GIAC Forensic Examiner badge achieved after attending the GCFE Course and Certification

Fill-star Fill-star Fill-star Fill-star Fill-star Fill-star Fill-star Fill-star Fill-star half-star

(112 Reviews)

GIAC Certified Forensic Examiner (GCFE)

Uncover digital evidence with GCFE. Gain skills in forensic analysis to investigate cyber incidents and strengthen security defenses.

course: GIAC Certified Forensic Examiner (GCFE)

Duration: 5 days

Format: Virtual or Classroom

prepare-exam Prepares for Exam : GIAC Certified Forensic Examiner (GCFE) Exam (GCFE)

certification-icon Prepares for Certification : GIAC Certified Forensic Examiner (GCFE)

ktk-icon Attend this and 60+ other Security courses for FREE with Unlimited Security Training


Uncover the secrets of digital investigations with the Certified Forensic Examiner (GCFE) course. This program offers comprehensive training led by industry experts, ensuring you acquire advanced skills in computer forensics and analysis. Master the art of forensic examinations, position yourself as a sought-after professional, and elevate your career with the prestigious GCFE certification. Unleash your potential in digital forensics.

This course includes
  • intructor-iconInstructor-led training
  • intructor-iconPractice test
  • intructor-iconPre-reading
  • intructor-iconPersonal Learning Path
  • intructor-iconCertification Guarantee
  • intructor-iconEmail, chat and phone support

Top companies trust Readynez

Who is this course for?

Whois GIAC Certified Forensic Examiner (GCFE) training course for?

The GIAC Certified Forensic Examiner (GCFE) training course is designed for digital forensic professionals and incident response teams. It covers various areas including digital forensics foundations, file system forensics, Windows forensics, network forensics, malware forensics, memory forensics, mobile device forensics, incident response and timeline analysis, and report writing and documentation. The course aims to equip professionals with the skills to identify, collect, and analyze digital evidence in forensic investigations. By completing the training and earning the GCFE certification, individuals demonstrate their expertise in digital forensic analysis and their ability to contribute to incident response and legal investigations.


What you will learn during our GIAC Certified Forensic Examiner (GCFE) course.

  • Overview of digital forensic process and methodology
  • Overview of Windows operating system and file systems (NTFS, FAT, exFAT)
  • Disk and file system concepts (sectors, clusters, MFT, slack space, etc.)
  • Disk and file system acquisition methods and tools (FTK Imager, dd, etc.)
  • Disk and file system analysis methods and tools (Autopsy, fsstat, fls, etc.)
  • Overview of Windows artifacts and their forensic value
  • Registry analysis methods and tools (RegRipper, Registry Explorer, etc.)
  • Event log analysis methods and tools (Log Parser Lizard, Event Log Explorer, etc.)
  • Browser history analysis methods and tools (Web Historian, Hindsight, etc.)
  • Email analysis methods and tools (PST Viewer Pro, MBOX Viewer Pro, etc.)
  • Overview of file recovery techniques and challenges
  • Deleted file recovery methods and tools (Recuva, PhotoRec, etc.)
  • File carving methods and tools (Foremost, Scalpel, etc.)
  • Timeline analysis concepts (MACB times, log2timeline format)
  • Timeline analysis methods and tools (Timeline Explorer, Log2Timeline/Plaso)
  • Overview of memory forensics concepts and challenges
  • Memory acquisition methods and tools (DumpIt,WinPMEM)
  • Memory analysis methods and tools (Volatility,Rekall)
  • Memory artifact analysis (processes, DLLs, handles, sockets, etc.)
  • Overview of malware forensics concepts and challenges
  • Malware identification methods and tools (VirusTotal, YARA) Malware static analysis methods and tools (PEview, strings,IDA Pro)
  • Malware dynamic analysis methods and tools (Process Monitor, Process Explorer, Wireshark)
  • Malware artifact recovery methods and tools (prefetch files, autoruns entries, registry keys)


How to best be prepared for our GIAC Certified Forensic Examiner (GCFE) course.

  • [Dictionary item: Orange-check] Basic understanding of Windows operating system and file systems
  • [Dictionary item: Orange-check] Basic familiarity with command line tools and GUI tools
  • [Dictionary item: Orange-check] Basic knowledge of networking concepts and protocols
  • [Dictionary item: Orange-check] Basic knowledge of malware analysis and reverse engineering

Meet our instructors

Meet some of the Readynez Instructors you can meet on your course. They are experts, passionate about what they do, and dedicated to give back to their industry, their field, and those who want to learn, explore, and advance in their careers.


Kevin Henry

Kevin has served for years as an authorised instructor for (ISC)2 and is renowned for his 20-year contribution to learners training for IT security skills

Kevin Henry is a well-known and highly respected expert instructor with Readynez.

Kevin has served for many years as an authorised instructor for (ISC)2 and he is renowned for his 20-year contribution to learners training for IT security skills- and certifications such as the CISSP, CSSLP, CISM, CISA and CCSP everywhere in the world.

Kevin is a force to be reckoned with, being an authorised instructor and training no less than 9.000 online learners monthly in the fields of information security and audit, in addition to the many students that attend his instructor-led courses with Readynez

He is also one of the most highly-rated instructors and most often he is given scores of 10/10 by his delegates. 


Read Less

James Rowney

James is recognised for his more than 20 years of contribution to learning and certification within IT Security.

James has worked on many large mission critical environments in some of the largest companies in their industries.

Understanding business requirements and drivers are essential to any strategy and design. Understanding environments are key to any application or infrastructure changes, both the immediate services they interface with and those beyond. A failure to satisfy Non Functional Requirements can not be fixed by a process.

Specialties: CISSP, CCSP, AWS Solution Architect Associate, TOGAF 9 certified 86080 member of The Association of Enterprise Architects (AEA) - 27519830. BCS Solution & Enterprise Architect Certified - AMBCS - 990529878, Linux RHCE V5 expired, RHCVA Unix, Storage, SAN, Netbackup, Clusters, Design and Delivery of Infrastructure.


Read Less

Friedhelm Düsterhöft

Friedhelm Düsterhöft has 30+ years of work experience in IT, Information Security and Data Privacy.

Friedhelm Düsterhöft is a Senior Information Security Consultant, Auditor, Trainer and Managing Director, and has 30+ years of work experience in IT, Information Security and Data Privacy.

He has contributed to various PECB whitepapers and articles, such as ’Information Security in Banks and Financial Institutions’, ‘What Does SIEM Stand For?’, ‘Why Organizations Fail to Pass an Audit’ and “How to Integrate ISO/IEC 27032 Cybersecurity with ISMS?’.

Read Less


FAQs for the GCFE course.

The GIAC Certified Forensic Examiner (GCFE) certification validates a practitioner's knowledge of computer forensic analysis, with an emphasis on core skills required to collect and analyze data from Windows computer systems.

Unlock the path to becoming a certified Certified Forensic Examiner with Readynez! Enroll in our instructor-led training course to excel in the GCFE exam. Readynez specializes in individual and team preparation, ensuring success. Let us guide you toward becoming a certified GCFE professional in digital forensics. Join Readynez for a transformative learning experience and secure your certification.

Eligibility for obtaining a GCFE certification involves passing a proctored exam comprising 115 questions. Candidates are allotted 3 hours to complete the exam, requiring a passing score of at least 71% to earn certification. GCFE exam sections focus on the analysis and profiling of systems and devices, ensuring certified professionals possess the necessary skills for forensic examinations.

GCFE certification cost is EUR 880. The certification is valid for 4 years of earning.

The GCFE exam syllabus covers diverse sections such as system and device analysis, file and program activity analysis, digital evidence acquisition, user communications analysis, Windows system user artifacts, fundamental digital forensics, host and application event log analysis, Microsoft and third-party browser forensics, browser artifact analysis, and Windows registry artifact analysis, emphasizing comprehensive skills in digital forensics.

Opting for a GIAC Certification like GCFE is a valuable career investment for cybersecurity professionals. It showcases your dedication to ongoing learning and your capability to address intricate security issues, enhancing your professional credibility in the field.

While a certification test may take up to a few months to complete, computer forensics applicants often need additional training hours and work experience. Considering all requirements, applicants should expect to become fully certified within a year, depending on the program.

All GIAC Certification exams are web-based and are required to be proctored.

The difficulty of passing the Certified Forensic Examiner (GCFE) exam can vary depending on your experience, knowledge, and preparation. This course is designed to validate a practitioner's knowledge of computer forensic analysis, with an emphasis on core skills required to collect and analyze data from Windows computer systems.

Obtaining a GCFE certification requires passing a proctored exam that consists of 115 questions. Candidates are given 3 hours to take the exam and will need to have a passing score of at least 71% to earn the certification.

The certification can be renewed after every 4 years from the date of acquiring the certification.

The GIAC GCFE certification not only makes you a more suitable candidate, but it can also boost your salary. With the GCFE certification, you earn upto $101,938 per year. This is comparatively higher than the average salary for someone without certification, which is around $75,000 per year.


Feedback from our delegates.


Stephen Ridgway

Readynez is the best training provider I've used for many years. Their customer service is first class, prices are very competitive and instruction excellent.


Johan Andersson

Easy to attend over Teams and an excellent instructor gave me great value for the time I invested.

Why Pay More??

Go beyond one certification Achieve Complete Masterymedal-icon

Why settle for just one certification course when you can attend ALL certification courses for the price of less than one single course?

  • [Dictionary item: Orange-check] 60+ Courses for the price of less than one
  • [Dictionary item: Orange-check] LIVE Instructor-led courses
  • [Dictionary item: Orange-check] Expert Instructors at your fingertips
  • [Dictionary item: Orange-check] Money-back Guarantee
  • [Dictionary item: Orange-check] Flexible payment options

A perfect tool to help us develop the skills and competencies we need for success

it's-IT Kasper Meyer Christensen

A training solution so good that it pays for itself


Businesses leveraging Readynez Unlimited save at least 50% on their training and certifications - and many up to 80%

2.4 x

Unlimited license holders attend on average 2.4 courses per year

Get more for less with Unlimited Training



For the price of less than one course.



Just cheaper and more flexible.



The easiest, most flexible and cheapest way to get Certified.



Attend as many courses you want - no limitations!

Money Gaurantee


Refund provided if license costs surpass the value of your training.



Interact 1-on-1 with 50+ seasoned instructors.



Price: {{item.ItemPriceExVatFormatted}} {{item.Currency}}