2014-10-07 – GIAC Announces the GIAC Network Forensic Analyst Certification (GNFA)

BETHESDA, MD – October 7, 2014 – Global Information Assurance Certification (GIAC) is pleased to announce a new forensics certification, the GIAC Network Forensic Analyst (GNFA). The GNFA validates that professionals who hold this credential are qualified to perform examinations employing network forensic artifact analysis and demonstrate an understanding of the fundamentals of network forensics, normal and abnormal conditions for common network protocols, the process and tools used to examine device and system logs, wireless communication and encryption protocols. The GNFA exam will be released November 3, 2014 and pre-registration is now available with the SANS Advanced Network Forensics and Analysis course.

A certification in the Network Forensics realm will help practitioners demonstrate they are building their investigative skill set to include one of the newest segments of the broader digital forensic spectrum. A sharply increasing number of cases include network evidence. By formally establishing a baseline of knowledge and investigative skills, employers will have a trusted means of ascertaining a candidate’s background in the network investigation area.

“The GNFA certification focuses heavily on the methods needed to investigate network-based evidence. A GNFA holder will be able to incorporate evidence from a wide variety of sources to improve the fidelity of their findings. This certification is designed to measure how the holder can analyze network data as a part of the investigation rather than focusing on a specific tool to do so,” stated Phil Hagen, SANS Author and Certified Instructor.

In large-scale or enterprise forensic engagements, incident response professionals are discovering it is increasingly difficult to perform comprehensive full disk or traditional data forensics due to the overwhelming volume of data. By examining the network traffic and log data from infrastructure devices, analysts may be able to determine the source of malicious events, recover important files and determine what the bad guys did while on the network. Performing network forensics is a critical and foundational skill for analysts as the evidence can provide the validation necessary to show intent, or even definitively prove that a malicious activity or a crime has occurred.

The SANS Institute has developed specific training material and courseware to teach students the techniques and tools to properly conduct network forensic examinations. The Advanced Network Forensics and Analysis course is part of the SANS Institute’s Digital Forensics curriculum that is comprised of cyber security courses designed specifically for professionals focused on digital forensics. This course will provide students with the tools and methods to conduct network investigations within environments of all sizes, using scenarios developed from real-world cases.

For any questions or help with registering for the GNFA certification exam, please email: [email protected]

https://www.sans.org/press/