Selecting a Worthwhile Forensics Cert

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

Dear Ed:

I worked in the CID (Ed’s note: In the U.S. Army that translates into Criminal Investigation Division) while on active duty in the military, but also have a computer science degree. I’m interested in getting certified in the general area of computer forensics, but am completely baffled by the 20-something different credentials I’ve been able to find out about—and that’s without trying very hard. Help! How do I separate the wheat from the chaff?


Thanks in advance for your help.


Ramesh P.
Seattle, Wash.


Dear Ramesh:
You’re right. This is a huge, hairy subject for all kinds of reasons. Let me tell you how I see this problem and how I suggest you solve it.


Understanding the Forensics Certification Situation
I just recently updated my infosec certification surveys for and turned up more than 50 vendor-neutral and nearly 40 vendor-specific information security certifications. Nearly half the vendor-neutral certs had something to do with computer forensics. Thus, the problem is that there are too many choices, but often also, not enough data about who’s earning those credentials and how employers or hiring managers are taking them into account when looking for people with the “right stuff.” A tough problem, indeed.


Picking a Forensics Cert That Works for You
Despite the difficulties involved, I don’t think it’s impossible to separate the wheat from the chaff. I suggest looking for programs that have more than local or statewide affiliations, but that also tie into national programs, agencies and coverage. That really helps to separate some of the chaff out pretty quickly. You also want to look at affiliation with national law enforcement and forensics organizations while you’re at it; that really helps, too. Finally, you’ll want to talk to prospective employers and ask them which credentials they like, if any (and if you get no answer because they don’t like any of them, you might want to reconsider your cert pursuits and pick some relevant coursework—preferably something with lots of hands-on time in a lab), and use that to assist with the winnowing process as well.


All that said, what I hear from practicing professionals in the field is that the following have potential to emerge with “best of bunch” status:



  • CCE (Certified Computer Examiner)
  • CFCE (Computer Forensic Computer Examiner)
  • CIFI (Certified Information Forensics Investigator)


That said, none of these programs has been endorsed by national law enforcement organizations like the FBI or by security/forensics groups like the NSA. It’s still anybody’s best guess, so involving prospective employers for feedback and input is absolutely essential.


Good luck!

Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone


Posted in Archive|