GIAC Certified Forensic Analyst (GCFA)


5 days


Employees of federal, state and local governments; and businesses working with the government.


This is NOT an official GCFA course.  Only SANS can give an official GCFA or any SANS course. Our course is unofficial but much less expensive and students pass their exam.

Course Topics:

  1. Incident Response in an Enterprise Environment
  2. Incident Response Process and Framework
  3. Timeline Artifact Analysis
  4. Timeline Collection
  5. Timeline Processing
  6. Volatile Artifact Analysis
  7. Volatile Data Collection
  8. Windows Filesystem Structure and Analysis
  9. Windows System Artifact Analysis

Students will learn:

  • Acquiring Data and Evidence
  • Application Footprinting
  • Autopsy Forensic Browser
  • Computer Forensics Primer
  • Critical Analysis Tools
  • Data Preservation
  • File Name Layer
  • File System and Data Layer Tools
  • Forensic Imaging and Filesystem Media Analysis
  • Forensic Investigation Process
  • Hash Comparisons and Fuzzy Hashing
  • Linux File System Basics
  • Metadata Layer
  • Unallocated Metadata and File Content Types
  • Windows FAT File System Basics
  • Windows File System Basics
  • Windows Live Imaging
  • Windows Media Analysis
  • Windows Media and Artifact Analysis
  • Windows NTFS File System Basics
  • Windows Response and Volatile Evidence Collection
  • Advanced Forensic Evidence Acquisition and Imaging
  • File System Timeline Analysis
  • Super Timeline Analysis
  • Live Incident Response and Volatile Evidence Collection
  • Advanced Windows Registry Analysis
  • Discovering Malware on a Host
  • Recovering Key Windows Files
  • Application Footprinting and Software Forensics