Certification Programmes

MCSI Certification

MDFIR - Certified DFIR Specialist

An MCSI qualified professional Digital Forensics and Incident Response (DFIR) Specialist is capable of delivering enterprise-level incident response engagements.

Students who have successfully achieved their MDFIR Certification from MCSI can apply for digital forensics and incident response jobs worldwide with the confidence that they have the competencies the industry is seeking.

Register Now Course Overview
Intermediate Level MCSI Certification Intermediate
ic-certificate Certification
ic-clock 600+ hours
cpe-points 206.5
ic-money US$450
No Expiry, No Renewals

Overview

MCSI Certifications are world-class. The content is cutting-edge, uniquely-designed, hands-on and challenging. Our exercises teach in-demand skills that are immediately applicable in the field. MCSI's unique approach helps students around the world advance their careers.

This Certification has no expiry date. It has no renewal fees, no hidden fees, and is accessible with no time limits.

MCSI Certified DFIR Specialist:

  • Perform digital forensics investigations on Windows systems
  • Use memory forensics to identify and analyse modern APT samples
  • Perform network forensics on PCAP files to investigate intrusions
  • Analyse files, executables and malware samples
  • Identify and track adversary infrastructure based on IOCs generated from an investigation

Curriculum

Training Modules

  • Lab setup - 3 exercises
  • Fundamental Capabilities - 5 exercises
  • Pandas Fundamentals - 10 exercises
  • File Analysis - 4 exercises
  • Disk and Filesystem Forensics - 1 exercises
  • Executable Analysis - 9 exercises
  • Windows Forensics - 6 exercises
  • Windows 10 Forensics - 2 exercises
  • Memory Forensics - 10 exercises
  • Malware Analysis - 11 exercises
  • Enterprise Investigations - 7 exercises
  • Threat Intelligence - 5 exercises
  • Incident Response Challenges - 9 exercises
  • Network Forensics Challenges - 8 exercises
  • Memory Forensics Challenges - 5 exercises
  • Incident Response Playbooks - 5 exercises
  • Documentation and Procedures - 5 exercises

Scenarios

  • Ransomware Investigation - 7 exercises

Sample Exercises

Below are three (3) exercises from the 100+ exercises available in MDFIR - Certified DFIR Specialist:

Dump The RAM Of A Windows Machine (Novice)

exercise


Analyse Malware From A Memory Dump Using The Volatility Framework (Advanced Beginner)

exercise


Perform Memory Forensics Of A Machine Compromised With Poweliks (Competent)

exercise

Enrolment and Fees

Fees

US$450 (+ GST if you're based in Australia).

Practical exercises must be completed online using MCSI's Online Learning Platform.

How to enrol

  1. Login/Register for MCSI's Online Learning Platform
  2. Select `Shop` from the left-side menu
  3. Find the MDFIR - Certified DFIR Specialist, select `Buy` and proceed through the checkout process. You can purchase using a Credit Card or PayPal
  4. Once you have enrolled in the MDFIR - Certified DFIR Specialist, the curriculum unlocks immediately
  5. In the left-side menu of the platform, select `Training & Education` then `MCSI Curriculums`, and you will see the MDFIR - Certified DFIR Specialist listed

Terms and Conditions

  • No discounts
  • No refunds
  • No transfers
  • No renewal fees
  • No hidden fees
  • No time limits
Register Now

Requirements

Proficiency in the English language

Ability to comfortably read and understand IT documentation written in English. Ideally, an IELTS score of 6.5 with no band less than 6 (or equivalent).

Note: You can register for this course without having undertaken an English test.

Prerequisite Knowledge

  • Using command line utilities and tools
  • Operating virtual machines
  • Troubleshooting and resolving software errors

Frequently Asked Questions

What is the MCSI Method™?

Common Questions

  • Are solutions included in certifications and bundles?
    • No. Our method of teaching cyber security consists of challenging you with real-world problem statements that you're expected to research and solve by doing your own research. This is how you'll be expected to work in the field. When you fail an exercise, we provide you with constructive feedback to improve and try again.
  • Do the videos provides the answers to exercises?
    • No. The videos teach concepts, mindset, methodologies, procedures and professional skills such as report writing, interviewing and preparing proposals.
  • Do bundles, training content, or certificates ever expire? Am I expected to buy again in the future?
    • Once purchased, bundles and certificates are unlocked forever. They are no recurring or ongoing fees.
  • Do I need to buy the training and the certification separately?
    • No. The price provided covers both. You only pay once.
  • Do you offer any special offers and discounts?
    • No.
  • If I can't solve the exercise where do I go for help?
  • Who reviews and marks exercises?
    • Trained cyber security instructors that work for Mossé Cyber Security Institute.
  • We can't pay via credit card. Can you raise an invoice for international wire payment instead?
    • Yes. Send us the list of bundles and certifications you want to purchase at [email protected]
  • Can I access a trial/demo the certification programmes prior to enrolling?
    • We provide a free curriculum with 82 practical exercises you can try.
    • The Free Curriculum teaches Security Tools, Penetration Testing, Red Teaming, Threat Hunting, Cyber Defence, GRC and Windows Internals.
    • Try the Free Curriculum
  • What is an `Unofficial Curriculum`?
    • An `Unofficial Curriculum` contains MCSI's practical exercises aligned to a non-MCSI Industry Certification syllabus.
    • We offer unofficial curriculums for the OSCP, ISACA CISA, ISACA CISM, ISACA CRISC, CCT ICE, CCSAS, CCT ACE.
  • Do you provide Continuing Professional Education (CPE) credits?
    • Yes. Every single exercise offers CPE credits. The number of credits earned depends on the difficulty of the exercise completed. Below are the CPE Credits achieve for an exercise in each difficulty:
    • Novice exercises = 1 CPE credits
    • Advanced Beginner exercises = 2 CPE credits
    • Competent exercises = 5 CPE credits
    • Proficient exercises= 8 CPE credits
    • Beyond Proficient exercises = 16 CPE credits
  • Are MCSI courses/certifications recognized and have value outside of Australia?
    • Yes. MCSI certifications have value worldwide and are recognized by employers looking for individuals with practical cyber security skills.
    • MCSI's training is 100% practical with real cybersecurity problems designed to teach immediately applicable skills in the field. To solve our practical exercises, students must do their own research and develop their own solutions.
    • While completing exercises, students also develop their own comprehensive cybersecurity portfolio of skills. Individuals use this portfolio to demonstrate their cybersecurity competencies to solve real industry problems to future employers or hiring managers.
  • Do I need to complete an exam to receive MCSI Certification?
    • No. MCSI Certifications are completed by solving practical cybersecurity exercises.

Career Outcomes

This certification successfully prepares you for the following roles:

  • Digital Forensics Analyst
  • Incident Responder
  • Security Operations Centre (SOC) Analyst
Certification Detail

Training Curriculum and Certifications

Students unlock Certificates of Completion for every exercise they complete. Industry Certifications are unlocked upon achieving Skills Proficiency Milestones.

1
ic-step-1

Student

2
ic-step-2

Obtain CPE points by solving exercises

3
ic-step-3

Achieve multiple certifications

4
ic-step-4

Receive help from instructors online

MCSI's MDFIR certification covers all six levels of the Australian Signals Directorate's Cyber Skills Framework. You will achieve a certificate upon reaching each level. You will earn an industry certification at Level 5. Click here to learn more.

ASD Skills Proficiency Level Curriculum Completion Requirement Scenarios Completion Requirement
MCSI DFIR Learner Level 1 0% 0%
MCSI Novice DFIR Practitioner Level 2 20% 0%
MCSI DFIR Practitioner Level 3 50% 0%
MCSI Senior DFIR Practitioner Level 4 70% 0%
MCSI Certified Principal DFIR Practitioner Level 5 80% 0%
MCSI Certified Expert DFIR Practitioner Level 6 95% 0%

As an MCSI Certified DFIR Specialist you will be fully capable of performing the following:

  • File Analysis
    • exe
    • msi
    • a3x
    • pdf
    • doc
    • Ink
    • rf
  • Windows Forensics
    • Event Logs
    • Registry
    • Prefetch
    • ShimCache
    • AppCompatCache
    • AmCache
    • Networking
    • Account Usage
  • Memory Forensics
    • Volatility Framework
    • Windows Registry
    • Processes and DLLs
    • Process memory
    • Kernel objects
    • Networking
    • GUI
    • Code injection
    • YARA rules
  • Application Forensics
    • Browser history and cookies
    • Email clients
    • Microsoft Office
    • Web server logs
    • Database logs
  • Network Forensics
    • DGA algorithms
    • DNS tunnelling
    • Domain fronting
    • Remote code execution
    • Pass-the-hash attacks
    • Port knocking
  • Malware Analysis
    • Binary classification
    • Behavioral analysis
    • Static Analysis
    • IOC extraction
    • Developing YARA rules
  • Enterprise Investigations
    • Capturing and indexing forensics artefacts
    • Baselining the enterprise network
    • Static Analysis
    • Performing memory forensics at scale
    • Using Pandas to analyse large datasets
  • Threat Intelligence
    • Pivot analysis
    • Open-source intelligence collection
  • Disk and filesystem forensics
  • Write digital forensics and incident response reports and briefings
  • Develop standard operating procedures and templates

Testimonials

Why MCSI’s DFIR Certification is World Class

why MCSI MDFIR certification

Comprehensive, Effective, Exceeds Standards

Holders of the DFIR Certification have completed 100 practical online exercises thus demonstrating that they have the skills and knowledge in the following areas: file analysis, disk and filesystem forensics, executable analysis, Windows forensics, memory forensics, threat intelligence and enterprise investigations.

why MCSI MDFIR certification

Internals Focused

Students who have obtained this Certification have demonstrated that they have a full understanding of the Windows operating system's internals for digital forensics, incident response and malware analysis purposes.

why MCSI MDFIR certification

Practical, Field-Based

Students must complete dozens of practical digital forensics and incident response challenges that have been inspired from real-life investigations.

DO YOU HAVE A QUESTION?

We'll respond within 24 hours

Visit our Frequently Asked Questions (FAQ) page for answers to the most common questions we receive.

Ready to learn hands-on cyber security skills online?

Register Now