Monday, March 29, 2010

Why I Got My Digital Forensic Certified Practitioner

I have written about certifications on this blog before and others have commented as well.  For the most part, I do not value most of the current certifications all that highly.  Some are better than others.  Some folks disagree with me on my views regarding certifications and that is to be expected. 

However, I did apply for and receive my Digital Forensic Certified Practitioner (DFCP), from the Digital Forensics Certification Board as a Founder.

Why do I believe this certification will prove to be of high value to digital forensic practitioners?

The following four points are from the DFCB web site:

1. The Digital Forensics Certification Board (DFCB) professional certifications are truly independent and community driven.
2. The DFCB certification program was developed with National Institute of Justice (NIJ) funding. The terms for the development of this certification program by consensus were followed.
3. The DFCB will eventually be applying for recognition by the Forensic Specialties Accreditation Board (FSAB), which is currently recognized by the American Academy of Forensic Sciences.
4. The DFCB is connected to the National Center for Forensic Science at the University of Central Florida.

While there are vendor neutral certifications out there like the Certified Computer Examiner (CCE), which is a good one, although not as comprehensive as the DFCP is going to be once it is open to non-founder applicants.  SANS Institute also offers a very good certification program which I think is bolstered by their extensive and well put together training programs.  I have a huge amount of respect for Rob Lee and his excellent group of instructors.

The EnCE and the ACE certifications are vendor specific, being from Guidance Software and Access Data, respectively, and only certify that a person can use their tools.

I will probably get around to getting my EnCE at the CEIC conference this year since I am speaking there and the test is available at the conference.   While I think that vendor certifications are limited in value, for the low cost, why not? 

The most important item above is number 3.  Accreditation by the FSAB is going to be a critical step in this certification becoming the de-facto standard for digital forensic certifications.

Other positives about the DFCB, in my opinion, is that it is neutral and independent from any money making body, vendor or testing service.

Also, if you read the key domains of knowledge, it is very comprehensive in its coverage of what must be known as a digital forensic examiner.
Reblog this post [with Zemanta]

1 comment:

  1. I too recently received my DFCP, however, I would caution you against suggesting that the EnCE and ACE only certifies that someone can use those tools. When I took the EnCE exam the vast majority of the questions has nothing to do with Encase and the practical exam required more broad forensic knowledge.

    ReplyDelete

I have moderated my comments due to spam.