EnCase Certified Examiner (EnCE) Review

Although it is vendor-specific, EnCE is considered to be one of the top certifications in digital forensics and most covers most job postings regarding forensics.

The requirements to have this certificate:
– 64 Hours of official training Or 12 months of digital forensics experience.
– Passing exam phase I (multiple choices) and phase II (scenario and lab).

[My Path]
I’ve attended four on-demand courses from Guidance:
– Foundations in Digital Forensics with EnCase
– EnCase(R) Computer Forensics II
– EnCase(R) Computer Forensics I
– EnCe Prep Course

This path was expensive and long-term as it needed for me to be ready for the exam about 6 months.

My friend has more than one year experience in EnCase, so he applied for the exam without any course. For this case, Guidance will ask for proof of experience.

[Exam Phase I]
It is objective assessment with multiple-choice questions vary from general questions about computers, filesystem and Guidance forensic methodology. You can study from “EnCE Study Guide” which available and I believe you will not get less than 50%. I’ve passed the exam with 97% score :D.

[Exam Phase II]
This exam is to show how you do forensic practically using EnCE. I’ve got a harddisk image with PDF. In the PDF there are the description about the case and 15 questions which you need to do investigation in the image in order to be able to answer them. The output of this exam phase is a report contains all answers with evidences. There is no score for this part, but only pass or fail.

[Certification]
After submitting the report, it took about 3 weeks to be officially certified with EnCE.

Leave a Reply

Your email address will not be published. Required fields are marked *