CCFP Domains

The CCFP examination domains and weights are:



1. Legal and Ethical Principles


2. Investigations


3. Forensic Science


4. Digital Forensics


5. Application Forensics


6. Hybrid and Emerging Technologies




Legal and Ethical Principles – Addresses ethical behavior and compliance with regulatory frameworks   

  • Nature of Evidence
  • Chain of Custody
  • Rules of Procedure
  • Role of Expert Witness
  • Codes of Ethics

Investigations – Encompasses the investigative measures and techniques required to gather digital evidence

  • Investigative Process
  • Evidence Management
  • Criminal Investigations
  • Civil Investigations
  • Administrative Investigations
  • Response to Security Incidents
  • e-Discovery
  • Intellectual Property

Forensic Science – Entails applying a broad spectrum of sciences and technologies to investigate and establish facts in relation to criminal or civil law

  • Fundamental Principles
  • Forensic Methods
  • Forensic Planning and Analysis
  • Report Writing and Presentation
  • QA, Control, Management
  • Evidence Analysis Correlation

Digital Forensics – Refers to the collection of any digital evidence which can be defined as data stored or transmitted via electronic means

  • Media and File System Forensics
  • Operating Systems Forensics
  • Network Forensics
  • Mobile Devices
  • Multimedia and Content
  • Virtual System Forensics
  • Forensic Techniques and Tools
  • Anti-Forensic Technology and Tools

Application Forensics – addresses the forensics complexities of the many application types that a CCFP candidate may encounter during a forensic investigation

  • Software Forensics
  • Web, Email, and Messaging
  • Database Forensics
  • Malware Forensics

Hybrid and Emerging Technologies – Contains the ever evolving technologies that the CCFP candidate is expected to have a sound understanding of

  • Cloud Forensics
  • Social Networks
  • Big Data Paradigm
  • Control Systems
  • Critical Infrastructure
  • Virtual/Augmented Reality

The CCFP candidate must have a 4-year college degree leading to a baccalaureate, or regional equivalent, plus 3 years of cumulative paid, full-time digital forensics or IT security experience in 3 out of the 6 domains of the credential.

Those candidates who do not hold a 4-year college degree leading to a baccalaureate, or regional equivalent, must have 6 years of cumulative paid, full-time digital forensics or IT security experience in 3 out of the 6 domains of the credential. Candidates without the required degree may receive a 1-year professional experience waiver for holding an alternate forensics certification on the (ISC)²-approved list.

Download the Exam Outline for more information.

Advance your it security career

 orange line

White Paper

An Introduction to Digital
Forensics in Law Enforcement

Download Now  

orange line