The response that you received is really concerning. As one of the authors that wrote several chapters in the CCFP CBK, we were not even notified or even consulted on the decision. I found this to be a real slap in the face after all the work that we put in.
I for one would like to have a reason why it was dropped, and a real honest reason at that.
It’s actually quite difficult to see what the CBK was for the CCFP. Without additional information on what the certification covered, I kind of side with the board on this one.
Certification in the world of forensics is tricky and somewhat misleading. Many folks rely on digital assistive technology certifications for example, those from Guidance Software or Access Data. If you were to compare this to another field, for discussion, accounting – then this would be like getting certified in Excel. With advanced knowledge of Microsoft Excel, you would know the tool well, including use of the formulas and formatting, and you could probably solve basic accounting equations. On the flip side to that, I wouldn’t want you doing my taxes.
There are professional academic degrees in forensics, such as Forensic Accounting, Forensic Psychology and so on, that combine a rigorous education in the discipline combined with significant electives in scientific methodology and law. Even these programs I think are fairly light – serving as a baseline for those at the entry level. I believe digital forensics education belongs in this bucket. Advanced, deep-dive degrees in computer science mixed with scientific method, analysis, and legal education.
A flip side to this is investigative or legal professionals that know the legal world well, and are assisted by specialists that may not be “forensicators” in their own right. These folks could collect facts with the assistance of technical specialists, regardless of if that specialization is in computers, psychology, accounting, etc. The difference is that these specialists are typically formally licensed. Most Forensic Accountants have the CPA; Forensic Psychologists are either Medical Doctors or Clinical Psychologists; and Computer and Electronic Engineers have the Professional Engineer qualification. Those in other forensic sub-disciplines are generally similarly accredited and licensed. These are example prerequisites for state licensure. And state licensure is typically required to practice forensics by most States in the USA (unless you are a government agent, or an investigator working on behalf of an attorney).
So, in reality the CCFP isn’t going to offer you much in the courtroom. I believe it may be a good framework of knowledge to familiarize yourself with forensics generally – and could be a good book to read in its own right. But I don’t believe it fits well as a qualification from (ISC)^2 or anyone else (e.g. SANS) for that matter.
I agree with some of your points but also must add that anyone looking for a forensic analyst must look at the whole skillset package of a digital examiner/investigator. Personally, I've made sure to make sure my skillset has multiple facets, (although may be easier for me than others since I am on the Autism spectrum). I did some years on Mainframe operations, some years with mini-computers, been through all the flavours of MS OSes, passed my A+ PC Tech certification, passed my CISSP 15 years ago and just passed my CCFE. (due to ISC2 retiring the CCFP before I was prepared to pass the exam)
I believe that we should strive to pad our teams with people who have unique talents in the IT and IM/IT Security streams, as well as younger members talented with the cyber social genre, in order to equip our Companies and Governmental Agencies with a Cyber/Cloud Security team which is adaptable.
Respectfully, let me make one last point...we must not make the mistake of comparing the traditional fields educated and governed through the University/College Institutions, with the Computer/Digital/Cyber/Cloud fields of technology, for I fear this would greatly limit our collection of the gifted examiners out there who studied, backwards engineered, disassembled and decoded the parts of this unique set of technologies from a young age right in their own homes, compared to fields where it was difficult to study within the home.
I have to respectfully both agree and disagree with some of your points concerning forensics examiners.
Specifically, the CCFP I think applied only and specifically to forensic examiners. This is a career field in and of itself. It uses elements and knowledge of Information Technology, but in and of itself is not primarily an Information Technology discipline.
A forensic examiner in any specialization should have, first and foremost, formal training as a scientist or engineer. This generally only occurs through the formal academic institutions. While some people develop critical thinking skills on their own through life experience, a forensic examiner’s primary tasks are using critical thinking in proposing a hypothesis, designing and documenting experiments, running the experiments, and documenting the results.
That being said, I agree that Information Technology teams should have a blend of skill sets and experience levels. I believe that for the most part, Information Technology is a trade or neo-Blue Collar work. On the other hand, conducting formal experiments for the purposes of presenting findings to a court of law is not neo-Blue Collar work – and should be governed through formal academic institutions, education, qualification, and licensing.
I think that the ability to disassemble, reverse engineer, and other skills are extraordinarily good to have. At the same time, I would want to ensure that the processes used here for forensic purposes, could be defensible in a court of law both through the voir dire of the technologist’s education and through actual application of the scientific process.