1 Analysis

1.1 Analyze forensic images

1.2 Apply procedural concepts required to use forensic tools

1.3 Apply basic malware analysis using NIST accepted forensic techniques and tools

1.4 Identify anti-forensics techniques

1.5 Determine the important content of event logs in forensics


2.1 Apply procedural concepts necessary to detect a hidden message inside a picture

2.2 Analyze a conversation between two endpoints from a PCAP file

2.3 Recognize that devices are kept in the same state as they were found

2.4 Determine how to gather evidence in a forensically sound manner

2.5 Apply procedural concepts required to discover evidence on different file systems

2.6 Apply procedural concepts required to gather evidence on different operating systems

2.7 Identify proper steps in network capture

2.8 Given a scenario, determine evidence of email crime


3.1 Determine and report logon/logoff times for a specific user

3.2 Verify the authenticity of evidence (e.g., hash value)

3.3 Summarize the proper handling of evidence

3.4 Outline the process for creating a forensically sound image

3.5 Apply evidence collection to the chain of custody

3.6 Discriminate between a live acquisition and static acquisition

Documentation and Reporting

4.1 Apply forensic investigation methodology

4.2 Identify the steps necessary to validate an emergency contact list for incident response

4.3 Analyze a scene to determine what should be visually documented

4.4 Report findings from a malware analysis

4.5 Identify the elements of a complete forensics report

4.6 Communicate the results of an investigation to an internal team

Cyber Forensics Fundamentals

5.1 Identify different types of cybercrimes

5.2 Communicate incident handling and the response process

5.3 Distinguish between steganography and cryptography

What is included in the course fees?

This Course Fee excludes your exam voucher. Unfortunately, the Certiport Assessment Centres do not allow tuition providers to pay for learners and request that a learner does so themselves. Due to the fluctuation of the exam costs (Rand-US Dollar exchange), we are unable to indicate accurate exam costs, so you will need to contact your closest Certiport Centre to determine this exam cost.  You can locate one closest to you here: www.certiport.com/Locator#.

Please, be aware that  all course materials are only offered online. In other words, you will not be receiving any hard copies of the textbook, and you will need to access all the required content through your online classroom, where you’ll be able to find the following course content:

  • A digital textbook (PDF) focused on all the content you’ll need to pass the exam successfully
  • Videos and Learning material to ensure you are coveredto understand practical concepts
  • Learning objectives and skills covered in each lesson
  • A glossary of key terms for each lesson
  • summary of what you will learn, as well as the important points on which to focus
  • Practice files OR quizzes to accompany the step-by-step exercises in your textbook
  • PDF summary of everything you’ve covered in the textbook
  • study guide and exercise files to help you with your exam prep
  • A set of mock exams to be covered before undertaking global exams.

Exam Dates

You can start studying whenever you want – there are no specific course starting dates.

All of our assessments are computer-based and, therefore, done online. You are required to book an exam appointment via our Campus Assessment Centre at least 2 weeks prior to your exam date to prepare for your assessme


Status: Accredited course

Type & reward: EC-Council Cyber Forensics Associate Certificate

Provided by: EC-Council Minimum credits: N/A

G-CITI Campus is a registered provider of Adobe  training programmes. Adobe is an industry leader in technological development and sets the de facto standard worldwide. They offer internationally recognised information technology certifications which provide valuable knowledge needed to begin or expand a career in information technology and development. They continuously update and develop their study programmes to keep up with technological advances, and they ensure that the exams are relevant to the IT industry.