Top of Page

Certified Cyber Forensics Professional


Get the Premier Cybersecurity Certification

The evolving field of cyber forensics requires professionals who understand far more than just hard drive or intrusion analysis. The field requires CCFP professionals who demonstrate competence across a globally recognized common body of knowledge that includes established forensics disciplines as well as newer challenges, such as mobile forensics, cloud forensics, anti-forensics, and more.

The CCFP credential indicates expertise in forensics techniques and procedures, standards of practice, and legal and ethical principles to assure accurate, complete, and reliable digital evidence admissible in a court of law. It also indicates the ability to apply forensics to other information security disciplines, such as e-discovery, malware analysis, or incident response. In other words, the CCFP is an objective measure of excellence valued by courts and employers alike.

Steps to Certification

  1. Step 1
  2. Step 2
  3. Step 3
  4. Step 4

Meet CCFP Eligibility

To qualify for this cyber forensics certification, you must have:

Candidates must have a 4-year college degree leading to a Baccalaureate, or regional equivalent, plus 3 years of cumulative paid full-time digital forensics or IT security experience in 3 out of the 6 domains of the credential.

Those candidates who do not hold a 4-year college degree leading to a Baccalaureate, or regional equivalent, must have 6 years of cumulative paid full-time digital forensics or IT security experience in 3 out of the 6 domains of the credential.

Candidates without the required degree may receive a 1-year professional experience waiver for holding an alternate forensics certification on the (ISC)² approved list.

Schedule An Exam

To schedule an exam, you must create an account at Pearson VUE.

Pearson VUE is the leading provider of global, computer-based testing for certification and licensure exams. You can find details on testing locations, policies, accommodations and more on their website.

Once you’ve set up your account and are ready to register, you’ll need to:

Pass the Exam

This is the day to show your greatness! You’ll have four hours to complete the 125 exam questions.

You must pass the exam with a scaled score of 700 points or greater.

Want more details? Read our exam scoring FAQs.

Subscribe to the (ISC)² Code of Ethics and Get Endorsed

Let’s say you pass the exam. Then what?

Before this cybersecurity certification can be awarded, you have to:

  • Subscribe to the (ISC)² Code of Ethics.
  • Have your application endorsed.

Your endorsement form must be completed and signed by an (ISC)² certified professional. He or she needs to be an active member who can confirm your professional experience.

(ISC)² can endorse you if you can’t find a certified individual.

You have nine months from the date of the exam to complete these steps. If you don’t, you have to retake the exam to get certified.

Want to learn more? Read our endorsement assistance guidelines. >

Get to Know the CCFP

  • Should You Pursue the CCFP? Should You Pursue the CCFP?

    CCFP addresses more experienced cyber forensics professionals who already have the proficiency and perspective to effectively apply their cyber forensics expertise to a variety of challenges. In fact, many new CCFP professionals likely hold one or more other digital forensics certifications.

    Given the varied applications of cyber forensics, CCFP professionals can come from an array of corporate, legal, law enforcement, and government occupations, including:

    • Digital forensic examiners in law enforcement to support criminal investigations
    • Cybercrime and cybersecurity professionals working in the public or private sectors
    • Computer forensic engineers & managers working in corporate information security
    • Digital forensic and e-discovery consultants focused on litigation support
    • Cyber intelligence analysts working for defense/intelligence agencies
    • Computer forensic consultants working for management or specialty consulting firms.
  • Mastering the Domains on the Exam Mastering the Domains on the Exam

    Here’s a closer look at the CCFP domains and how they’re weighted on the exam:

    Domains Weight
    1. Legal and Ethical Principles 12%
    2. Investigations 20%
    3. Forensic Science 20%
    4. Digital Forensics 28%
    5. Application Forensics 12%
    6. Hybrid and Emerging Technologies 8%
    Total 100%

    Legal and Ethical Principles – Addresses ethical behavior and compliance with regulatory frameworks

    • Nature of Evidence
    • Chain of Custody
    • Rules of Procedure
    • Role of Expert Witness
    • Codes of Ethics
    Investigations – Encompasses the investigative measures and techniques required to gather digital evidence
    • Investigative Process
    • Evidence Management
    • Criminal Investigations
    • Civil Investigations
    • Administrative Investigations
    • Response to Security Incidents
    • e-Discovery
    • Intellectual Property
    Forensic Science – Entails applying a broad spectrum of sciences and technologies to investigate and establish facts in relation to criminal or civil law
    • Fundamental Principles
    • Forensic Methods
    • Forensic Planning and Analysis
    • Report Writing and Presentation
    • QA, Control, Management
    • Evidence Analysis Correlation
    Digital Forensics – Refers to the collection of any digital evidence which can be defined as data stored or transmitted via electronic means
    • Media and File System Forensics
    • Operating Systems Forensics
    • Network Forensics
    • Mobile Devices
    • Multimedia and Content
    • Virtual System Forensics
    • Forensic Techniques and Tools
    • Anti-Forensic Technology and Tools
    Application Forensics – addresses the forensics complexities of the many application types that a CCFP candidate may encounter during a forensic investigation
    • Software Forensics
    • Web, Email, and Messaging
    • Database Forensics
    • Malware Forensics
    Hybrid and Emerging Technologies – Contains the ever evolving technologies that the CCFP candidate is expected to have a sound understanding of
    • Cloud Forensics
    • Social Networks
    • Big Data Paradigm
    • Control Systems
    • Critical Infrastructure
    • Virtual/Augmented Reality
  • Getting CCFP Training That’s Right for You Getting CCFP Training That’s Right for You

    The CCFP is the gold standard of cybersecurity forensics certifications. We know you’re determined to pass!

    The best way to prepare is through a combination of CCFP training courses and individual study.

    Learn from (ISC)2 — the creator of the CCFP CBK! Simply choose the best training format for your schedule, needs and learning style.


    Classroom-Based Training

    • Ideal for hands-on learners. We offer the most thorough review of the CISSP CBK, industry concepts and best practices.
    • Three- to five-day training events delivered in a classroom setting. Eight hours a day.
    • Led by authorized instructors.
    • Available at (ISC)2 facilities and through (ISC)2 Official Training Providers worldwide.
    • Led by authorized instructors.

    Get details on Classroom-Based Training.


    Private On-Site Training

    • A cost-effective and convenient training solution if your organization has 10 or more employees taking the exam.
    • Tailored to your team’s schedule, budget and certification requirements.
    • Conveniently taught in your office space or a local venue.
    • Led by authorized instructors

    Get details on Private On-Site Training.


    Instructor-Led Training

    • Participate from the convenience of your computer. This saves you travel time and expense.
    • Weekday, weekend and evening options to fit your needs.
    • Comprehensive review of the CBK, so you’re ready for this cybersecurity certification.
    • Delivered in a variety of schedules with weekday, weekend, and evening options to suit your needs.
    • Access to recordings of all course sessions for 60 days.
    • Led by authorized instructors.

    Get details on Instructor-Led Seminars.

    CCFP Training Course Overview

    Our training helps you fully prepare for this cybersecurity certification. You will:

    • Review and refresh your information security knowledge (including information security concepts and industry best practices).
    • Identify areas you need to study for the CCFP exam.

    We cover all six domains of the CCFP CBK.

    (ISC)² authorized instructors lead all our training. You’re learning from CCFP-certified industry experts who understand you. They are CCFPs themselves. They know how to make the content highly relatable. And they go through a rigorous process to teach to our CBK.

    Plus, we use proven adult learning techniques to reinforce topics. This approach increases how much knowledge you retain. Our techniques are highly interactive. They focus on real-world learning activities and scenarios, so you get the most out of training.

    Self-Study Tools

    In addition to training, we offer resources to help you with self-study. Our resources include the:

  • Taking Your CCFP Exam Taking Your CCFP Exam
    Length of exam

    Up to 4 Hours

    Number of questions   

    125 Questions

    Question format

    Multiple Choice and Advanced Innovative Questions

    Passing grade

    700 out of 1000 Points is a Passing Score

    Exam Language


    Testing Center

    Pearson Vue Testing Center

    Ready to sign up for the exam?
    Visit the Pearson VUE website to create an account and book your exam.

  • Maintaining or Regaining CCFP Certification Maintaining or Regaining CCFP Certification

    Maintain Your CCFP Credential and Membership with (ISC)²

    Once you’ve earned this world-class cybersecurity forensics certification, you become a member of (ISC)2. You enter one of the largest communities of information security professionals in the world. You gain access to unparalleled global resources and networking.

    Quite simply, you have endless opportunities to grow and refine your craft.

    But certification is a privilege that must be earned and maintained.

    To remain in good standing with your CCFP, you need to:

    • Abide by the (ISC)² Code of Ethics.
    • Earn and post Continuing Professional Education (CPE) credits.
    • Pay your Annual Maintenance Fee (AMF).

    Here’s a closer look at each.

    Abiding by the (ISC)² Code of Ethics
    You agree to fully support and follow the (ISC)² Code of Ethics.

    Earning and Posting CPE Credits
    Security technology is constantly changing. (You know this well!) You need to earn CPE hours to stay well-rounded and keep up your expertise.

    The CCFP certification has both annual and three-year, overall CPE requirements.

    CPEs may sound like a big task. However, (ISC)² makes it easy for you to earn your CPE credits on a regular basis.

    We offer access to:

    • Live educational events around the world.
    • Online seminars that can be taken in the comfort of your home or office. They’re available exclusively to (ISC)² members.
    • And many more learning opportunities.

    Annual Requirement
    For the CCFP, you need to earn and post a minimum of 30 CPE credits. You need to do so before your certification annual anniversary date.

    Three-Year Certification Requirement
    Over the three-year CCFP certification cycle, you must earn and post a minimum of 90 CPE credits.

    Paying Annual Maintenance Fees (AMFs)
    Once you earn this cybersecurity certification, you must pay USD$100 each year of your three-year certification cycle. Your payment is due before your certification or recertification annual anniversary date.

    Your payments help ensure that (ISC)2 has the financial resources to:

    • Be a functional, dynamic entity for leading information security professionals (like you) far into the future.
    • Develop more CPE opportunities.
    • Continue to meet the certification needs and requirements of information security professionals.
    • Maintain member records.

    How to Regain Membership if Your CCFP Ceases
    If you wish to regain membership, you’ll need to:

    • Pay any outstanding AMF payments. (This needs to take place before you sit for the exam.)
    • Retake and pass the exam to become certified again.
    • Contact Member Services to reactivate your certification after you pass the exam.

    Do you have questions about maintaining your CCFP certification? Ask Member Services.

Free SSCP Exam Outline

Get Started Today

Download your free CCFP Exam Outline >