet traces, analyses and forensic reconstructions of event sequences, attack signatures and so forth.

That said, you can pursue any number of programs in this area that will get you credentials in this subject matter, though it may sometimes be stated in terms of protocol analysis rather than forensics, per se. But the two topics are practically inseparable, so don't let this dissuade you from following any of the paths I'm about to recommend:

  1. EnCase Certified Examiner -- Requires six months of experience or 32 hours of classroom training in Guidance software's EnCase forensic analysis products (widely used by law enforce- ment and IT security professionals).
  2. Pine Mountain Group Certified NetAnalyst program -- Various levels of certification that include coverage of forensic tools and techniques throughout. No experience requirements jump out at me, but PMG really wants you to attend all four weeks (or more) of their training classes to get certified.
  3. Sniffer Certified Professional program -- Sniffer technologies wants you to have Sniffer and take their training, too.
  4. WildPackets NAX or Network Analysis Certification -- Same as above, except WildPackets prefers (but does not require) that you use Etherpeek and wants you to go to WildPackets Academy for training.

  5. For more information on this topic, visit these other SearchSecurity.com resources:
    News & Analysis: Veteran sleuth on cutting edge of cybercrime investigation
    Ask the Expert: Certifications for computer forensics
    Best Web Links: Forensics

This was last published in September 2002

Dig Deeper on Security industry certifications

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.