Certified Information Forensics Investigator (CIFI)

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

Among the many (more than 20 at last count) computer-forensics certifications currently available, the International Information Systems Forensics Association’s (IISFA’s) Certified Information Forensics Investigator (CIFI) is something of a standout. The credential aims squarely at experienced information forensics investigators who possess significant field experience in performing investigations for law enforcement bodies or agencies or as part of corporate forensics investigation teams. This credential aims to certify demonstrable experience, skills and knowledge across the many parts of the investigation process and to create a designation that carries merit and recognition outside the rather narrow field it covers.

Unlike many other programs in this field, the CIFI is strictly vendor-neutral and does not require candidates to take specific training courses, learn and use specific computer forensic products or systems or any stipulations outside those related to knowledge, skills and abilities. Candidates can take the exam simply by agreeing to honor the IISFA’s code of professional ethics and paying the required exam fee (which costs $450 or $500 depending on when a candidate registers).

The CIFI exam includes six areas in its common bodies of knowledge (CBKs), all strongly related to information forensics:



  • Auditing
  • Incident Response
  • Law and Investigation
  • Tools and Techniques
  • Traceback
  • Countermeasures


The IISFA offers a short, but reasonably complete and comprehensive reading list (www.iisfa.org/certification/readinglist.asp) to help candidates prepare for the exam. It also provides detailed explanations of the topics, issues, tools and techniques relevant to the various CBKs. (Check the submenus on the Common Bodies of Knowledge page at www.iisfa.org/certification/cbk.asp.) The Web site (www.infoforensics.org) also offers various resources, newsletters, pointers to training partners and more.

Until the end of 2004, experienced computer forensics professionals also have the option of attempting to grandfather their way into CIFI certification. Essentially, this means agreeing to the IISFA’s code of ethics, meeting a variety of experience requirements for overall IT experience, forensic investigation experience and all of the areas in the CBKs, along with paying a modest ($95) application fee and answering five or more candidate exam questions written to IISFA specifications in two or more CBK areas. As such things go, it’s really not that bad. (It’s about on a par with grandfathering for the ISACA Certified Information Security Manager, or CISM, certification, for example.)

Having just completed a thorough survey of information-forensic certification programs, along with their costs, requirements, organizational affiliations and so forth, what makes this program notable is its open, well-documented approach to certification requirements, exam coverage and costs. To my way of thinking, these characteristics make this program worth a second look for professionals interested in computer-forensic certification and serious consideration on their short lists of programs worthy of further investigation and a possible investment of time, money and effort.

Ed Tittel is president of LANwrights Inc. and is contributing editor for Certification Magazine. E-mail Ed with your questions and comments at etittel@certmag.com.


Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone


Posted in Archive|