DFIR Certifications

This is a list of certifications I’ve seen requested in online Digital Forensics and Incident Response job postings in the US for junior/associate roles. For more information about the different roles within DFIR, see the resources on Getting Into the DFIR Field. It’s best to research job postings for the type of role you want to see what the most requested certifications are.

I’ve seen these certifications requested only for Incident Response roles that involve digital forensics:

CompTIA: Security+ (This is the minimum certification requirement I’ve seen for some Incident Response Analyst jobs)
CompTIA: CySA+ (Cybersecurity Analyst)
Cisco: CCNA Cyber Ops
EC-Council: Certified Ethical Hacker (CEH)
GIAC Certified Incident Handler (GCIH)
GIAC Certified Intrusion Analyst (GCIA)
GIAC Network Forensic Analyst (GNFA)
GIAC Reverse Engineering Malware (GREM)

I’ve seen these certifications requested in both Digital Forensics (law enforcement/specialist) and Incident Response roles that involve digital forensics:

Several of the certifications listed above are part of the DoD Approved 8570 Baseline Certifications.

Other Worthwhile DFIR Certifications

There are also certifications that may not be as popular with employers but are practical, hands-on certifications (which in my opinion should be requested by employers). They all include training. Here is a partial list:

For the full list, check out DFIR, OSINT, and Blue Team certifications with training included for under $1,000.

AboutDFIR also has a large list of certifications and training.

DFIR Certifications

Recent Posts

Categories