cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
DFIR_JasonJ
Viewer II

CCFP

So as one of the co-authors of the CCFP, I was quite surprised that (ISC)2 was killing the certification, and it would be a really good idea to see exactly why this was.

 

It is actually quite sad because the concept was good, but I think what was needed was more input from actual digital forensics practitioners to make it actually relevant.

 

Is there anyway that this process could be revived or rebooted?

11 Replies
jlcoupe
Viewer

I am also sad and have tried to book training for CCFP for about a year now.
Kentner
Viewer

I was excited to see (ISC)2 embracing the Forensics field and offering a certification.  Although I was doing forensics full time when the cert was introduced, I did not qualify to write the exam at that time.

So, I put it on the back burner, where it has stayed.

 

jpisfilr
Viewer II

I was contemplating the idea of going forward with the CCFP certification to aggregate to my master's in computer forensics.  it is news to me that ISC2 is killing this cert.  Do they intend to replace it with an alternate forensics certs or will they just be dropping it?  

ScharfRJ
Newcomer I

This is the reply I received from ISC2 when I sent them a not so gentle argument email about this issue of dropping the CCFP:

"Hello Robert,

Thank you for your email and we apologize for any inconvenience this may cause.

Unfortunately this decision has been finalized and we wouldn’t be able to change the mind of our board.

I will certainly express your concerns to the correct individuals, but I can’t offer a resolution at this time.

I hope this helps, should you have any further questions please contact me.

Best Regards,

Thaddeus Feldhouse
Customer Service Coordinator
(ISC)², Inc."

 

...I had stated to them that:

"I should have seen the writing on the wall when ISC2 started pushing the CCSP even when the ISO standards were not even completed, being only released in 2015 (ISO 27017). The NIST definition was only completed in 2011/12 yet your CCSP is asking practitioners to have 5 years’ experience. It doesn’t make sense to support the CCSP standard yet drop the CCFP standard.

 

Without CCFP practitioners you cannot enforce CCSP standards in the field!"

 

Rob Scharf

CISSP member #34200

ScharfRJ
Newcomer I

this kind of behavior from "The Board" just brings up concerns of back-room pressure from competitors such as SANS...the ISC2 members should be notified of the reasons for these decisions since we are the ones paying for books, training and yearly fees for these certifications.
DFIR_JasonJ
Viewer II

Hi Rob

 

The response that you received is really concerning. As one of the authors that wrote several chapters in the CCFP CBK, we were not even notified or even consulted on the decision. I found this to be a real slap in the face after all the work that we put in. 

 

I for one would like to have a reason why it was dropped, and a real honest reason at that.

Baechle
Advocate I

Jason,

 

It’s actually quite difficult to see what the CBK was for the CCFP.  Without additional information on what the certification covered, I kind of side with the board on this one.

 

Certification in the world of forensics is tricky and somewhat misleading.  Many folks rely on digital assistive technology certifications for example, those from Guidance Software or Access Data.  If you were to compare this to another field, for discussion, accounting – then this would be like getting certified in Excel.  With advanced knowledge of Microsoft Excel, you would know the tool well, including use of the formulas and formatting, and you could probably solve basic accounting equations.  On the flip side to that, I wouldn’t want you doing my taxes.

 

There are professional academic degrees in forensics, such as Forensic Accounting, Forensic Psychology and so on, that combine a rigorous education in the discipline combined with significant electives in scientific methodology and law.  Even these programs I think are fairly light – serving as a baseline for those at the entry level.  I believe digital forensics education belongs in this bucket.  Advanced, deep-dive degrees in computer science mixed with scientific method, analysis, and legal education.

 

A flip side to this is investigative or legal professionals that know the legal world well, and are assisted by specialists that may not be “forensicators” in their own right.  These folks could collect facts with the assistance of technical specialists, regardless of if that specialization is in computers, psychology, accounting, etc.  The difference is that these specialists are typically formally licensed.  Most Forensic Accountants have the CPA; Forensic Psychologists are either Medical Doctors or Clinical Psychologists; and Computer and Electronic Engineers have the Professional Engineer qualification.  Those in other forensic sub-disciplines are generally similarly accredited and licensed.  These are example prerequisites for state licensure.  And state licensure is typically required to practice forensics by most States in the USA (unless you are a government agent, or an investigator working on behalf of an attorney).

 

So, in reality the CCFP isn’t going to offer you much in the courtroom.  I believe it may be a good framework of knowledge to familiarize yourself with forensics generally – and could be a good book to read in its own right.  But I don’t believe it fits well as a qualification from (ISC)^2 or anyone else (e.g. SANS) for that matter.

 

Sincerely,

 

Eric B.

ScharfRJ
Newcomer I

I agree with some of your points but also must add that anyone looking for a forensic analyst must look at the whole skillset package of a digital examiner/investigator. Personally, I've made sure to make sure my skillset has multiple facets, (although may be easier for me than others since I am on the Autism spectrum). I did some years on Mainframe operations, some years with mini-computers, been through all the flavours of MS OSes, passed my A+ PC Tech certification, passed my CISSP 15 years ago and just passed my CCFE. (due to ISC2 retiring the CCFP before I was prepared to pass the exam)

I believe that we should strive to pad our teams with people who have unique talents in the IT and IM/IT Security streams, as well as younger members talented with the cyber social genre, in order to equip our Companies and Governmental Agencies with a Cyber/Cloud Security team which is adaptable.

Respectfully, let me make one last point...we must not make the mistake of comparing the traditional fields educated and governed through the University/College Institutions, with the Computer/Digital/Cyber/Cloud fields of technology, for I fear this would greatly limit our collection of the gifted examiners out there who studied, backwards engineered, disassembled and decoded the parts of this unique set of technologies from a young age right in their own homes, compared to fields where it was difficult to study within the home.

Cheers

RJ

Baechle
Advocate I

Robert,

 

I have to respectfully both agree and disagree with some of your points concerning forensics examiners. 

 

Specifically, the CCFP I think applied only and specifically to forensic examiners.  This is a career field in and of itself.  It uses elements and knowledge of Information Technology, but in and of itself is not primarily an Information Technology discipline. 

 

A forensic examiner in any specialization should have, first and foremost, formal training as a scientist or engineer.  This generally only occurs through the formal academic institutions.  While some people develop critical thinking skills on their own through life experience, a forensic examiner’s primary tasks are using critical thinking in proposing a hypothesis, designing and documenting experiments, running the experiments, and documenting the results.

 

That being said, I agree that Information Technology teams should have a blend of skill sets and experience levels.  I believe that for the most part, Information Technology is a trade or neo-Blue Collar work.  On the other hand, conducting formal experiments for the purposes of presenting findings to a court of law is not neo-Blue Collar work – and should be governed through formal academic institutions, education, qualification, and licensing. 

 

I think that the ability to disassemble, reverse engineer, and other skills are extraordinarily good to have.  At the same time, I would want to ensure that the processes used here for forensic purposes, could be defensible in a court of law both through the voir dire of the technologist’s education and through actual application of the scientific process.

 

Sincerely,

 

Eric B.