Certification Programmes

MCSI Certification

MDFIR - Certified DFIR Specialist

An MCSI qualified professional Digital Forensics and Incident Response (DFIR) Specialist is capable of delivering enterprise-level incident response engagements.

Students who have successfully achieved their MDFIR Certification from MCSI can apply for digital forensics and incident response jobs worldwide with the confidence that they have the competencies the industry is seeking.

Register Now Course Overview
Intermediate Level MCSI Certification Intermediate
ic-certificate Certification
ic-clock 600+ hours
cpe-points 206.5
ic-money US$450
No Expiry, No Renewals


MCSI Certifications are world-class. The content is cutting-edge, uniquely-designed, hands-on and challenging. Our exercises teach in-demand skills that are immediately applicable in the field. MCSI's unique approach helps students around the world advance their careers.

This Certification has no expiry date. It has no renewal fees, no hidden fees, and is accessible with no time limits.

MCSI Certified DFIR Specialist:

  • Perform digital forensics investigations on Windows systems
  • Use memory forensics to identify and analyse modern APT samples
  • Perform network forensics on PCAP files to investigate intrusions
  • Analyse files, executables and malware samples
  • Identify and track adversary infrastructure based on IOCs generated from an investigation


Training Modules

  • Lab setup - 3 exercises
  • Fundamental Capabilities - 5 exercises
  • Pandas Fundamentals - 10 exercises
  • File Analysis - 4 exercises
  • Disk and Filesystem Forensics - 1 exercises
  • Executable Analysis - 9 exercises
  • Windows Forensics - 6 exercises
  • Windows 10 Forensics - 2 exercises
  • Memory Forensics - 10 exercises
  • Malware Analysis - 11 exercises
  • Enterprise Investigations - 7 exercises
  • Threat Intelligence - 5 exercises
  • Incident Response Challenges - 9 exercises
  • Network Forensics Challenges - 8 exercises
  • Memory Forensics Challenges - 5 exercises
  • Documentation and Procedures - 5 exercises


  • Ransomware Investigation - 7 exercises

Sample Exercises

Below are three (3) exercises from the 100+ exercises available in MDFIR - Certified DFIR Specialist:

Dump The RAM Of A Windows Machine (Novice)


Analyse Malware From A Memory Dump Using The Volatility Framework (Advanced Beginner)


Perform Memory Forensics Of A Machine Compromised With Poweliks (Competent)


Enrolment and Fees


US$450 (+ GST if you're based in Australia).

Practical exercises must be completed online using MCSI's Online Learning Platform.

How to enrol

  1. Login/Register for MCSI's Online Learning Platform
  2. Select `Shop` from the left-side menu
  3. Find the MDFIR - Certified DFIR Specialist, select `Buy` and proceed through the checkout process. You can purchase using a Credit Card or PayPal
  4. Once you have enrolled in the MDFIR - Certified DFIR Specialist, the curriculum unlocks immediately
  5. In the left-side menu of the platform, select `Training & Education` then `MCSI Curriculums`, and you will see the MDFIR - Certified DFIR Specialist listed

Terms and Conditions

  • No discounts
  • No refunds
  • No transfers
  • No renewal fees
  • No hidden fees
  • No time limits
Register Now


Proficiency in the English language

Ability to comfortably read and understand IT documentation written in English. Ideally, an IELTS score of 6.5 with no band less than 6 (or equivalent).

Note: You can register for this course without having undertaken an English test.

Prerequisite Knowledge

  • Using command line utilities and tools
  • Operating virtual machines
  • Troubleshooting and resolving software errors

Career Outcomes

This certification successfully prepares you for the following roles:

  • Digital Forensics Analyst
  • Incident Responder
  • Security Operations Centre (SOC) Analyst
Certification Detail

Training Curriculum and Certifications

Students unlock Certificates of Completion for every exercise they complete. Industry Certifications are unlocked upon achieving Skills Proficiency Milestones.




Obtain CPE points by solving exercises


Achieve multiple certifications


Receive help from instructors online

MCSI's MDFIR certification covers all six levels of the Australian Signals Directorate's Cyber Skills Framework. You will achieve a certificate upon reaching each level:

ASD Skills Proficiency Level Curriculum Completion Requirement Scenarios Completion Requirement
MCSI DFIR Learner Level 1 0% 0%
MCSI Novice DFIR Practitioner Level 2 20% 0%
MCSI DFIR Practitioner Level 3 50% 0%
MCSI Senior DFIR Practitioner Level 4 70% 0%
MCSI Certified Principal DFIR Practitioner Level 5 80% 0%
MCSI Certified Expert DFIR Practitioner Level 6 95% 0%

As an MCSI Certified DFIR Specialist you will be fully capable of performing the following:

  • File Analysis
    • exe
    • msi
    • a3x
    • pdf
    • doc
    • Ink
    • rf
  • Windows Forensics
    • Event Logs
    • Registry
    • Prefetch
    • ShimCache
    • AppCompatCache
    • AmCache
    • Networking
    • Account Usage
  • Memory Forensics
    • Volatility Framework
    • Windows Registry
    • Processes and DLLs
    • Process memory
    • Kernel objects
    • Networking
    • GUI
    • Code injection
    • YARA rules
  • Application Forensics
    • Browser history and cookies
    • Email clients
    • Microsoft Office
    • Web server logs
    • Database logs
  • Network Forensics
    • DGA algorithms
    • DNS tunnelling
    • Domain fronting
    • Remote code execution
    • Pass-the-hash attacks
    • Port knocking
  • Malware Analysis
    • Binary classification
    • Behavioral analysis
    • Static Analysis
    • IOC extraction
    • Developing YARA rules
  • Enterprise Investigations
    • Capturing and indexing forensics artefacts
    • Baselining the enterprise network
    • Static Analysis
    • Performing memory forensics at scale
    • Using Pandas to analyse large datasets
  • Threat Intelligence
    • Pivot analysis
    • Open-source intelligence collection
  • Disk and filesystem forensics
  • Write digital forensics and incident response reports and briefings
  • Develop standard operating procedures and templates


Why MCSI’s DFIR Certification is World Class

why MCSI MDFIR certification

Comprehensive, Effective, Exceeds Standards

Holders of the DFIR Certification have completed 100 practical online exercises thus demonstrating that they have the skills and knowledge in the following areas: file analysis, disk and filesystem forensics, executable analysis, Windows forensics, memory forensics, threat intelligence and enterprise investigations.

why MCSI MDFIR certification

Internals Focused

Students who have obtained this Certification have demonstrated that they have a full understanding of the Windows operating system's internals for digital forensics, incident response and malware analysis purposes.

why MCSI MDFIR certification

Practical, Field-Based

Students must complete dozens of practical digital forensics and incident response challenges that have been inspired from real-life investigations.


We'll respond within 24 hours

Visit our Frequently Asked Questions (FAQ) page for answers to the most common questions we receive.

Ready to learn hands-on cyber security skills online?

Register Now