eCDFP Certification

eLearnSecurity Certified Digital Forensics Professional



The eLearnSecurity Certified Digital Forensics Professional (eCDFP) is an advanced digital forensics exam meant for senior-level cyber security professionals. A successful certification allows digital forensics investigators to prove their technical digital forensics expertise.


Here are some of the ways eLearnSecurity Certified Digital Forensics Professional certification is different from conventional certifications:

  • While most exams are multiple choice, the eCDFP certification requires candidates to complete a real-world simulation based on actual scenarios and incidents.
  • The test requires multiple methodologies and individual creative thinking to complete. A skillset like this will make you a valuable asset in the corporate sector.
  • Only individuals who provide proof of their findings are awarded the eCDFP Certification.
Knowledge Domains

By obtaining the eCDFP, your skills in the following areas will be assessed and certified:
By obtaining the eCDFP, your skills in the following areas will be assessed and certified:

  • File & disk analysis
  • Windows forensics
  • Network forensics
  • Log analysis
  • Timeline analysis
  • In-depth knowledge of file systems and tools such as WinHex, regripper, tcpdump etc.

The eCDFP is a certification for individuals with highly technical understanding of networks, systems and cyber attacks. Everyone can attempt the certification exam, however here are the recommended skills, taught within the Digital Forensics Professional learning path that will help you pass the exam:

  • Letters of engagement and the basics related to a forensic investigation engagement
  • Networking concepts
  • Digital forensics processes and methodologies
  • Proficiency in file & disk analysis
  • Analyzing Windows artifacts
  • Analyzing traffic capture files
  • File systems and disk editors
  • Constructing actionable timelines
  • Proficiency in log analysis
  • Manual intrusion detection skills using the established forensics-related toolkit
  • Correlating data from various sources
The exam

eLearnSecurity’s eCDFP evaluates your ability to use a variety of forensic techniques, inside a fully featured and real-world environment.

Candidates are provided with a real world engagement within INE’s Virtual Labs. Once valid credentials are provided for the certification platform, the candidate can perform the tests from the comfort of their home or office. An Internet connection and VPN software is necessary to carry out the exam.

Certification Process

There are two ways to become an eCDFP:

1. Obtain voucher by by purchasing an INE subscription and taking the Digital Forensics Professional learning path.

The Digital Forensics Professional (DFP) path takes you from a basic-intermediate understanding of digital forensics to a professional level.


2. Attempting the certification without training

eLearnSecurity allows anybody to attempt the certification exam without attending any training. Candidates can do so at their own risk. The candidate that feels prepared enough to demonstrate their practical and professional skills during the exam, can purchase an eCDFP voucher and go through the certification process.

Whether you are attempting the eCDFP certification exam on your own or after having attended one of our approved training courses, you will need to follow these steps to get a certificate:

Whether you are attempting the certification exam on your own or after completing one of our approved learning paths, you will need to purchase an exam voucher before you can start your certification process. Once you obtain the voucher you will receive login credentials to our Certification area where you will manage the exam, the VPN credentials, and any other materials related to the certification process.

Regular vouchers expire after 180 days from purchase.

Before the certification expires, you will have to begin the certification process by clicking on “Begin certification process”. The expiration date will always be available in your certification area and reminder emails are sent to make sure you take advantage of the voucher.

Once you click on the “Begin certification process” button, you will receive an email with instructions regarding the scope of engagement. This letter will contain everything you need to know to take your exam.

To be awarded the certification, you need to score a 76.7% or above. Once you submit your exam, it will be automatically graded and you will receive your results immediately. Should you fail the first attempt, you will then have one free attempt to re-take the certification.