The GIAC Network Forensic Analyst (GNFA) certification focuses on advanced analysis of network forensic artifacts, validating skills in understanding network forensics practices, interpreting network activity, and analyzing application activity. The certification is designed for incident response team members, forensic analysts/specialists, threat hunters, law enforcement officers, federal agents, detectives, SOC personnel, information security practitioners and managers, network defenders and engineers, and information technology professionals.
Exam Format: The certification exam is a proctored test with 66 questions to be completed in 3 hours. A minimum passing score of 70% is required.
Delivery: All GIAC Certification exams are web-based and proctored, with options for remote proctoring through ProctorU or onsite proctoring through PearsonVUE.
CyberLive: GIAC introduced CyberLive, a hands-on, practical testing environment where candidates use actual programs, code, and virtual machines to prove their knowledge and skills in real-world scenarios.
Exam Certification Objectives: The certification assesses skills in network architecture, protocols, protocol reverse engineering, encryption, NetFlow analysis, attack visualization, security event logging, network analysis tools, and open-source network security proxies.
- Common Network Protocols:
- Demonstrate understanding of the behavior, security risks, and controls of common network protocols.
- Encryption and Encoding:
- Demonstrate understanding of techniques and practices used to encode and encrypt common network traffic.
- Identify and understand common attacks on encryption and encoding controls.
- NetFlow Analysis and Attack Visualization:
- Be familiar with using NetFlow data and information sources to identify network attacks.
- Network Analysis Tool and Usage:
- Be familiar with open-source packet analysis tools.
- Understand the purpose of these tools in effectively filtering and rebuilding data streams for analysis.
- Network Architecture:
- Be familiar with the process of designing and deploying a network using diverse transmission and collection technologies.
- Network Protocol Reverse Engineering:
- Be familiar with the tools and techniques required to analyze diverse protocols and data traversing a network environment.
- Open Source Network Security Proxies:
- Demonstrate an understanding of the architecture, deployment, benefits, and weaknesses of network security proxies.
- Understand common log formats and the flow of data in a network environment.
- Security Event and Incident Logging:
- Be familiar with diverse log formats and protocols.
- Understand the security impact of event-generating processes.
- Demonstrate understanding of configuration and deployment strategies for securing and positioning logging aggregators and collection devices throughout a network environment.
- Wireless Network Analysis:
- Be familiar with the process of identifying and controlling risks associated with wireless technologies, protocols, and infrastructure.
These objectives aim to assess the candidate’s knowledge and skills in network forensics, covering a broad range of topics including protocol analysis, encryption, NetFlow analysis, network architecture, and security event logging.
Difficulty: 4 out of 5.
GNFA is tied (with GCIA) for my favorite GIAC cert so far, out of 7 earned. I loved the deep dives into protocols and the tools that parse them.
Before GNFA, I would always get sleepy from reading RFCs but not anymore. I have heard that network forensics are dead but I use that knowledge in all of my SOC/DFIR/Intel jobs.