skip to main content

Certified Forensic Security Responder (CFSR) Certification

Learn the fundamentals of how to conduct thorough, professional, incident investigations from OpenText™ cyber-security experts who will guide you step-by-step through the process and certify your new-found knowledge.

Program benefits

he Certified Forensic Security Responder (CFSR) certification illustrates that an investigator is a skilled incident responder. It acknowledges professionals who have mastered the necessary skills to prepare for cyber attacks, perform attack detection, validate and prioritize alerts, and contain cyber incidents. In addition, it demonstrates the professional's ability to conduct root-cause analysis, manage a cyber breach remediation process, and evaluate lesson learned.

CFSR requirements and process

Step 1: Training and experience requirements

Candidates for the CFSR are required to attend the OpenText Incident Investigation and Host Intrusion Methodology and Investigation courses or have 12 months experience in the field of incident investigations.

Step 2: Complete the CFSR application

Download and complete the application and send it to the Certification Coordinator:

OpenText
Attn: Certification Coordinator
1055 East Colorado Boulevard, Suite 400
Pasadena, CA 91106-2375
EnCaseCertification@opentext.com

Step 3: Register for test

Once the application has been received and approved, you will be contacted by the Certification Coordinator for the test payment, which can be paid by credit card, check, or purchase order. The testing fee is $500.00 USD. The OpenText Learning Subscriptions do not include the price of the exam fee.

Step 4: Take Phase I (written exam)

The Phase I written exam is a true/false, multiple-choice test taken through ExamBuilder. You will have two and half hours to complete this test. Minimum passing score is 80%.

Those who fail must wait sixty (60) days prior to retesting. If your organization or personal information changes prior to retesting, you will need to submit a new application.

Step 5: Take Phase II (practical exam)

Those who pass the Phase I test will be provided with the Phase II test through ExamBuilder. Minimum passing score is 80%.

If the minimum passing score is not achieved, participants will be given one opportunity to resubmit their Phase II exam for regrading. Those who do not achieve the minimum passing score after the second submission must wait sixty (60) days before retesting; an eligibility date is provided via email. A participant must contact the Certification Coordinator on their retest eligibility date. Failure to contact the Certification Coordinator on your eligibility date will require a participant to start from Phase I of the testing process. If the minimum score is not reached after retaking Phase II, you must begin the retesting process from Phase I.

Step 6: CFSR certification and renewal process

CFSR certifications are valid for three years from date obtained. The cost to renew your CFSR certification is $250.00 USD if the renewal process is begun before expiration.

CFSRs are responsible for knowing their certification expiration date. Should your certification expire and the requirements are not fulfilled before the expiration date, you will be required to restart the CFSR process from Phase I and the cost is $500.00 USD. Extensions will not be granted. If you are unsure of your expiration date, please contact us.

CFSRs are required to achieve one of the following items prior to their expiration date in order to renew:

  • Attend a minimum of thirty-two (32) credit hours of documented, continuing education in computer forensics or incident response to maintain the certification.
  • Achieve a computer forensics or incident response related certification within the renewal period.
  • Attend one Enfuse conference and the required number of labs or lectures noted on the renewal form within the renewal period.

Contacting any OpenText trainers while you are undergoing the testing process (Phase I and/or II) will be considered cheating and result in immediate failure and exclusion from future testing.