CCFP is the definitive credential for experienced and knowledgeable cyber forensics professionals in a variety of environments. Whether you're a law enforcement officer supporting criminal investigations, a digital forensics specialist consulting clients, or an eDiscovery specialist working on litigation, CCFP demonstrates your ability to gather, analyze, and deliver digital evidence that is accurate, complete, and reliable. The certification covers a range of skills necessary to support these environments from intrusion analysis to incident response, and newer challenges, such as mobile forensics and cloud forensics.
CCFP candidates must possess a four-year college degree and a minimum of three years of cumulative paid full-time professional work experience in digital forensics or IT security in three of the six domains of the (ISC)² CCFP CBK. Those who do not hold a four-year college degree can obtain the CCFP with six years of cumulative paid fulltime digital forensics or IT security experience in three out of the six domains of the CBK.
What job title do you have?
CCFPs hold a diverse range of titles including digital forensics examiner, forensics investigator, computer forensics engineer, eDiscovery consultant and cyber intelligence analyst. Professionals in law enforcement, government entities, corporate environments and firms that provide forensics investigations, all benefit from the certification.
What's a typical day like for a CCFP?
Whether CCFPs work for corporations, consulting firms or government agencies, the one thing they all have in common is that there is no such thing as a "typical day." Cyber forensics professionals may spend a portion of their day leading an investigation, acquiring data, performing forensic analysis, determining the best course of action after an incident for remediation and preparing detailed reports. CCFPs may also play a consultative role within the organization - evaluating and making recommendations on how to best design technology projects to mitigate risk and providing reports to both technical and nontechnical audiences. Some CCFPs may be required to serve as an expert witness in court where they are asked to present their findings, the methodologies used to extract data and report on testing results.
What's your job setting like?
CCFPs can be found in different types of organizations - corporations, consulting firms, law enforcement agencies, government agencies, and military intelligence - and their work settings are equally diverse. These professionals may work in a forensics lab, an office environment, or split their time between the office and the field to conduct on-site investigations.
What skill sets are most important to your job?
Beyond the core knowledge of forensics techniques and procedures and information technology, CCFPs need critical thinking and communication skills whether they are forensics specialists in a government agency, cyber security consultants assisting clients with investigations, or professionals tasked with securing the IT assets of a corporation. CCFPs are excellent multitaskers able to quickly switch gears from finding electronic files to support an investigation, to analyzing data and using their communication skills to prepare reports.
If a security breach were to take place, what is your role in handling remediation and/or prevention?
CCFPs in a corporate setting work with others within the organization throughout the multiple stages of the incident: identifying points of compromise, developing containment plans, executing remediation actions, and participating in post-incident "lessons learned" sessions. CCFPs who provide litigation support play a different role by helping to preserve forensic evidence, collecting data, and determining when and where the significant events occurred.