Train From Home on Your Schedule with OnDemand - Special Offers Available Now


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

GIAC Announces the GIAC Network Forensic Analyst Certification (GNFA)

A new security certification focused on the challenging field of network forensics

  • Bethesda, MD
  • October 7, 2014

GIAC Certifications is pleased to announce a new forensics certification, the GIAC Network Forensic Analyst (GNFA). The GNFA validates that professionals who hold this credential are qualified to perform examinations employing network forensic artifact analysis and demonstrate an understanding of the fundamentals of network forensics, normal and abnormal conditions for common network protocols, the process and tools used to examine device and system logs, wireless communication and encryption protocols. The GNFA exam will be released November 3, 2014 and pre-registration is now available with the SANS Advanced Network Forensics and Analysis course.

A certification in the Network Forensics realm will help practitioners demonstrate they are building their investigative skill set to include one of the newest segments of the broader digital forensic spectrum. A sharply increasing number of cases include network evidence. By formally establishing a baseline of knowledge and investigative skills, employers will have a trusted means of ascertaining a candidate's background in the network investigation area.

"The GNFA certification focuses heavily on the methods needed to investigate network-based evidence. A GNFA holder will be able to incorporate evidence from a wide variety of sources to improve the fidelity of their findings. This certification is designed to measure how the holder can analyze network data as a part of the investigation rather than focusing on a specific tool to do so," stated Phil Hagen, SANS Author and Certified Instructor.

In large-scale or enterprise forensic engagements, incident response professionals are discovering it is increasingly difficult to perform comprehensive full disk or traditional data forensics due to the overwhelming volume of data. By examining the network traffic and log data from infrastructure devices, analysts may be able to determine the source of malicious events, recover important files and determine what the bad guys did while on the network. Performing network forensics is a critical and foundational skill for analysts as the evidence can provide the validation necessary to show intent, or even definitively prove that a malicious activity or a crime has occurred.

The SANS Institute has developed specific training material and courseware to teach students the techniques and tools to properly conduct network forensic examinations. The Advanced Network Forensics and Analysis course is part of the SANS Institute's Digital Forensics curriculum that is comprised of cyber security courses designed specifically for professionals focused on digital forensics. This course will provide students with the tools and methods to conduct network investigations within environments of all sizes, using scenarios developed from real-world cases.

For any questions or help with registering for the GNFA certification exam, please email:

About GIAC
GIAC Certifications is a certification body featuring over 27 hands-on, technical certifications in information security. GIAC has certified over 50,000 IT security professionals since it was founded in 1999. Eleven GIAC certifications are accredited under the IEC/ISO/ANSI 17024 quality standard for certifying bodies. GIAC is an affiliate of the SANS Institute. (

SANS Media Contact

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions worldwide. Renowned SANS instructors teach more than 60 courses at In-Person and Live Online cyber security training events, and more than 50 courses are available anytime, anywhere with our OnDemand platform. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system – the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (