This is a list of certifications I’ve seen requested in online Digital Forensics and Incident Response job postings in the US for junior/associate roles. For more information about the different roles within DFIR, see the resources on Getting Into the DFIR Field. It’s best to research job postings for the type of role you want to see what the most requested certifications are.
I’ve seen these certifications requested only for Incident Response roles that involve digital forensics:
- CompTIA: Security+ (This is the minimum certification requirement I’ve seen for some Incident Response Analyst jobs)
- CompTIA: CySA+ (Cybersecurity Analyst)
- Cisco: CCNA Cyber Ops
- EC-Council: Certified Ethical Hacker (CEH)
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Network Forensic Analyst (GNFA)
- GIAC Reverse Engineering Malware (GREM)
I’ve seen these certifications requested in both Digital Forensics (law enforcement/specialist) and Incident Response roles that involve digital forensics:
- EC-Council: Certified Forensic Hacking Investigator (CHFI)
- GIAC Certified Forensic Analyst (GCFA)
- GIAC Certified Forensic Examiner (GCFE)
- EnCase Certified Examiner (EnCE)
- Certified Computer Examiner (CCE)
- Certified Forensic Computer Examiner (CFCE)
Many of these certifications are part of the DoD Approved 8570 Baseline Certifications
AboutDFIR has a large list of certifications and training.
There is also a list of lesser-known DFIR certifications with training included for under $1,000. Many of them are practical hands-on certifications.