The credential, available for the US and South Korea beginning September 25, is designed to provide employers and the legal community with validation that a digital forensics professional can lead digital investigations that “yield complete, accurate and reliable results.”
Meanwhile, the stated goal of the CCFP is four-pronged for the forensics expert: to validate and enhance forensic experts’ standing as advanced cyber forensics professionals; instill employer confidence in their abilities and expand career opportunities; support international forensics investigations, knowing that their CCFP counterparts in other countries will be using a common globally recognized body of knowledge; and offer ongoing education covering the latest advances in digital forensics science through the (ISC)² periodic recertification process.
“Digital forensics professionals are becoming more and more essential to the security posture of any organization,” said W. Hord Tipton, executive director of (ISC)², in a statement. “The CCFP is a comprehensive, expert-level program that fills a significant void in the digital forensics certification market by validating the depth of senior-level professionals’ experience and expertise. It assures credential holders have the necessary breadth and depth of knowledge and thinking skills needed to address today’s complex cyber forensic challenges.”
To attain the CCFP, applicants must hold a four-year degree leading to a bachelor's, or regional equivalent, and have at least three years of full-time, professional experience in digital forensics or IT security in three out of the six domains of the credential. Those not holding a degree must have six years of full-time digital forensics or IT security work experience in three out of the six domains of the credential OR an alternate forensics certification approved by the (ISC)² and five years of full-time digital forensics or IT security experience in three out of the six domains.
All candidates must be able to demonstrate capabilities in each of the six CBK domains: legal and ethical principles; investigations; forensic science; digital forensics; application forensics; and hybrid and emerging technologies.
"The field of digital and multimedia forensics is playing an increasingly important role in the public sector, with government prosecutors relying on digital forensics experts to collect, analyze and present evidence in support of criminal cases as well as organized crime investigations," said Dan Ryan, attorney at law, (ISC)² forensics advisor and former professor of cyberlaw at the National Defense University. "As cyber warfare proliferates, government agencies rely on forensics data to attribute accurately an attack and hold the attackers accountable. A skilled forensics professional can make all the difference in solving counterterrorism cases or identifying actors who have stolen sensitive information."
As with all its credentials, the organization conducted a job task analysis (JTA) study and exam development workshops to determine the scope and content of the CCFP credential program. Subject matter experts from the (ISC)² membership and organizations from Africa, Australia, Canada, Hong Kong, India, the Netherlands, Singapore, South Africa, South Korea, the UK and the US contributed to develop the Common Body of Knowledge (CBK) that serves as the foundation for the credential, as well as the exam questions.
“Today, it would seem obvious that it is no longer a question of if but when a system or network will be breached. The severity and implications of such breaches – scope, financial, legal, etc. – may well rely not only on how well the risks have been mitigated but on how well the resulting costs have been minimized,” said Glenn Dardick, director of the Association for Digital Forensics, Security and Law (ADFSL). “While protecting the systems and networks have traditionally been viewed as the domain of information systems security, the incident response costs have often depended on the domain of cyber forensics and the ability to determine the cause and extent of such breaches. The domains of information systems security and cyber forensics have long overlapped and have now become interdependent in that they are most effective when professionals are knowledgeable and certified to be proficient in both of those domains.”