Certification Programmes

MCSI Certification

MDFIR - Certified DFIR Specialist

An MCSI qualified professional Digital Forensics and Incident Response (DFIR) Specialist is capable of delivering enterprise-level incident response engagements.

Students who have successfully achieved their MDFIR Certification from MCSI can apply for digital forensics and incident response jobs worldwide with the confidence that they have the competencies the industry is seeking.

Register Now Course Overview
Intermediate Level MCSI Certification Intermediate
ic-certificate Certification
ic-clock 600+ hours
cpe-points 206.5
ic-money US$450
No Expiry, No Renewals


MCSI Certifications are world-class. The content is cutting-edge, uniquely-designed, hands-on and challenging. Our exercises teach in-demand skills that are immediately applicable in the field. MCSI's unique approach helps students around the world advance their careers.

This Certification has no expiry date. It has no renewal fees, no hidden fees, and is accessible with no time limits.

MCSI Certified DFIR Specialist:

  • Perform digital forensics investigations on Windows systems
  • Use memory forensics to identify and analyse modern APT samples
  • Perform network forensics on PCAP files to investigate intrusions
  • Analyse files, executables and malware samples
  • Identify and track adversary infrastructure based on IOCs generated from an investigation


Training Modules

  • Quickstarter: Lab Setup - 3 exercises
  • Quickstarter: Digital Forensics - 9 exercises
  • Lab setup - 4 exercises
  • Fundamental Capabilities - 5 exercises
  • Pandas Fundamentals - 9 exercises
  • File Analysis - 4 exercises
  • Disk and Filesystem Forensics - 1 exercises
  • Executable Analysis - 9 exercises
  • Windows Forensics - 6 exercises
  • Windows 10 Forensics - 2 exercises
  • Memory Forensics - 10 exercises
  • Malware Analysis - 11 exercises
  • Enterprise Investigations - 6 exercises
  • Threat Intelligence - 4 exercises
  • Incident Response Challenges - 9 exercises
  • Network Forensics Challenges - 6 exercises
  • Memory Forensics Challenges - 3 exercises
  • Incident Response Playbooks - 5 exercises
  • Documentation and Procedures - 4 exercises


  • Business Email Compromise Investigation - 10 exercises
  • Ransomware Investigation - 7 exercises
  • Android Mobile Forensics Investigation - 10 exercises

Sample Exercises

Below are three (3) exercises from the 100+ exercises available in MDFIR - Certified DFIR Specialist:

Dump The RAM Of A Windows Machine (Novice)


Analyse Malware From A Memory Dump Using The Volatility Framework (Advanced Beginner)


Perform Memory Forensics Of A Machine Compromised With Poweliks (Competent)


Enrolment and Fees


US$450 (+ GST if you're based in Australia).

Practical exercises must be completed online using MCSI's Online Learning Platform.

How to enrol

  1. Login/Register for MCSI's Online Learning Platform
  2. Select `Shop` from the left-side menu
  3. Find the MDFIR - Certified DFIR Specialist, select `Buy` and proceed through the checkout process. You can purchase using a Credit Card or PayPal
  4. Once you have enrolled in the MDFIR - Certified DFIR Specialist, the curriculum unlocks immediately
  5. In the left-side menu of the platform, select `Training & Education` then `MCSI Curriculums`, and you will see the MDFIR - Certified DFIR Specialist listed
Register Now

Terms and Conditions

  • No discounts
  • No refunds
  • No transfers
  • No renewal fees
  • No hidden fees
  • No time limits

Cooling-Off Policy

Receive a full refund if you change your mind about a purchase within 24 hours. No questions asked.

Read the full details here.

Student Testimonials

Here's what students say about the MCSI Method™ and our Online Learning Platform:

Student Testimonials


Training Laptop Requirement

This course can be completed on a standard training laptop. Below are some specifications that guarantee you can complete this course with your machine:

  • 64-bit Intel i5/i7 2.0+ GHz processor or equivalent
  • 8GB of RAM
  • Ability to run at least (1) virtual machine using Virtual Box, or an equivalent virtualization software
  • Windows 10 or later, macOS 10 or later, or Linux
  • Local administrator privileges
Do you support older operating systems?

Yes. Many of the exercises can be completed on older OS versions. Several of our students are successfully using older equipment to learn cyber security.

Proficiency in the English language

Ability to comfortably read and understand IT documentation written in English. Ideally, an IELTS score of 6.5 with no band less than 6 (or equivalent).

Note: You can register for this course without having undertaken an English test.

Prerequisite Knowledge

  • Using command line utilities and tools
  • Operating virtual machines
  • Troubleshooting and resolving software errors

Frequently Asked Questions

What is the MCSI Method™?

Common Questions

  • Are solutions included in certifications and bundles?
    • No. Our method of teaching cyber security consists of challenging you with real-world problem statements that you're expected to research and solve by doing your own research. This is how you'll be expected to work in the field. When you fail an exercise, we provide you with constructive feedback to improve and try again.
  • Do the videos provides the answers to exercises?
    • No. The videos teach concepts, mindset, methodologies, procedures and professional skills such as report writing, interviewing and preparing proposals.
  • Do bundles, training content, or certificates ever expire? Am I expected to buy again in the future?
    • Once purchased, bundles and certificates are unlocked forever. They are no recurring or ongoing fees.
  • Do I need to buy the training and the certification separately?
    • No. The price provided covers both. You only pay once.
  • Do you offer any special offers and discounts?
    • No.
  • If I can't solve the exercise where do I go for help?
  • Who reviews and marks exercises?
    • Trained cyber security instructors that work for Mossé Cyber Security Institute.
  • We can't pay via credit card. Can you raise an invoice for international wire payment instead?
    • Yes. Send us the list of bundles and certifications you want to purchase at [email protected]
  • Can I access a trial/demo the certification programmes prior to enrolling?
    • We provide a free curriculum with 82 practical exercises you can try.
    • The Free Curriculum teaches Security Tools, Penetration Testing, Red Teaming, Threat Hunting, Cyber Defence, GRC and Windows Internals.
    • Try the Free Curriculum
  • What is an `Unofficial Curriculum`?
    • An `Unofficial Curriculum` contains MCSI's practical exercises aligned to a non-MCSI Industry Certification syllabus.
    • We offer unofficial curriculums for the OSCP, ISACA CISA, ISACA CISM, ISACA CRISC, CCT ICE, CCSAS, CCT ACE.
  • Do you provide Continuing Professional Education (CPE) credits?
    • Yes. Every single exercise offers CPE credits. The number of credits earned depends on the difficulty of the exercise completed. Below are the CPE Credits achieve for an exercise in each difficulty:
    • Novice exercises = 1 CPE credits
    • Advanced Beginner exercises = 2 CPE credits
    • Competent exercises = 5 CPE credits
    • Proficient exercises= 8 CPE credits
    • Beyond Proficient exercises = 16 CPE credits
  • Are MCSI courses/certifications recognized and have value outside of Australia?
    • Yes. MCSI certifications have value worldwide and are recognized by employers looking for individuals with practical cyber security skills.
    • MCSI's training is 100% practical with real cybersecurity problems designed to teach immediately applicable skills in the field. To solve our practical exercises, students must do their own research and develop their own solutions.
    • While completing exercises, students also develop their own comprehensive cybersecurity portfolio of skills. Individuals use this portfolio to demonstrate their cybersecurity competencies to solve real industry problems to future employers or hiring managers.
  • Do I need to complete an exam to receive MCSI Certification?
    • No. MCSI Certifications are completed by solving practical cybersecurity exercises.

Career Outcomes

This certification successfully prepares you for the following roles:

  • Digital Forensics Analyst
  • Incident Responder
  • Security Operations Centre (SOC) Analyst
Certification Detail

Training Curriculum and Certifications

Students unlock Certificates of Completion for every exercise they complete. Industry Certifications are unlocked upon achieving Skills Proficiency Milestones.




Obtain CPE points by solving exercises


Achieve multiple certifications


Receive help from instructors online

MCSI's MDFIR certification covers all six levels of the Australian Signals Directorate's Cyber Skills Framework. You will achieve a certificate upon reaching each level. You will earn an industry certification at Level 5. Click here to learn more.

ASD Skills Proficiency Level Curriculum Completion Requirement Scenarios Completion Requirement
MCSI DFIR Learner Level 1 0% 0%
MCSI Novice DFIR Practitioner Level 2 20% 0%
MCSI DFIR Practitioner Level 3 50% 0%
MCSI Senior DFIR Practitioner Level 4 70% 0%
MCSI Certified Principal DFIR Practitioner Level 5 80% 0%
MCSI Certified Expert DFIR Practitioner Level 6 95% 0%

As an MCSI Certified DFIR Specialist you will be fully capable of performing the following:

  • File Analysis
    • exe
    • msi
    • a3x
    • pdf
    • doc
    • Ink
    • rf
  • Windows Forensics
    • Event Logs
    • Registry
    • Prefetch
    • ShimCache
    • AppCompatCache
    • AmCache
    • Networking
    • Account Usage
  • Memory Forensics
    • Volatility Framework
    • Windows Registry
    • Processes and DLLs
    • Process memory
    • Kernel objects
    • Networking
    • GUI
    • Code injection
    • YARA rules
  • Application Forensics
    • Browser history and cookies
    • Email clients
    • Microsoft Office
    • Web server logs
    • Database logs
  • Network Forensics
    • DGA algorithms
    • DNS tunnelling
    • Domain fronting
    • Remote code execution
    • Pass-the-hash attacks
    • Port knocking
  • Malware Analysis
    • Binary classification
    • Behavioral analysis
    • Static Analysis
    • IOC extraction
    • Developing YARA rules
  • Enterprise Investigations
    • Capturing and indexing forensics artefacts
    • Baselining the enterprise network
    • Static Analysis
    • Performing memory forensics at scale
    • Using Pandas to analyse large datasets
  • Threat Intelligence
    • Pivot analysis
    • Open-source intelligence collection
  • Disk and filesystem forensics
  • Write digital forensics and incident response reports and briefings
  • Develop standard operating procedures and templates


Why MCSI’s DFIR Certification is World Class

why MCSI MDFIR certification

Comprehensive, Effective, Exceeds Standards

Holders of the DFIR Certification have completed 100 practical online exercises thus demonstrating that they have the skills and knowledge in the following areas: file analysis, disk and filesystem forensics, executable analysis, Windows forensics, memory forensics, threat intelligence and enterprise investigations.

why MCSI MDFIR certification

Internals Focused

Students who have obtained this Certification have demonstrated that they have a full understanding of the Windows operating system's internals for digital forensics, incident response and malware analysis purposes.

why MCSI MDFIR certification

Practical, Field-Based

Students must complete dozens of practical digital forensics and incident response challenges that have been inspired from real-life investigations.

MCSI students have submitted over 13,000 practical online exercises since December 2018.

Information Security Professionals made a median salary of $103,590 in 2020. Cybersecurity roles are regularly ranked #1 jobs in the United States.

Invest $450, and in 5 weeks, you will be ready to apply for jobs with a salary of $75,000 to $150,000 per year.
Why spend between $10,000 to $45,000 on tuition to only get theoretical courses and wait for 2 to 4 years for piece of paper?
Act Now! - You are in control! - Sign-Up Now!


We'll respond within 24 hours

Visit our Frequently Asked Questions (FAQ) page for answers to the most common questions we receive.

Ready to learn hands-on cyber security skills online?

Register Now