Notifications

Clear all

IACIS CFCE vote passes

Patrick4n6 · 2010-07-20T09:26:49Z

As has been mentioned here earlier by others, the International Association of Computer Investigative Specialists (IACIS) has been considering whether to open up the Certified Forensics Computer Examiner (CFCE) to the public (subject to some conditions such as a background check). This afternoon, the Secretary of IACIS announced that the plebiscite of the membership on this issue has passed and been ratified by the board of directors.Here is in basic terms what's happened to this point, and what the future holds. There has been a discussion for a while in the certification side of IACIS about opening up the certification only to the general public. In order for this to happen, IACIS has to change some of its policies, and possibly a bylaw. The board after consulting with the membership put the issue to a vote, and the vote just passed. To be clear, IACIS has not voted to open up their training or membership outside their current membership requirements at this point.So there's still some work to be done in finalising the new policies before the general public will be able to apply to undertake the CFCE process, but it will be happening. It's possible that it may be done in time for the next cycle, which starts in January, but I don't know.If you've been wanting to test yourself against what many of us believe is the toughest cert in the field, or you really want a solid peer review (which is part of the process) then you'll soon have your opportunity. If you're not aware, the CFCE process consists of 4 media examinations (one of which is a full hard drive), a "wild card" problem and a lengthy written examination. There's a strong focus on core skills, such that automated tools are banned for the first few problems. Manually recovering files with a hex editor… yummy!I've been on the pro side of this discussion for a long time and I'm really happy that the board and the membership agreed. I'm also glad that now you all (subject to meeting the requirements) can test yourself against essentially the same process that I did (albeit, I took it under the old "external" system, which was the hard mode and no longer exists).(Disclaimer I hold a committee position with IACIS, however I am making this post as a private member, and not in any official capacity.)

Page 2 / 3 Prev Next

General (Technical, Procedural, Software, Hardware etc.)

Last Post by douglasbrush 14 years ago

28 Posts

12 Users

0 Reactions

4,044 Views

RSS

Patrick4n6

(@patrick4n6)

Honorable Member

Joined: 16 years ago

Posts: 650

Topic starter 22/07/2010 9:39 pm

Jonathan, as I said, there needs to be a change to some policies, and perhaps a bylaw. Under IACIS rules, any such change needs to be drafted, initially approved by the board, then posted for a month for member review and feedback, and then unconditionally approved by the membership. Additionally, IACIS is going to need to source provider(s) for the background checks to cover multiple countries since they have over 60 (maybe more, I haven't checked lately) different countries represented. I think it's doable for the next round of certification, which begins after the EU conference, but I'm not directly involved in the process so I can't say with any certainty.

Paul, there is already (as of the current cycle already underway) no longer any difference between being external (didn't attend the training before entering the cert) and internal. All students get full mentoring during the peer review (first 4 problems) and all get zero mentoring for the certification stage (hdd problem and written exam).

ReplyQuote

jhup

(@jhup)

Noble Member

Joined: 16 years ago

Posts: 1442

22/07/2010 9:51 pm

so wait. To try for CFCE one still needs to have LEO experience?

ReplyQuote

mkel2000

(@mkel2000)

Eminent Member

Joined: 17 years ago

Posts: 24

22/07/2010 10:30 pm

While having the CFCE certification available to the general public will probably be helpful, IACIS will need to make some major changes to their process to make it accepted by the general forensic community.

The certification process, in my experience, is highly subjective. Pass or fail on each of the practicals is left to each coach who grades the written report that is required for each practical. You have a year to complete the certification, but there are arbitrary internal deadlines for each practical that are buried ten pages deep in their instructional documents and if the deadline is not met you fail the process regardless of the reason. Granting of extensions are possible, but again this is arbitrary and depends on who in the IACIS hierarchy reviews it.

There is a written test that is part of the certification process, but this is done at the end of the practicals and consists of essay-only answers. If you fail this portion, you have failed the entire certification, regardless of how you performed on the practicals.

All that said, my experience with this process was in 2005 and it may have changed somewhat. If it has, all the better. If not, then you need to be aware of the issues if you plan on attempting the certification.

Mark

ReplyQuote

Patrick4n6

(@patrick4n6)

Honorable Member

Joined: 16 years ago

Posts: 650

Topic starter 23/07/2010 12:26 am

Jhup, no, you don't need LE experience.

mkel, the CFCE is being transitioned to a completely objective testing methodology. The issue of subjective grading by coaches was acknowledged by the certification stakeholders over a year ago and much of it has already been resolved, or will be resolved in the near future.

The structure of timeframes has also been changed substantially since '05. You get 4 months to complete the peer review which consists of 3 practicals and the wildcard. There are no milestones within that 4 months, you can finish as fast or as slow as you like so long as all 4 questions are finalised before the end date. Once you pass peer review, you get I think 2 months to do the hard drive and the final exam.

As for the comment about failing the exam means you fail the whole thing, I think you'll find that in any competency based testing program, the same thing applies. You are expected to meet all the competencies, and the competencies are spread out amongst the practicals and the exam. If you don't pass it all, then you're not yet competent, and you need to study some more and try again. If you fail at the certification phase, you wait 60-180 days and apply to retake the certification phase. There's a fee for the do-over that's to be announced, but I don't expect it will be much.

The IACIS website has the dates for application for the next CFCE cycle. Enrollment is August 15, 2010 to November 1, 2010. The cycle starts on 1 December. Looking at that timeframe, and knowing the process to change the policies, I'm guessing that the June cycle will be the first one to open up, but I wouldn't rule out the new policy being in place before November.

ReplyQuote

mkel2000

(@mkel2000)

Eminent Member

Joined: 17 years ago

Posts: 24

27/07/2010 8:55 pm

mkel, the CFCE is being transitioned to a completely objective testing methodology. The issue of subjective grading by coaches was acknowledged by the certification stakeholders over a year ago and much of it has already been resolved, or will be resolved in the near future.

The structure of time frames has also been changed substantially since '05. You get 4 months to complete the peer review which consists of 3 practicals and the wild card. There are no milestones within that 4 months, you can finish as fast or as slow as you like so long as all 4 questions are finalised before the end date. Once you pass peer review, you get I think 2 months to do the hard drive and the final exam.

That is very good to hear. Most other certifications that I am aware of are graded objectively and this was an issue with CFCE - both in the certification and re-certification exams. This will go a long way in improving the CFCE certification credibility. It also sounds as though the process has become more streamlined with fewer practicals and a more compact time line.

As for the comment about failing the exam means you fail the whole thing, I think you'll find that in any competency based testing program, the same thing applies. You are expected to meet all the competencies, and the competencies are spread out amongst the practicals and the exam. If you don't pass it all, then you're not yet competent, and you need to study some more and try again. If you fail at the certification phase, you wait 60-180 days and apply to retake the certification phase. There's a fee for the do-over that's to be announced, but I don't expect it will be much.

I fully agree with the premise that failing any part of the certification process means failing the certification. Where I disagree is the placement of the exam in the process. Again, most certifications I am aware of that include written and practical portions place the written exam at the beginning of the process as a "pre-test" (for lack of better terminology on my part.) To spend four to six months demonstrating competency in the actual work of computer forensics and then failing the written seems backwards to the actual goal of certification which is to demonstrate knowledge and competency in the field. I know that the written was extracted from the hard drive exam practical as part of the process, but this competency could easily be demonstrated in some other manner.

Mark

ReplyQuote

douglasbrush

(@douglasbrush)

Prominent Member

Joined: 16 years ago

Posts: 812

27/07/2010 9:46 pm

Has there been any discussion of training programs that would have some loose association such as the CCE has with Key Computer Service and ISFCE? Or GCFA and SANS 508?

ReplyQuote

Patrick4n6

(@patrick4n6)

Honorable Member

Joined: 16 years ago

Posts: 650

Topic starter 28/07/2010 1:47 am

There is no requirement to take any particular training. When I got my CFCE, I'd never had any formal training, just on-the-job training in a well established lab. Because IACIS also trains, I don't know if they would seek to have arrangements with other companies in this regard. However, I expect that the competencies will be published at some point which will enable training orgs to align their current training with the IACIS competencies if they so desire.

ReplyQuote

douglasbrush

(@douglasbrush)

Prominent Member

Joined: 16 years ago

Posts: 812

15/02/2011 9:30 pm

Any updates on the availability of the CFCE to public sector? Well there appears to be
http//www.iacis.com/certification/external_overview

I LMGTFY myself-ed. Not sure the board policy on that 😉

ReplyQuote

Patrick4n6

(@patrick4n6)

Honorable Member

Joined: 16 years ago

Posts: 650

Topic starter 16/02/2011 11:47 pm

Any updates on the availability of the CFCE to public sector? Well there appears to be
http//www.iacis.com/certification/external_overview

I LMGTFY myself-ed. Not sure the board policy on that 😉

Looks like you answered your own question. That page makes it clear what the requirements are. Do you want me to seek a clarification from a board member for you?

ReplyQuote

douglasbrush

(@douglasbrush)

Prominent Member

Joined: 16 years ago

Posts: 812

18/02/2011 5:28 am

I guess just looking for clarification as to when the IACIS Basic Computer Forensic Examinations (BCFE) training event might occur. I see that the enrollment process is opening on March 1st?

ReplyQuote

Page 2 / 3 Prev Next

8 Forums
15.7 K Topics
92.3 K Posts
187 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed