This is a curated list of DFIR Related Certifications that you can get for under $1,000 with training included.
I personally think many of the certifications listed, especially the hands-on certifications, should get more recognition by HR and hiring managers. My goal is to take as many of these as I can and do a blog series on DFIR Diva and Get Your Start Careers about lesser known DFIR Related certifications that should be on hiring managers radar. Stay tuned!
| Name & Direct Link | Platform/Instructor | Training & Exam Pricing | Topics | Exam Type |
|---|---|---|---|---|
| Blue Team Level 1 (BTL1) (This is the best one for beginners) | Security Blue Team | Training + Exam: £499 ($687.35) Includes 4 months of training access, exam voucher, and free retake. The exam is a 24-hour practical exam. | Security Fundamentals, Phishing Analysis, Threat Intelligence, Digital Forensics, Windows and Linux Investigations, Volatility, Autopsy, Digital Evidence Collection, SIEM, Logging, Splunk, Incident Response, MITRE ATT&CK | Practical Hands-On |
| MDFIR - Certified DFIR Specialist | Mossé Cyber Security Institute | $450 includes practical exercises and the certification. This isn't a typical approach to a certification. You complete 100% practical exercises that you research how to do on your own as you go, so part of it is research methods and critical-thinking skills. As you go through the exercises, you go from Novice DFIR Practitioner up to Certified Expert DFIR Practitioner. There is no time limit to complete it. | File Analysis, Windows Forensics, Memory Forensics, Applications Forensics, Network Forensics, Malware Analysis, Enterprise Investigations, Threat Intelligence, Writing Digital Forensics and Incident Reports, Documentation and Procedures. | Practical Hands-On |
| MBT - Certified Blue Teamer | Mossé Cyber Security Institute | $450 includes the practical exercises and certification. This isn't a typical approach to a certification. You complete 100% practical exercises that you research how to do on your own as you go, so part of it is research methods and critical-thinking skills. As you go through the exercises, you go from MCSI Blue Team Learner up to MCSI Certified Expert Blue Team Practitioner. There is no time limit to complete it. | Malware Analysis, Threat Hunting, Cyber Defence, Incident Response, OSINT, Memory Forensics, Threat Intelligence, Binary Classification, Static Code Analysis, Enterprise Investigations | Practical Hands-On |
| Cybersec First Responder (CFR) (This certification is listed under most of the CSSP categories of the DoD Approved 8570 Baseline Certifications) | CertNexus | There are several different exam bundles that can include the print book, eBook, eLearning, certification voucher and labs for under $1,000 | Log Analysis, SIEM Tools, Regular Expressions, Using Windows and Linux Tools to Analyze Incidents, Methods and Tools for Malware Analysis, IOCs, Incident Response Process, Forensic Analysis, Mitigation, Windows Event Logs | Multiple Choice |
eLearnSecurity Certified Digital Forensics Professional (eCDFP) | INE/eLearnSecurity - Instructor: Ali Hadi | INE offers training for $749/year with a coupon for 50% off an eLearnSecurity Voucher = $949 Total Alternatively, INE offers training at $49/month with a full-price voucher at $400. | Aquisition, File & Disk Analysis, System & Network Forensics, Logs, Timelines & Reporting, File Carving, Creating Custom Carving Signatures, Windows Registry, LNK Files, Prefetch Files, USB Devices, Shellbags, Recycle Bin | Practical Hands-On |
| INE/eLearnSecurity - Instructor: Dimitrios Bougioukas | INE offers training for $749/year with a coupon for 50% off an eLearnSecurity Voucher = $949 Total Alternatively, INE offers training at $49/month with a full-price voucher at $400. | Detecting Cyber Attacks, SIEM, Analyzing Traffic, Flows, and Endpoints, Utilizing Threat Intelligence, IDS, Log Management | Practical Hands-On | |
eLearnSecurity Certified Malware Analysis Professional (eCMAP) | INE/eLearnSecurity - Instructor: Ali Hadi | INE offers training for $749/year with a coupon for 50% off an eLearnSecurity Voucher = $949 Total Alternatively, INE offers training at $49/month with a full-price voucher at $400. | x64 Bit Assembly, Analyzing PE File Structure, Packed Malware Identification and Analysis, IOCs, YARA Rules, Processes, DLLs, Handles, Droppers, Reverse Engineering, Unpacking Malware, Debugging | Practical Hands-On |
| INE/eLearnSecurity - Instructor: Kyriakos Economou | INE offers training for $749/year with a coupon for 50% off an eLearnSecurity Voucher = $949 Total Alternatively, INE offers training at $49/month with a full-price voucher at $400. | Reverse Engineering Foundations, Practical Reverse Engineering, The Stack, Algorithm Reversing, String References and Basic Patching, Windows Registry Manipulation, File Manipulation, Anti-Reversing Tricks, Code Obfuscation, Analyzing Packers, Debugging Multi-Thread Applications | Practical Hands-On | |
| eLearnSecurity Certified Threat Hunting Professional (eCTHPv2) | INE/eLearnSecurity - Instructor: Slavi Parpulev | INE offers training for $749/year with a coupon for 50% off an eLearnSecurity Voucher = $949 Total Alternatively, INE offers training at $49/month with a full-price voucher at $400. | Memory Forensics Using Redline, Volatility, and Other Tools, Network Traffic Analysis, Using Threat Intelligence to Hunt for Threats, Detecting Advanced Hacking Techniques, Using Tools Such as Powershell, ELK and Splunk to Analyze Windows Events and Detect Attacks | Practical Hands-On |
| MOIS - Certified OSINT Expert | Mossé Cyber Security Institute | $450 includes the practical exercises and certification. This isn't a typical approach to a certification. You complete 100% practical exercises that you research how to do on your own as you go, so part of it is research methods and critical-thinking skills. As you go through the exercises, you go from MCSI OSINT Learner up to MCSI Certified Expert OSINT Practitioner. There is no time limit to complete it. | Creating an Anonymous Presence to be Used to Conduct Online Investigative Research, Collect Data From IP Addresses, Domain Names, Email Addresses, Documents, Search Engines, Code Repositories, Data Breaches, Social Media Platforms and more, Write Tools in Python to Interact With APIs and Automate the OSINT Data Collection Process, Develop Professionial Procedures and Methodologies. | Practical Hands-On |
| MRE - Certified Reverse Engineer | Mossé Cyber Security Institute | $450 includes the practical exercises and certification. This isn't a typical approach to a certification. You complete 100% practical exercises that you research how to do on your own as you go, so part of it is research methods and critical-thinking skills. As you go through the exercises, you go from MCSI Reverse Engineering Learner up to MCSI Certified Expert Reverse Engineering Practitioner. There is no time limit to complete it. | Programming for Reverse Engineering, Windows Internals for Reverse Engineering, Binary Classification, Memory Forensics for Malware Analysis, Ghidra, Malware in Documents, Static and Dynamic Code Analysis, Code Deobfuscation | Practical Hands-On |
| MCD - Certified Code Deobfuscation Specialist | Mossé Cyber Security Institute | $450 includes the practical exercises and certification. This isn't a typical approach to a certification. You complete 100% practical exercises that you research how to do on your own as you go, so part of it is research methods and critical-thinking skills. As you go through the exercises, you go from MCSI Code Deobfuscation Learner up to MCSI Certified Expert Code Deobfuscation Specialist Practitioner. There is no time limit to complete it. | Ghidra Fundamentals, Writing a Ghidra Plugin, Code Obfuscation Techniques, VM Protection Techniques, Automated Binary Analysis, Automated Code Deobfuscation Techniques. | Practical/Hands-On |
| C)DFE - Certified Digital Forensics Examiner | Mile2 | $995 Includes Training Videos, Labs, E-Book and Exam Voucher | Computer Forensic Incidents, Investigative Theory, Investigative Process, Digital Aquisition and Analysis Tools, Disks and Storage, Live Acquisition, Windows Forensics, Linux Forensics, Mac Forensics, Examination Protocols, Digital Evidence Protocols and Preservation, Laboratory Protocols, Specialized Artifact Recovery, eDiscovery and ESI, Mobile Forensics, Incident Handling, Reporting | Multiple Choice |
| C)NFE - Certified Network Forensics Examiner | Mile2 | $995 Includes Training Videos, Labs, E-Book and Exam Voucher | Digital Evidence, Network Evidence, Network Forensics, Internet Protocol Suite, Traffic Acquisition Software, Live Acquisition, Phyiscal Interception, Analysis, Layer 2 Protocol, Wireless Access Points, Wireless Attacks, NIDS, Centralized Logging, Syslog, Network Tunneling, Malware Forensics, Network Tunnelling. | Multiple Choice |
| C)IHE - Certified Incident Handling Engineer | Mile2 | $995 Includes Training Videos, Labs, E-Book and Exam Voucher | Incident Handling, Threats, Vulnerabilities, Exploits, Preparation, First Response, Containment, Eradication, Recovery, Follow-Up, Computer Securirity Incident Response Team, Log File Analysis, Malware, Rootkits, Botnets, Artifact Analysis | Multiple Choice |
| MITRE ATT&CK Defender | MITRE Engenuity | $299 Per Year Includes Training and Certification (There is Free Training on Cybrary Without Certification) | Threat Intelligence, Security Operations, Threat Emulation | Multiple Choice |
