MCSI Certification Programs are truly worldclass with cutting-edge content that offers you uniquely-designed, hands-on practical and challenging exercises that teach skills immediately applicable in the field towards benefiting career advancement.
This Certification has no expiry date, no renewal fees, no hidden fees, and is accessible with no time limits.
MCSI Certified DFIR Specialist:
- Perform digital forensics investigations on Windows systems
- Use memory forensics to identify and analyse modern APT samples
- Perform network forensics on PCAP files to investigate intrusions
- Analyse files, executables and malware samples
- Identify and track adversary infrastructure based on IOCs generated from an investigation
Students who have successfully achieved their MDFIR Certification can apply Digital Forensics and Incident Response jobs worldwide, fully confident that they have the competencies that the industry is seeking for these roles.
Training Curriculum and Online Assessment
Students must successfully complete 100 practical exercises in MCSI's Online Learning Platform (OLP) prior to undertaking the Final Online Assessment to obtain this Certification.
As a MCSI Certified DFIR Specialist you will be ready to perform the following
- Event logs
- Account usage
- Volatility Framework
- Windows registry
- Processes and DLLs
- Process memory
- Kernel objects
- Code injection
- YARA rules
- Browser history and cookies
- Email clients
- Microsoft Office
- Web server logs
- Database logs
- DGA algorithms
- DNS tunnelling
- Domain fronting
- Remote code execution
- Pass-the-hash attacks
- Port knocking
- Binary classification
- Behavioral analysis
- Static analysis
- IOC extraction
- Developing YARA rules
- Capturing and indexing forensics artefacts
- Baselining the enterprise network
- Performing memory forensics at scale
- Using Pandas to analyse large datasets
- Pivot analysis
- Open-source intelligence collection
Disk and filesystem forensics
Write digital forensics and incident response reports and briefings
Develop standard operating procedures and templates
Why MCSI’s DFIR Certification is World Class
- World-Class Requirements Met Are Above Standard: Holders of the DFIR Certification have completed 100 practical online exercises thus demonstrating that they have the skills and knowledge in the following areas: file analysis, disk and filesystem forensics, executable analysis, Windows forensics, memory forensics, threat intelligence and enterprise investigations.
- Internals Focused: Students who have obtained this Certification have demonstrated that they have a full understanding of the Windows operating system's internals for digital forensics, incident response and malware analysis purposes.
- Practical Challenges: Students must complete dozens of practical digital forensics and incident response challenges that have been inspired from real-life investigations.