The Certified Lead Forensics Examiner (CLFE) certification is for professionals working or interested in the computer forensics evidence recovery and analysis process. The certification focuses on core skills required to collect and analyze data from Windows, Mac OS X, Linux computer systems as well as mobile devices.
The PECB CLFE certifies that candidates have the knowledge, skills, and ability in the following competency domains:
- Scientific principles of computer forensics
- Computer forensics operations fundamentals
- Forensics: computer hardware structure
- Forensics: operating systems and file structure
- Forensics of network, cloud and virtual environments
- Forensics of cell phones and tablets
- Computer forensics operation tools and software
- Forensics: examination, acquisition and preservation of electronic evidence
Various professions may apply for this certification:
- CSERs (computer search and evidence recovery),
- SCERs (Specialists in Computer Evidence Recovery),
- Computer forensics specialists,
- IT investigators,
- Judicial IT,
- Electronic data analyst,
- Digital investigator,
- Digital investigator,
- Computer forensic expert
- Techno crime specialist
The requirements for CLFE certifications are:
|Credential||Exam||Professional experience||CLFEMS project experience||Other requirements|
|Provisional Forensics Examiner||PECB Certified Lead Forensics Examiner Exam or equivalent||None||None||Signing the PECB Code of Ethics|
|Forensics Examiner||PECB Certified Lead Forensics Examiner Exam or equivalent||Two years: One year of field experience in computer forensics||Forensics activities totaling 200 hours||Signing the PECB code of ethics|
|Lead Forensics Examiner||PECB Certified Lead Forensics Examiner Exam or equivalent||Five years: Two years of field experience in computer forensics||Forensics activities totaling 300 hours||Signing the PECB code of ethics|
To be considered valid, the risk assessment activities should follow best implementation practices and include significant part of the following activities:
- Post incident response, and
- Computer forensics.
- Informaticians: Network manager, computer pool manager, programmer, analysts, computer sellers or shop.
- Discovery specialists,
Professional references must be from individuals who have professionally worked with you and can validate your risk management expertise, current and previous work history, as well as your job performance. You cannot use anyone as a reference who falls under your supervision or is a relative. At least three professional references are required (candidates can input up to a maximum of five references).
Complete information is required: including job title, begin dates, end dates, responsibilities and more. Summarize each assignment, providing sufficient detail to describe the nature of the responsibilities that you had. This information can be detailed in your resume.
Denial and Revocation of Certification
Certification will be denied or revoked for any of the following reasons:
- Falsification of application
- Violation of testing procedures
- Failure to pass the examination
Denials or revocations of certification may be appealed to the Certification Board in writing.
Annual Renewal Certification Fee
To maintain your credentials active, there is an annual renewal fee for each calendar year. Registrants who pay their annual renewal fee will appear online in the PECB Directory of Certified Professional.
Maintain your Certification (Recertification)
The PECB designations are valid for three years. To maintain your certification, you must have accumulated the necessary 90 Continuing Professional Development credits (CPD) by the end of that three-year period and pay the recertification fee. CPD hours need to be inputted in your online PECB profile. PECB certified professionals who fail to provide the required CPD hours will have their PECB credentials revoked and will no longer be allowed to present themselves as certified PECB professionals.
Informations and registration:
Alexandra Niculae, Training Director ENVISO