How then, does one choose the appropriate certification to pursue? While all of the certifications listed above are valuable, I would recommend pursuing one that includes a practical examination and one in which you can use the tools with which you are most familiar. As an example, it is going to be difficult for you to pass the ACE if the only forensic utility that you've used is EnCase Enterprise.
If you are trying to obtain a certification …show more content…
EnCase is a standard of the industry and found in most, if not all, computer forensics shops. So having the EnCE certification demonstrates to employers that you have mastered the tools that they use in their forensic labs.
In addition, passing the EnCE practical was a major confidence booster for me and I have used many of the techniques that I learned as a result of the EnCE practical during my "real" analysis.
In summary, in order to determine the proper computer forensics certification I would look at the following:
1. Certifications that require a practical.
2. Certifications that demonstrate mastery of an industry-standard tool or utility.
3. Certifications that you see in job listings.
4. Certifications that allow or require you to use a forensics utility with which you already have experience.
The EnCase Certified Examiner (EnCE) examination is a two part examination that consists of a written portion and a practical. The practical is difficult, but it tests the basic computer forensic skills that an examiner must have. The Forensic Secrets eBook is a concise guide to passing the EnCE practical. It is by no means a brain dump of the examination but rather a compilation of the techniques that are necessary to pass the practical portion of the