MDFIR - Certified DFIR Specialist


MCSI Certification Programs are truly worldclass with cutting-edge content that offers you uniquely-designed, hands-on practical and challenging exercises that teach skills immediately applicable in the field towards benefiting career advancement.

This Certification has no expiry date, no renewal fees, no hidden fees, and is accessible with no time limits.

MCSI Certified DFIR Specialist:
  • Perform digital forensics investigations on Windows systems
  • Use memory forensics to identify and analyse modern APT samples
  • Perform network forensics on PCAP files to investigate intrusions
  • Analyse files, executables and malware samples
  • Identify and track adversary infrastructure based on IOCs generated from an investigation

Career Outcomes

Students who have successfully achieved their MDFIR Certification can apply Digital Forensics and Incident Response jobs worldwide, fully confident that they have the competencies that the industry is seeking for these roles.

Training Curriculum and Online Assessment

Students must successfully complete 100 practical exercises in MCSI's Online Learning Platform (OLP) prior to undertaking the Final Online Assessment to obtain this Certification.

As an MCSI Certified DFIR Specialist you will be fully capable of performing the following:

  1. File Analysis
    • exe
    • msi
    • a3x
    • pdf
    • doc
    • lnk
    • rtf
  2. Windows Forensics:
    • Event logs
    • Registry
    • Prefetch
    • ShimCache
    • AppCompatCache
    • AmCache
    • Networking
    • Account usage
  3. Memory Forensics:
    • Volatility Framework
    • Windows registry
    • Processes and DLLs
    • Process memory
    • Kernel objects
    • Networking
    • GUI
    • Code injection
    • YARA rules
  4. Applications Forensics
    • Browser history and cookies
    • Email clients
    • Microsoft Office
    • Web server logs
    • Database logs
  5. Network Forensics
    • DGA algorithms
    • DNS tunnelling
    • Domain fronting
    • Remote code execution
    • Pass-the-hash attacks
    • Port knocking
  6. Malware Analysis:
    • Binary classification
    • Behavioral analysis
    • Static analysis
    • IOC extraction
    • Developing YARA rules
  7. Enterprise Investigations
    • Capturing and indexing forensics artefacts
    • Baselining the enterprise network
    • Performing memory forensics at scale
    • Using Pandas to analyse large datasets
  8. Threat Intelligence:
    • Pivot analysis
    • Open-source intelligence collection
  9. Disk and filesystem forensics
  10. Write digital forensics and incident response reports and briefings
  11. Develop standard operating procedures and templates


“I have never seen a training curriculum that teaches the in-depth technical capabilities required to be a DFIR consultant with the same depth that MSCI does. MSCI’s MDFIR does this perfectly!”

Senior DFIR Consultant, Consulting Services

“The MDFIR allowed us to immediately train our team at scale with the skills relevant to each one’s job description. In a technical field, the MDFIR shines through as truly technical certification that teaches advanced forensics and incident response techniques.”

Cyber Incident Response Manager, Retail Industry

“Awesome certification! Completing the exercise MCSI created for the MDFIR has increased what I can do in my day-to-day role. I have excelled, and the clients I work with are the ones who get the benefit. Thanks!”

Lead DFIR Investigator, Financial Services

Why MCSI’s DFIR Certification is World Class

  • World-Class Requirements Met Are Above Standard: Holders of the DFIR Certification have completed 100 practical online exercises thus demonstrating that they have the skills and knowledge in the following areas: file analysis, disk and filesystem forensics, executable analysis, Windows forensics, memory forensics, threat intelligence and enterprise investigations.
  • Internals Focused: Students who have obtained this Certification have demonstrated that they have a full understanding of the Windows operating system's internals for digital forensics, incident response and malware analysis purposes.
  • Practical Challenges: Students must complete dozens of practical digital forensics and incident response challenges that have been inspired from real-life investigations.

Course Overview