DoD DCWF - Forensics Analyst

MCSI Certification

MFA - Certified Forensics Analyst

This comprehensive course is tailored for aspiring Forensics Analysts focused on mastering the acquisition and analysis of electronic evidence.

Participants will be trained in essential techniques to preserve evidence integrity, and all procedures performed will be meticulously documented to meet rigorous forensic standards. The curriculum covers a diverse range of evidence types, delivering a robust foundation in the theoretical and practical aspects of forensic analysis.

Upon completing this course, participants will be adept at conducting comprehensive forensic investigations on computer-based crimes, with a special emphasis on Windows environments. From evidence acquisition to detailed analysis and reporting, they will be equipped to manage the entire lifecycle of a forensic investigation, ensuring meticulous documentation and interpretation of digital evidence.

Intermediate Level MCSI Certification Advanced
ic-certificate Certification
ic-clock 600+ hours
ic-money $995
No Expiry, No Renewals

Course Overview

The course begins with an in-depth exploration of forensic image analysis. Participants will gain the skills to view data from a source computer as it existed at the time of imaging, helping to reconstruct past events. They will learn how to create and analyze timelines of files contained in these images, which is crucial for narrowing down the focus to pertinent files that warrant detailed examination.

Further training covers critical evidentiary locations within Windows operating systems, where significant digital artifacts can be retrieved. The curriculum includes the analysis of volatile data from computer RAM, enhancing understanding of system state at the time of incident. Participants will also delve into network traffic analysis to trace interactions between computers involved in suspicious activities, and scrutinize suspicious files and executables to reveal the extent of potential intrusions or breaches.

To bridge theory with real-world application, the course incorporates numerous case studies simulating complex forensic scenarios. Participants will be guided to create their own methodologies, integrating state-of-the-art practices to proficiently manage and solve forensic challenges. This hands-on approach ensures they are well-prepared to tackle actual forensic tasks in the field.

Upon completing this course, participants will emerge with advanced capabilities in:

  • Ensuring digital evidence integrity through established forensic verification methods.
  • Utilizing advanced tools for detailed forensic image analysis tailored to specific investigative needs.
  • Identifying hidden or anomalous files in forensic images, including steganography detection and OS functionality exploration.
  • Assessing security implications of executable files (MSI, Java, Python, EXE) to identify potential threats.
  • Retrieving critical forensic data from Windows systems, including event logs, Amcache hive, shadow copies, and prefetch files.
  • Conducting comprehensive static and dynamic analyses on suspect files to evaluate behavior and risk.
  • Investigating network intrusions and track threat actors using packet analysis tools like Wireshark.

Knowledge, Skills and Abilities You Will Acquire

MCSI is one of the most respected and trusted names in cyber security education and training. Our certifications teach critical skills, knowledge and abilities needed to advance a career in cyber security. Our courses are comprehensive and up-to-date, and our instructors are experienced professionals who are dedicated to helping students learn. MCSI provides the real-world skills and knowledge you need to protect any organization from cyber threats.

  • Lab Setup and Virtualization
  • File and Disk Forensics

    File and disk forensics are critical for forensics analysts as they involve the examination and recovery of digital evidence from storage devices, enabling the analysis of file metadata, deleted data, and file system artifacts to reconstruct events and identify potential security breaches or criminal activities.

    Understanding file and disk forensics is essential for uncovering crucial information such as file timestamps, user interactions, and file access patterns, which are fundamental for investigations, incident response, and legal proceedings in digital forensics.

    Analysing Shortcut Files

    Understanding shortcut files is crucial for forensics analysts as they often contain valuable metadata and references to files or locations, aiding in reconstructing user activities and identifying potentially malicious actions.

    Analysing RTF Files

    Analyzing RTF files is important for uncovering embedded objects, macros, and potential exploits, providing insights into document-based attacks and malicious payloads.

    Retrieving IOC from Files

    Extracting Indicators of Compromise (IOCs) from files helps forensics analysts identify specific threat signatures and patterns, facilitating threat detection and incident response efforts.

    Decompiling Executables

    Decompiling executables like Java, C#, or Python scripts helps forensics analysts analyze code logic, identify embedded threats, and understand program behavior, aiding in malware analysis and reverse engineering.

    Analysis of Forensic Images

    Analyzing forensic images provides valuable insights into the contents of a disk, enabling investigators to uncover a wealth of information. This includes identifying recently modified or deleted files, uncovering concealed data that may have been intentionally hidden, and detecting the potential presence of malicious files or suspicious activity.

  • Windows Forensics

    Windows forensics is crucial for forensics analysts due to the widespread use of Windows operating systems in both corporate and personal environments, making it a primary target for cyber attacks and investigations.

    Understanding Windows forensics allows analysts to extract valuable artifacts, analyze system activity, and reconstruct events to uncover evidence of malicious activities or security breaches, supporting incident response, legal proceedings, and overall digital investigations.

    Analysing Numerous Types of Windows Files (Prefetch Files, Event Logs, etc.)

    Analyzing various types of Windows files like prefetch files and event logs is critical for forensics analysts to gather system usage patterns, user activities, and timestamps, aiding in reconstructing events and identifying potential evidence of malicious activities.

    Retrieving Hidden Deleted Files

    Recovering hidden and deleted files is important in Windows forensics to access valuable evidence that may have been intentionally or unintentionally concealed, providing insights into user actions and potential data remnants critical for investigations.

    Analysing the Amcache Hive

    Examining the Amcache hive is essential for forensics analysts to retrieve information about application usage and executions on Windows systems, enabling the reconstruction of software activities and identifying potential indicators of compromise or unauthorized software usage.

  • Behavioral and Memory Analysis

    Behavioral and memory analysis are crucial for forensics analysts because they provide insights into the runtime behavior of systems and processes, allowing the identification of anomalous activities, malicious behaviors, and hidden artifacts that may evade traditional static analysis techniques.

    Understanding behavioral and memory analysis enables analysts to uncover sophisticated threats, investigate advanced malware, and reconstruct the sequence of events during a security incident, supporting comprehensive digital investigations and effective incident response strategies.

    Dynamically Analysing Malware with Sysmon, CAPE, etc.

    Conducting dynamic malware analysis using tools like Sysmon and CAPE is essential for forensics analysts to observe malware behavior in real-time, capture system events, and identify malicious activities to better understand and mitigate threats.

    Dynamically Analysing Malicious Network Connections

    Analyzing malicious network connections in real-time helps forensics analysts identify suspicious traffic patterns, detect command-and-control communications, and trace network-based activities associated with malware infections or security breaches.

    Dumping Windows RAM

    Extracting memory dumps from Windows systems is important for forensics analysts to capture volatile data such as running processes, network connections, and system artifacts, aiding in the investigation of active threats and incident response.

    Dumping Linux RAM

    Dumping RAM on Linux systems enables forensics analysts to retrieve volatile data and artifacts unique to Linux environments, providing insights into running processes, open files, and system configurations for forensic analysis and incident response.

    Dumping Android RAM

    Capturing RAM dumps from Android devices allows forensics analysts to access volatile data including running apps, cached information, and system state, aiding in the investigation of mobile device intrusions and data breaches.

    Retrieving Various Types of Concealed Data from Dumped Images

    Extracting concealed data from memory dumps and forensic images is critical for forensics analysts to uncover hidden artifacts, encrypted content, and obscured information that may contain evidence of malicious activities or security incidents.

    Utilizing Volatility Framework

    Using the Volatility framework is essential for forensics analysts to perform memory forensics, analyze memory dumps, and extract valuable artifacts and forensic indicators from volatile memory, supporting investigations of malware, intrusions, and system compromise.

  • Malware Analysis

    Malware analysis is crucial for forensic analysts because it allows them to dissect and understand malicious software to uncover its behavior, functionality, and impact on systems, aiding in the identification of threats and the development of effective mitigation strategies.

    By analyzing malware, forensic analysts can gather intelligence on attacker tactics, techniques, and procedures (TTPs), enabling proactive defense measures, incident response, and threat intelligence for better overall cybersecurity posture.

    Extracting Malware from Word and PDF Files

    Extracting malware from Word and PDF files is important for forensic analysts to analyze embedded malicious scripts or payloads, enabling the identification of malware delivery methods and evasion techniques used by threat actors.

    Monitoring Malware using APIMonitor

    Using APIMonitor to monitor malware behavior in runtime provides valuable insights into API calls, system interactions, and runtime activities, aiding forensic analysts in understanding malware functionality and impact on compromised systems.

    Utilizing Resource Hacker to Extract Embedded Malware

    Leveraging Resource Hacker to extract embedded malware from executables or binaries helps forensic analysts dissect malicious artifacts, analyze code snippets, and uncover hidden payloads, facilitating deeper malware analysis and threat intelligence gathering.

    Reverse Engineering Office Macros

    Reverse engineering Office macros is essential for forensic analysts to understand macro-based attacks, deobfuscate malicious scripts, and identify malicious behaviors triggered by macros in documents, enabling effective detection and mitigation of macro-based threats.

  • Documentation

    Documentation is crucial for forensic analysts because it ensures that investigative processes, findings, and methodologies are clearly recorded and communicated, supporting transparency, repeatability, and integrity of forensic examinations.

    Well-documented procedures and reports enable effective collaboration with stakeholders, legal teams, and law enforcement, facilitating comprehensive and accurate analysis of digital evidence for successful investigations and legal proceedings.

    Writing DFIR Documents

    Writing DFIR (Digital Forensics and Incident Response) documents is essential for forensic analysts to document investigation processes, findings, and conclusions in a structured and comprehensive manner, ensuring the integrity and admissibility of digital evidence for legal and investigative purposes.

    Writing Memory Forensics Standard Operating Procedures

    Developing standard operating procedures (SOPs) for memory forensics is crucial for forensic analysts to establish consistent methodologies, guidelines, and best practices for conducting memory analysis, ensuring accurate and repeatable processes for extracting and analyzing volatile data from digital systems.

DoD Cyber Workforce Framework KSATs

This course teaches the specific Knowledge, Skills, Abilities, and Tasks (KSATs) aligned with the DoD Cyber Workforce Framework (DCWF) as outlined in DoD 8140. By focusing on these critical competencies, the course ensures that you develop the essential capabilities required for various cybersecurity roles within the Department of Defense. This alignment not only guarantees that the training is relevant and comprehensive but also that it prepares you to meet the specific operational needs and standards of the DoD cyber workforce.

  • knowledge
    ID Description
    22 Knowledge of computer networking concepts and protocols, and network security methodologies.
    24 Knowledge of concepts and practices of processing digital forensic data.
    25A Knowledge of encryption algorithms, stenography, and other forms of data concealment.
    61 Knowledge of incident response and handling methodologies.
    90 Knowledge of operating systems.
    108 Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
    264 Knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).
    287 Knowledge of file system implementations (e.g., New Technology File System [NTFS], File Allocation Table [FAT], File Extension [EXT]).
    302 Knowledge of investigative implications of hardware, Operating Systems, and network technologies.
    316 Knowledge of processes for collecting, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or destruction of data.
    888 Knowledge of types of digital forensics data and how to recognize them.
    1086 Knowledge of data carving tools and techniques (e.g., Foremost).
    1092 Knowledge of anti-forensics tactics, techniques, and procedures.
    1093 Knowledge of common forensics tool configuration and support applications (e.g., VMWare, WIRESHARK).
    1158 Knowledge of cybersecurity principles.
    1159 Knowledge of cyber threats and vulnerabilities.
    6900 Knowledge of specific operational impacts of cybersecurity lapses.
    6935 Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).
    6938 Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.
    29 Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts and tools.
    105 Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
    113 Knowledge of server and client operating systems.
    114 Knowledge of server diagnostic tools and fault identification techniques.
    139 Knowledge of the common networking protocols (e.g., TCP/IP), services (e.g., web, mail, Domain Name Server), and how they interact to provide network communications.
    290 Knowledge of processes for seizing and preserving digital evidence (e.g., chain of custody).
    294 Knowledge of hacking methodologies in Windows or Unix/Linux environment.
    340 Knowledge of types and collection of persistent data.
    345 Knowledge of web mail collection, searching/analyzing techniques, tools, and cookies.
    346 Knowledge of which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files.
    889 Knowledge of deployable forensics.
    923 Knowledge of security event correlation tools.
    1033 Knowledge of basic system administration, network, and operating system hardening techniques.
    1036 Knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws), statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed.
    1072 Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
    1089 Knowledge of reverse engineering concepts.
    1094 Knowledge of debugging procedures and tools.
    1095 Knowledge of how different file types can be used for anomalous behavior.
    1096 Knowledge of malware analysis tools (e.g., Oily Debug, Ida Pro).
    1097 Knowledge of virtual machine aware malware, debugger aware malware, and packing.
    6210 Knowledge of cloud service models and possible limitations for an incident response.
  • skills
    ID Description
    217 Skill in preserving evidence integrity according to standard operating procedures or national standards.
    350 Skill in analyzing memory dumps to extract information.
    381 Skill in using forensic tool suites (e.g., EnCase, Sleuthkit, FTK).
    890 Skill in conducting forensic analyses in multiple operating system environments (e.g., mobile device systems).
    193 Skill in developing, testing, and implementing network infrastructure contingency and recovery plans.
    214 Skill in performing packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
    360 Skill in identifying and extracting data of forensic interest in diverse media (i.e., media forensics).
    364 Skill in identifying, modifying, and manipulating applicable system components within Windows, Unix, or Linux (e.g., passwords, user accounts, files).
    369 Skill in collecting, processing, packaging, transporting, and storing electronic evidence to avoid alteration, loss, physical damage, or destruction of data.
    374 Skill in setting up a forensic workstation.
    386 Skill in using virtual machines.
    1087 Skill in deep analysis of captured malicious code (e.g., malware forensics).
    1088 Skill in using binary analysis tools (e.g., Hexedit, command code xxd, hexdump).
    1091 Skill in one way hash functions (e.g., Secure Hash Algorithm [SHA], Message Digest Algorithm [MD5]).
    1098 Skill in analyzing anomalous code as malicious or benign.
    1099 Skill in analyzing volatile data.
    1100 Skill in identifying obfuscation techniques.
  • abilities
    ID Description
    908 Ability to decrypt digital data collections.
    6918 Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments.
  • tasks
    ID Description
    447 Conduct analysis of log files, evidence, and other information in order to determine best methods for identifying the perpetrator(s) of a network intrusion.
    480 Create a forensically sound duplicate of the evidence (i.e., forensic image) that ensures the original evidence is not unintentionally modified, to use for data recovery and analysis processes. This includes, but is not limited to, hard drives, floppy diskettes, CD, PDA, mobile phones, GPS, and all tape formats.
    482A Detect and analyze encrypted data, stenography, alternate data streams and other forms of concealed data.
    541 Provide technical summary of findings in accordance with established reporting procedures.
    564A Document original condition of digital and/or associated evidence (e.g., via digital photographs, written reports, hash function checking).
    573 Ensure chain of custody is followed for all digital media acquired in accordance with the Federal Rules of Evidence.
    613 Examine recovered data for information of relevance to the issue at hand.
    636 Identify digital evidence for examination and analysis in such a way as to avoid unintentional alteration.
    749 Perform dynamic analysis to boot an “image” of a drive (without necessarily having the original drive) to see the intrusion as the user may have seen it, in a native environment.
    752 Perform file signature analysis.
    753 Perform hash comparison against established database.
    768 Perform static media analysis.
    786 Prepare digital media for imaging by ensuring data integrity (e.g., write blockers in accordance with standard operating procedures).
    817 Provide technical assistance on digital evidence matters to appropriate personnel.
    839A Review forensic images and other data sources (e.g., volatile data) for recovery of potentially relevant information.
    871 Use specialized equipment and techniques to catalog, document, extract, collect, package, and preserve digital evidence.
    1081 Perform virus scanning on digital media.
    1082 Perform file system forensic analysis.
    1083 Perform static analysis to mount an “image” of a drive (without necessarily having the original drive).
    1085 Utilize deployable forensics tool kit to support operations as necessary.
    438A Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
    463 Confirm what is known about an intrusion and discover new information, if possible, after identifying intrusion via dynamic analysis.
    649 Identify, collect, and seize documentary or physical evidence, to include digital media and logs associated with cyber intrusion incidents, investigations, and operations.
    758 Perform real-time forensic analysis (e.g., using Helix in conjunction with LiveView).
    759 Perform timeline analysis.
    771 Perform tier 1, 2, and 3 malware analysis.
    792 Process crime scenes.
    825 Recognize and accurately report forensic artifacts indicative of a particular operating system.
    868 Extract data using data carving techniques (e.g., Forensic Tool Kit [FTK], Foremost).
    870 Capture and analyze network traffic associated with malicious activities using network monitoring tools.
    882 Write and publish cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies.
    944 Conduct cursory binary analysis.
    1084 Perform static malware analysis.

Career Outcomes

Our Forensics Analyst course equips you with the skills needed to investigate and analyze digital evidence. Through practical training, you will learn to collect, process, and preserve digital evidence, perform malware analysis, and use advanced forensic tools. Gain expertise in maintaining data integrity, conducting packet-level analysis, and providing technical assistance on digital evidence matters. By the end of the course, you will be prepared to support cyber defense operations and ensure the security of critical information systems.

Certification Detail

MCSI certifications are highly respected and sought-after credentials in the industry. Earning an MCSI certification is a testament to your knowledge and skillset, and demonstrates your commitment to excellence. The content is cutting-edge, uniquely-designed, and hands-on. Our exercises teach in-demand skills that are immediately applicable in the field.

The certifications are valid indefinitely and do not require any renewal fees. The training is accessible without any time limits.


Training Modules

This course provides you with multiple training modules, each of which is designed to teach you practical skills that can help you solve important cyber problems. Each module offers exercises that will help you build your skills and capabilities.

  • MFA-001: Lab setup - 4 exercises
  • MFA-101: File Analysis - 5 exercises
  • MFA-102: Disk and Filesystem Forensics - 3 exercises
  • MFA-103: Executable Analysis - 8 exercises
  • MFA-201: Windows Forensics - 8 exercises
  • MFA-202: Windows 10 Forensics - 2 exercises
  • MFA-203: Behavioral Analysis - 5 exercises
  • MFA-301: Memory Forensics - 9 exercises
  • MFA-302: Malware Analysis - 11 exercises
  • MFA-303: Memory Forensics Challenges - 3 exercises
  • MFA-304: Network Forensics Challenges - 6 exercises
  • MFA-401: Documentation - 5 exercises


Cyber professionals must be ready for everything. The typical security training strategy, which focuses on individual skills and tools, is insufficient. You must be able to operate as part of a team, see the big picture, and respond swiftly and effectively to unforeseen circumstances. That's why, as part of our training, we use replays of whole cyber missions. Our scenarios help you prepare for the demands of the job and give you confidence in your ability to work professionally.

  • MFA-SC-01: Business Email Compromise Investigation - 10 exercises
  • MFA-SC-02: Ransomware Investigation - 7 exercises
  • MFA-SC-03: Android Mobile Forensics Investigation - 10 exercises

Enroll now with lifetime access for $995


MCSI Industry Certifications are important for you to earn because they signify that you have the skills required to work in a cybersecurity. Certificates of Completion are also important to earn because they signify that you have completed an exercise. Earning Certificates of Completion and Industry Certifications demonstrates that you are willing to put in the extra work to be successful.




Obtain CPE points by solving exercises


Achieve multiple certifications


Receive help from instructors online

This certification is aligned with the DoD Cyber Workforce Framework (DoD 8140), ensuring you receive training that meets the standards and competencies required for cybersecurity roles within the Department of Defense. This alignment guarantees that you gain relevant, up-to-date skills and knowledge tailored to the specific needs of the DoD cyber workforce, effectively preparing you to support and secure defense operations.

Certificate Level Curriculum Completion Requirement Scenarios Completion Requirement
MCSI Forensics Analyst (Basic) Level 1 50% 0%
MCSI Forensics Analyst (Intermediate) Level 2 75% 50%
MCSI Forensics Analyst (Advanced) Level 3 95% 100%

Sample Exercises

Below are three (3) exercises from the 100+ exercises available in MCDFA - Certified Cyber Defence Forensics Analyst:

Use PE Studio To Analyze 5 Files On Your Computer


Dump The RAM Of A Linux Machine


Extract Malware From A PDF Document Using Origami


Our Instructors

Student exercises are reviewed and graded by multiple instructors. This one-of-a-kind approach allows you to get highly personalized input from a number of successful professionals.

MCSI's teachers bring real-world experience and knowledge to the classroom, ensuring that students have the skills they need to excel in the field of information security. Due to their extensive experience in penetration testing, vulnerability assessment, reverse engineering, incident response, digital forensics, and exploit development, students will understand the most up-to-date defensive and offensive cybersecurity strategies and procedures.

Our instructors are passionate about information security and are always looking to further their own knowledge. Students who attend an MCSI course can be confident that they are learning from some of the best in the business. They can adapt their teaching approaches to match the demands of any student, regardless of their degree of expertise.

The MCSI team strives to provide the most comprehensive and up-to-date cybersecurity training available. Whether you are a seasoned security professional or new to the field, MCSI has a course that will meet your needs.

Receive personalized feedback from cybersecurity experts:

  • Overcome challenges and hurdles preventing you from advancing your skills
  • Receive guidance on how to focus your training efforts and avoid wasting time
  • Learn how to meet the industry's quality standards and produce high-quality work
  • When you're stuck, go to a support forum or ask inquiries to the instructors right on the platform

Help and Support

24/7 Discord Community

If you're looking for additional support during your studies, consider joining our Discord server. Our community of fellow students and instructors is always available to provide help and answer any questions you may have.

Personalized Support

Your submissions will be reviewed by MCSI instructors, who will provide you with personalized feedback. This input is critical since it can assist you in identifying the areas where you need to enhance your skills. The instructor's feedback will also tell you how well you did an exercise and what you can do to improve your performance even further.

Click here to see an example of personalized feedback.

Our personalized support will take your skills to the next level. Read what a student says about it:

Quick Questions

If you have any questions or need clarification on any of the exercises, MCSI offers a Quick Questions section on each exercise where you can ask for help. This is a great resource to use if you need assistance. This feature is only available for paid courses.

Actively Maintained Course

This course is actively maintained to ensure that it is current and error-free. We want to ensure that you have the best possible experience while taking this course, which includes having access to accurate and current information. This course is also tested for flaws on a regular basis, so you can be sure you're getting a high-quality product.

This course is constantly updated with the support of trustworthy industry peers to ensure that students are acquiring the most up-to-date information and skills. This dedication to staying ahead of the curve is what distinguishes this course as one of the greatest in the market.


Training Laptop Requirement

This course can be completed on a standard training laptop. To ensure you have the necessary hardware to complete the course, your machine should meet the following specifications:

  • 64-bit Intel i5/i7 2.0+ GHz processor or equivalent
  • 8GB of RAM
  • Ability to run at least (1) virtual machine using Virtual Box, or an equivalent virtualization software
  • Windows 10 or later, macOS 10 or later, or Linux
  • Local administrator privileges
Do you support older operating systems?

Yes. Many of the exercises can be completed on older OS versions. A few of our students are successfully using older equipment to learn cyber security.

Proficiency in the English language

You must have the ability to comfortably read and understand IT documentation written in English. Ideally, they have an IELTS score of 6.5 with no band less than 6 (or equivalent).

Note: You can register for this course without having undertaken an English test.

Lab Environment

This course teaches you how to setup and configure your own cybersecurity lab.

There are numerous advantages to creating your own cybersecurity lab rather than paying for one. The cost savings are perhaps the most evident benefit. When compared to the expense of licensing a pre-built lab, creating your own lab can save you thousands of dollars. You also have the option of customizing the lab environment to meet your specific requirements. You can, for example, select the hardware and software that will be used in your lab.

Another advantage of setting up your own cybersecurity lab is that it allows you to learn new skills. Building a lab from the ground up necessitates knowledge of networking, system administration, and other technical subjects. This experience is invaluable in your career as a cybersecurity professional.

We frequently see students who can complete a task in a pre-built lab but cannot complete the same task at work. This is because these labs are meant to lessen work complexity, thereby creating an illusion of personal capabilities. It's also worth noting that you'll be expected to set up your own lab to test tools and techniques in the workplace. Employers may give you the resources to set up virtual computers and networks, but it will be up to you to manage the lab environment and maintain your tools.

Finally, you should know that pre-built labs are not commonly licensed by top cybersecurity professionals. They've realized that setting up a lab is simple, efficient, adaptable, cost-effective, and that it sparks creativity. It also nullifies risk of performing unauthorized actions against systems provisioned by a third-party.

Aptitude Test (Optional)

This is an advanced course. It includes exercises for novices but assumes that they have competent IT skills and a strong understanding of cybersecurity concepts.

Aptitude Test:

If you're not sure if you'll be able to fully enjoy this course, then contact us via email to organize a free aptitude test. This test will determine whether you meet the course's basic baseline criteria. If you've never studied with us before, it will also introduce you to the MCSI Method™.

Why MCSI's Vulnerability Assessment Analyst Certification is World Class

why MCSI

Comprehensive Vulnerability Assessment Training

The MVAA certification equips participants with rigorous training in vulnerability identification, assessment methodologies, and mitigation strategies, preparing them for real-world cybersecurity challenges.

why MCSI

Specialized Focus on Security Assessments

MVAA-certified analysts gain in-depth knowledge of penetration testing, compliance auditing, and security assessments across web applications, software, hosts, and networks, enabling them to conduct thorough evaluations and vulnerability assessments.

why MCSI

Proficiency in Report Drafting and Communication

The MVAA certification emphasizes the development of industry-standard reports that effectively communicate findings, recommendations, and remediation strategies to stakeholders, ensuring clarity and actionable insights from vulnerability assessments.

Enrollment and Fees


Terms and Conditions

  • No discounts
  • No refunds
  • No transfers
  • No renewal fees
  • No hidden fees
  • No time limits
  • Exercises must be completed on MCSI's Online Learning Platform
  • You'll also be charged GST if you live in Australia

Cooling-Off Policy

Received a full refund if you changed your mind about a purchase within 24 hours. No questions asked. Read the full details here.

Don't Buy This Course

Don't buy this course if you think learning cyber security is simple, that it will only take a few hours, that remembering a few concepts from videos and books would be enough, or, that you should be provided with walkthroughs and solutions to practical problems instead of thinking critically for yourself.

Our competitors are misleading you by claiming that their video courses and open-book theoretical certificates will teach you everything you need to know about cyber security. We recommend that you stay away from our courses until you've realized that cybersecurity requires hundreds of hours of training against difficult challenges under the watchful eye of experts encouraging you to improve your weaknesses. Only then will you understand the value of this course and the benefits that the MCSI Method™ can bring to your career. We only want satisfied customers.

When purchasing a course, you acknowledge that you understand and agree with our 100% practical MCSI Method™: no solutions, no walkthroughs, and you're expected to use critical thinking and research to solve the exercises. If you're not sure how this work, try our free version before buying.

How does MCSI Compare?

If you are looking for a certification that will give you an edge in the job market, look no further than MCSI certifications. Thanks to our innovative approach, cybersecurity training is more affordable and effective than traditional methods.

Our pricing is more affordable than our competitors because we have reinvented how cyber training is done online. Our innovative Online Learning Platform is highly effective at teaching cyber security. The platform provides a more engaging and interactive learning experience than traditional methods, which helps students learn and retain skills better. Try the free version and see for yourself.

Enroll now with lifetime access for $995

Bloom's Taxonomy

Bloom's Taxonomy is a system for categorizing distinct stages of intellectual growth. It is used in education to assist students comprehend and learn material more effectively. MCSI teaches students how to apply, analyze, evaluate, and create at the highest levels of the taxonomy. The majority of our competitors are simply concerned with getting you to remember concepts.

The intellectual developments outlined in Bloom's Taxonomy are directly tied to your capacity to advance in your cyber security career. Employers look for people who can solve challenges that are worth paying for. With us, you'll learn practical skills that are in demand and applicable to a wide range of cyber occupations.

Industry Recognized Skills

MCSI credentials are well-respected around the world, and organisations searching for people with real cyber security abilities seek them out. Obtaining an MCSI certification verifies your understanding of critical cyber security topics as well as your ability to provide real-world results.

The ability of MCSI's training programme to give students with real-world, hands-on experience is unrivalled. Students must conduct their own research and develop their own answers in order to complete our practical exercises, which are meant to give them the skills they need to be successful in the field.

With MCSI, you will build a comprehensive cybersecurity portfolio of your skills as you complete exercises. This portfolio is a powerful tool for displaying your cybersecurity knowledge and abilities. A portfolio, as opposed to typical resumes and paper-based credentials, presents a more thorough summary of your skills and accomplishments.

Students Feedback

Here's what students say about the MCSI Method™ and our Online Learning Platform:

Student Testimonials

Frequently Asked Questions

What is the MCSI Method™?

Common Questions

  • Are solutions included in certifications and bundles?
    • No. Our method of teaching cyber security consists of challenging you with real-world problem statements that you're expected to research and solve by doing your own research. This is how you'll be expected to work in the field. When you fail an exercise, we provide you with constructive feedback to improve and try again.
  • Do bundles, training content, or certificates ever expire? Am I expected to buy again in the future?
    • Upon purchase, bundles and certificates are permanently unlocked with no recurring or ongoing fees.
  • Do I need to buy the training and the certification separately?
    • No. The price provided covers both. You only pay once.
  • Do you offer any special offers and discounts?
    • We understand that many of our customers may be looking for discounts, and we would love to be able to offer them. However, we do not provide discounts because we believe that our prices are fair and reasonable. We work hard to keep our prices low, and we feel that discounts would be unfair to our other customers. We hope you understand.
  • If I can't solve the exercise where do I go for help?
  • Who reviews and marks exercises?
    • Trained cyber security instructors that work for Mossé Cyber Security Institute.
    • MCSI instructors are highly qualified and experienced professionals who are able to teach a variety of topics related to information security. They have the ability to tailor their teaching methods to meet the needs of each student, regardless of their experience level. In addition, they are always up-to-date on the latest trends and developments in information security, which enables them to provide students with the most relevant and current information.
  • We can't pay via credit card. Can you raise an invoice for wire payment instead?
    • Yes. Send us the list of bundles and certifications you want to purchase at [email protected]
  • Can I access a trial/demo the certification programmes prior to enrolling?
    • We provide a free curriculum with 100+ hours practical exercises you can try.
    • The Free Curriculum teaches Security Tools, Penetration Testing, Red Teaming, Threat Hunting, Cyber Defence, GRC and Windows Internals.
    • Try the Free Curriculum
  • Do you provide Continuing Professional Education (CPE) credits?
    • Yes. Every single exercise offers CPE credits. The number of credits earned depends on the difficulty of the exercise completed. Below are the CPE Credits achieve for an exercise in each difficulty:
    • Novice exercises = 1 CPE credits
    • Advanced Beginner exercises = 2 CPE credits
    • Competent exercises = 5 CPE credits
  • Do I need to complete an exam to receive MCSI Certification?
    • No. MCSI Certifications are completed by solving practical cybersecurity exercises.
  • Do I need to purchase cybersecurity tools or subscriptions?
    • No. Only free or trial versions are used in our exercises. You do not require making any purchases.

More Kind Words from Students

Enroll now with lifetime access for $995


We'll respond within 24 hours

Visit our Frequently Asked Questions (FAQ) page for answers to the most common questions we receive.

Ready to learn hands-on cyber security skills online?

Try 100 hours for free