eCDFP Certification

Certified Digital Forensics Professional

The Certified Digital Forensics Professional (eCDFP) is an advanced digital forensics exam meant for senior-level cyber security professionals. A successful certification allows digital forensics investigators to prove their technical digital forensics expertise.

The Exam
INE Security’s eCDFP evaluates your ability to use a variety of forensic techniques, inside a fully featured and real-world environment.

Candidates are provided with a real world engagement within INE’s Virtual Labs. Once valid credentials are provided for the certification platform, the candidate can perform the tests from the comfort of their home or office. An Internet connection and VPN software is necessary to carry out the exam.

Why eCDFP ?

Here are some of the ways Certified Digital Forensics Professional certification is different from conventional certifications:

  • While most exams are multiple choice, the eCDFP certification requires candidates to complete a real-world simulation based on actual scenarios and incidents.
  • The test requires multiple methodologies and individual creative thinking to complete. A skillset like this will make you a valuable asset in the corporate sector.
  • Only individuals who provide proof of their findings are awarded the eCDFP Certification.

Knowledge Domains
By obtaining the eCDFP, your skills in the following areas will be assessed and certified:

  • Network packet/traffic analysis
  • Data enrichment with Threat Intelligence
  • Data correlation
  • In-depth knowledge of tools such as Wireshark, Redline & IOC editor
  • IOC-based threat hunting
  • Memory analysis/forensics
  • Windows/Linux event analysis
  • Log analysis
  • Detection of any stage of the “Cyber Kill Chain” (Information Gathering, Exploitation, Post-ex

The eCDFP is a certification for individuals with highly technical understanding of networks, systems and cyber attacks. Everyone can attempt the certification exam, however here are the recommended skills, taught within the Digital Forensics Professional learning path that will help you pass the exam:

  • Letters of engagement and the basics related to a forensic investigation engagement
  • Networking concepts
  • Digital forensics processes and methodologies
  • Proficiency in file & disk analysis
  • Analyzing Windows artifacts
  • Analyzing traffic capture files
  • File systems and disk editors
  • Constructing actionable timelines
  • Proficiency in log analysis
  • Manual intrusion detection skills using the established forensics-related toolkit
  • Correlating data from various sources

Certification Process

There are two ways to get certified.

Purchase an INE subscription and take the Digital Forensics Professional learning path.

The Digital Forensics Professional learning path takes you from a professional understanding of digital forensics to an advanced level.


Attempt the certification without training

INE Security allows anybody to attempt the certification exam without attending any training. Candidates can do so at their own risk. The candidate that feels prepared enough to demonstrate their practical and professional skills during the exam, can purchase an eCDFP voucher and go through the certification process.

Whether you are attempting the eCDFP certification exam on your own or after having attended one of our approved training courses, you will need to follow these steps to get a certificate:

Whether you are attempting the certification exam on your own or after completing one of our approved learning paths, you will need to purchase an exam voucher before you can start your certification process. Once you obtain the voucher you will receive login credentials to our Certification area where you will manage the exam, the VPN credentials, and any other materials related to the certification process.

Regular vouchers expire after 180 days from purchase. Before the certification expires, you will have to begin the certification process by clicking on “Begin certification process”. The expiration date will always be available in your certification area and reminder emails are sent to make sure you take advantage of the voucher.

Once you click on the “Begin certification process” button, you will receive an email with instructions regarding the scope of engagement. This letter will contain everything you need to know to take your exam.

Once you have completed the exam portion, it’s time to finalize your report. This should be a commercial grade report proving all of your findings and providing remediation steps for your client. You must submit your report within 4 days from the beginning of the certification process (step 2), in PDF format for review. Keep in mind you will have 2 days in the lab environment

To be awarded the certification, you need to score a 76.7% or above. Once you submit your exam, it will be automatically graded and you will receive your results immediately. Should you fail the first attempt, you will then have one free attempt to re-take the certification.