An MCSI qualified professional Digital Forensics and Incident Response (DFIR) Specialist is capable of delivering enterprise-level incident response engagements.
Students who have successfully achieved their MDFIR Certification from MCSI can apply for digital forensics and incident response jobs worldwide with the confidence that they have the competencies the industry is seeking.
MCSI Certifications are world-class. The content is cutting-edge, uniquely-designed, hands-on and challenging. Our exercises teach in-demand skills that are immediately applicable in the field. MCSI's unique approach helps students around the world advance their careers.
This Certification has no expiry date. It has no renewal fees, no hidden fees, and is accessible with no time limits.
MCSI Certified DFIR Specialist:
Perform digital forensics investigations on Windows systems
Use memory forensics to identify and analyse modern APT samples
Perform network forensics on PCAP files to investigate intrusions
Analyse files, executables and malware samples
Identify and track adversary infrastructure based on IOCs generated from an investigation
Lab setup - 3 exercises
Fundamental Capabilities - 5 exercises
Pandas Fundamentals - 10 exercises
File Analysis - 4 exercises
Disk and Filesystem Forensics - 1 exercises
Executable Analysis - 9 exercises
Windows Forensics - 6 exercises
Windows 10 Forensics - 2 exercises
Memory Forensics - 10 exercises
Malware Analysis - 11 exercises
Enterprise Investigations - 7 exercises
Threat Intelligence - 5 exercises
Incident Response Challenges - 9 exercises
Network Forensics Challenges - 8 exercises
Memory Forensics Challenges - 5 exercises
Incident Response Playbooks - 5 exercises
Documentation and Procedures - 5 exercises
Ransomware Investigation - 7 exercises
Below are three (3) exercises from the 100+ exercises available in MDFIR - Certified DFIR Specialist:
Dump The RAM Of A Windows Machine (Novice)
Analyse Malware From A Memory Dump Using The Volatility Framework (Advanced Beginner)
Perform Memory Forensics Of A Machine Compromised With Poweliks (Competent)
Ability to comfortably read and understand IT documentation written in English. Ideally, an IELTS score of 6.5 with no band less than 6 (or equivalent).
Note: You can register for this course without having undertaken an English test.
Using command line utilities and tools
Operating virtual machines
Troubleshooting and resolving software errors
Frequently Asked Questions
What is the MCSI Method™?
Are solutions included in certifications and bundles?
No. Our method of teaching cyber security consists of challenging you with real-world problem statements that you're expected to research and solve by doing your own research. This is how you'll be expected to work in the field. When you fail an exercise, we provide you with constructive feedback to improve and try again.
Do the videos provides the answers to exercises?
No. The videos teach concepts, mindset, methodologies, procedures and professional skills such as report writing, interviewing and preparing proposals.
Do bundles, training content, or certificates ever expire? Am I expected to buy again in the future?
Once purchased, bundles and certificates are unlocked forever. They are no recurring or ongoing fees.
Do I need to buy the training and the certification separately?
No. The price provided covers both. You only pay once.
Do you offer any special offers and discounts?
If I can't solve the exercise where do I go for help?
We have an online forum where you can ask questions and our team of professional instructors will help you out.
An `Unofficial Curriculum` contains MCSI's practical exercises aligned to a non-MCSI Industry Certification syllabus.
We offer unofficial curriculums for the OSCP, ISACA CISA, ISACA CISM, ISACA CRISC, CCT ICE, CCSAS, CCT ACE.
Do you provide Continuing Professional Education (CPE) credits?
Yes. Every single exercise offers CPE credits. The number of credits earned depends on the difficulty of the exercise completed. Below are the CPE Credits achieve for an exercise in each difficulty:
Novice exercises = 1 CPE credits
Advanced Beginner exercises = 2 CPE credits
Competent exercises = 5 CPE credits
Proficient exercises= 8 CPE credits
Beyond Proficient exercises = 16 CPE credits
Are MCSI courses/certifications recognized and have value outside of Australia?
Yes. MCSI certifications have value worldwide and are recognized by employers looking for individuals with practical cyber security skills.
MCSI's training is 100% practical with real cybersecurity problems designed to teach immediately applicable skills in the field. To solve our practical exercises, students must do their own research and develop their own solutions.
While completing exercises, students also develop their own comprehensive cybersecurity portfolio of skills. Individuals use this portfolio to demonstrate their cybersecurity competencies to solve real industry problems to future employers or hiring managers.
Do I need to complete an exam to receive MCSI Certification?
No. MCSI Certifications are completed by solving practical cybersecurity exercises.
This certification successfully prepares you for the following
Digital Forensics Analyst
Security Operations Centre (SOC) Analyst
Training Curriculum and Certifications
Students unlock Certificates of Completion for every exercise they complete. Industry Certifications are unlocked upon achieving Skills Proficiency Milestones.
Obtain CPE points by solving exercises
Achieve multiple certifications
Receive help from instructors online
MCSI's MDFIR certification covers all six levels of the Australian Signals Directorate's Cyber Skills Framework. You will achieve a certificate upon reaching each level. You will earn an industry certification at Level 5. Click here to learn more.
ASD Skills Proficiency Level
Curriculum Completion Requirement
Scenarios Completion Requirement
MCSI DFIR Learner
MCSI Novice DFIR Practitioner
MCSI DFIR Practitioner
MCSI Senior DFIR Practitioner
MCSI Certified Principal DFIR Practitioner
MCSI Certified Expert DFIR Practitioner
As an MCSI Certified DFIR Specialist you will be fully capable of performing the following:
Processes and DLLs
Browser history and cookies
Web server logs
Remote code execution
Developing YARA rules
Capturing and indexing forensics artefacts
Baselining the enterprise network
Performing memory forensics at scale
Using Pandas to analyse large datasets
Open-source intelligence collection
Disk and filesystem forensics
Write digital forensics and incident response reports and briefings
Develop standard operating procedures and templates
I have never seen a training curriculum that teaches the in-depth technical capabilities required to be a DFIR consultant with the same depth that MCSI does. MCSI’s MDFIR does this perfectly!
Senior DFIR Consultant, Consulting Services
The MDFIR allowed us to immediately train our team at scale with the skills relevant to each one’s job description. In a technical field, the MDFIR shines through as truly technical certification that teaches advanced forensics and incident response techniques.
Cyber Incident Response Manager, Retail Industry
Awesome certification! Completing the exercise MCSI created for the MDFIR has increased what I can do in my day-to-day role. I have excelled, and the clients I work with are the ones who get the benefit. Thanks!
Lead DFIR Investigator, Financial Services
Why MCSI’s DFIR Certification is World Class
Comprehensive, Effective, Exceeds Standards
Holders of the DFIR Certification have completed 100 practical online exercises thus demonstrating that they have the skills and knowledge in the following areas: file analysis, disk and filesystem forensics, executable analysis, Windows forensics, memory forensics, threat intelligence and enterprise investigations.
Students who have obtained this Certification have demonstrated that they have a full understanding of the Windows operating system's internals for digital forensics, incident response and malware analysis purposes.
Students must complete dozens of practical digital forensics and incident response challenges that have been inspired from real-life investigations.