eCDFP Certification
Certified Digital Forensics Professional
The Certified Digital Forensics Professional (eCDFP) is an advanced digital forensics exam meant for senior-level cyber security professionals. A successful certification allows digital forensics investigators to prove their technical digital forensics expertise.

The Exam
INE Security’s eCDFP evaluates your ability to use a variety of forensic techniques, inside a fully featured and real-world environment.
Candidates are provided with a real world engagement within INE’s Virtual Labs. Once valid credentials are provided for the certification platform, the candidate can perform the tests from the comfort of their home or office. An Internet connection and VPN software is necessary to carry out the exam.
Knowledge Domains
By obtaining the eCDFP, your skills in the following areas will be assessed and certified:
- Network packet/traffic analysis
- Data enrichment with Threat Intelligence
- Data correlation
- In-depth knowledge of tools such as Wireshark, Redline & IOC editor
- IOC-based threat hunting
- Memory analysis/forensics
- Windows/Linux event analysis
- Log analysis
- Detection of any stage of the “Cyber Kill Chain” (Information Gathering, Exploitation, Post-ex
Prerequisites
The eCDFP is a certification for individuals with highly technical understanding of networks, systems and cyber attacks. Everyone can attempt the certification exam, however here are the recommended skills, taught within the Digital Forensics Professional learning path that will help you pass the exam:
- Letters of engagement and the basics related to a forensic investigation engagement
- Networking concepts
- Digital forensics processes and methodologies
- Proficiency in file & disk analysis
- Analyzing Windows artifacts
- Analyzing traffic capture files
- File systems and disk editors
- Constructing actionable timelines
- Proficiency in log analysis
- Manual intrusion detection skills using the established forensics-related toolkit
- Correlating data from various sources
Certification Process
There are two ways to get certified.
Purchase an INE subscription and take the Digital Forensics Professional learning path.
The Digital Forensics Professional learning path takes you from a professional understanding of digital forensics to an advanced level.
OR
Attempt the certification without training
INE Security allows anybody to attempt the certification exam without attending any training. Candidates can do so at their own risk. The candidate that feels prepared enough to demonstrate their practical and professional skills during the exam, can purchase an eCDFP voucher and go through the certification process.