ECDFA

The Endolum Certified Digital Forensics Analyst (ECDFA) is a certification for experienced forensic investigators. It aims to showcase foundational knowledge about digital forensics on Linux and Windows file systems. Candidates will demonstrate the ability to identify malicious activities, their origins, and what data was exfiltrated.

Price Field Prerequisites
289 CHF Cyber Defense 3 Modules

Target Audience

  • Red Teamers
  • Pen Testers
  • Security Analysts
  • Threat Hunters
  • Detection Engineers

The Exam

Candidates will perform digital forensics analysis on Windows and Linux systems, identify a threat actor, determine how they compromised the system, and what data was exfiltrated based on logs.

Exam Format

The exam is conducted in an on-demand instance where candidates will have access to compromised systems and forensic images. They are required to analyze the provided data, uncover evidence of malicious activities, trace the threat actor's actions, and report on data exfiltration incidents. A stable internet connection is required. No VPN or remote Desktop Software is required, the vulnerable website are directly accessible by a modern browser.

Topics Covered

  • File system analysis (NTFS, EXT4)
  • Memory forensics
  • Log analysis and correlation
  • Malware identification and reverse engineering basics
  • Incident timeline reconstruction
  • And many more....

Learning Outcomes

  • Conduct thorough digital forensic investigations on Windows and Linux systems.
  • Analyze file systems and memory dumps to identify malicious activities.
  • Reconstruct incident timelines and understand the attacker's methods.
  • Identify exfiltrated data and assess the impact of the breach.

Prerequisites

* Theses requirements are optional. It is not required to buy these courses but it improves the chances of passing the certification exam when the courses have been completed.