GCFA

GIAC Certified Forensic Analyst

GIACPersonnel certification (ISO 17024)Security Operations

Created per CertMap methodology · Updated 12 May 2026 · About the editorial team →

▾ Jump to …4 sections

Overview

What is GCFA?

The GIAC Certified Forensic Analyst (GCFA) is a highly respected certification in digital forensics and incident response, based on the SANS course FOR508. It validates competency in Windows system analysis, memory forensics, timeline analysis, and investigation of Advanced Persistent Threats (APTs). The open-book, proctored exam with practical CyberLive exercises ensures that not only theoretical knowledge but also practical skills are tested. GCFA is highly valued by incident response teams and forensic units; in German-speaking regions it is well known but, due to high SANS course costs, primarily prevalent in larger enterprises and government agencies.

Suitable for

SOC Analyst (Entry-level/Tier 1)

Junior Incident Responder

IT Administrator with Security Focus

Career Changer to Cybersecurity

IT Security Student

Quick facts

AccreditationISO/IEC 17024 by ANAB

Languagesen

RecognitionGlobal

Key details

Cost, prerequisites, exam & renewal

Cost over 5 years

Exam fee (acquisition)€8,744

Renewal fees (5 years)€441

5-year total€9,185

How is TCO calculated? →

Classification

CertMap score and matching roles

Rating

Market recognition2 / 32 / 3

Scheme quality2 / 32 / 3

Practice evidence2 / 32 / 3

Maintenance2 / 32 / 3

Matching NICE roles

Defensive Cybersecurity Cybercrime Investigation Digital Evidence Analysis Digital Forensics Incident Response

Mapping from NIST NICE Framework SP 800-181, status 2025. NIST source ↗

More certifications

From GIAC

GASAEGIAC AI Security Automation Engineer GCIHGIAC Certified Incident Handler GICSPGIAC Global Industrial Security Professional GOAAGIAC Offensive AI Analyst GPENGIAC Certified Penetration Tester GSEGIAC Security Expert GSECGIAC Security Essentials Certification

In Security Operations

CCOAISACA CySA+CompTIA GCIHGIAC MAD CTIMITRE Engenuity MAD FundamentalsMITRE Engenuity MAD Purple TeamingMITRE Engenuity MAD SOCAMITRE Engenuity MAD Threat HuntingMITRE Engenuity PECB CCTAPECB PECB CIRPECB PECB LCFEPECB

This page follows CertMap methodology: editorial content is curated by hand. Score, costs and NICE mapping are aggregated from official provider documents. Score methodology → · TCO methodology →

Transparency: CertMap is operated by Daniel Thomas Heessel, who is also managing director of Threat‑Informed, a company specialising in Threat‑Informed Defense. He additionally offers consulting services on CertMap. CertMap currently receives no commissions from certification providers, no affiliate links, no sponsored placements. Podcast and interview guests are not paid for appearances and receive no affiliate commissions.

From the knowledge base

View all articles →

Methodology

About the CertMap editorial team

CertMap is an independent platform for comparing cybersecurity certifications, built on data-journalism standards that combine editorial curation with mechanical aggregation.

3 min read

Fundamentals