ECDFA

The Endolum Certified Digital Forensics Analyst (ECDFA) is a certification for experienced forensic investigators. It aims to showcase foundational knowledge about digital forensics on Linux and Windows file systems. Candidates will demonstrate the ability to identify malicious activities, their origins, and what data was exfiltrated.

Price Field Prerequisites
290 CHF Cyber Defense 3 Modules

Target Audience

  • Red Teamers
  • Pen Testers
  • Security Analysts
  • Threat Hunters
  • Detection Engineers

Requirements

  • Windows Digital Forensics Fundamentals
  • Linux Digital Forensics Fundamentals
  • Advanced Detection Prevention

The Exam

Candidates will perform digital forensics analysis on Windows and Linux systems, identify a threat actor, determine how they compromised the system, and what data was exfiltrated based on logs.

Specific Topics Covered

  • File system analysis (NTFS, EXT4)
  • Memory forensics
  • Log analysis and correlation
  • Malware identification and reverse engineering basics
  • Incident timeline reconstruction

Tools and Technologies

  • Autopsy/Sleuth Kit
  • Volatility Framework
  • Wireshark
  • Sysinternals Suite
  • Linux command-line tools

Exam Format

The exam is conducted in an on-demand instance where candidates will have access to compromised systems and forensic images. They are required to analyze the provided data, uncover evidence of malicious activities, trace the threat actor's actions, and report on data exfiltration incidents. A stable internet connection is required.

Learning Outcomes

  • Conduct thorough digital forensic investigations on Windows and Linux systems.
  • Analyze file systems and memory dumps to identify malicious activities.
  • Reconstruct incident timelines and understand the attacker's methods.
  • Identify exfiltrated data and assess the impact of the breach.

Preparation Materials

  • Windows Digital Forensics Fundamentals
  • Linux Digital Forensics Fundamentals
  • Advanced Detection Prevention