CrCCI Certification

Being a Cer­ti­fied Cyber-Crime Investigator (CrCCI)

Once you have taken the renowned CrCCI course, how do you verify that you are now a qualified practitioner in the field?  What can future employers use to benchmark your expertise against other candidates?  How do you tell the world that you not only took the training but that you thrived under it and you are now ready to advance your career?

The answer is by undertaking the Certified Cyber-Crime Investigator exam.  By passing this exam, you will earn the right to call yourself an Certified Cyber-Crime Investigator and you can walk into future interviews confident that your knowledge and experience are backed by ACFP’s reputation and commitment to you as a certified member of our community.

Exam Rules & Specifications:

  • The exam is 100 questions.
  • You have 2hrs 30mins to complete the exam, after which all access will be cut off.
  • You must achieve a minimum score of 70% to pass the exam.
  • The questions will be drawn from CrCCI training, lecture and labs.
  • You do not have to take CrCCI training to attempt the exam but it is highly recommended.
  • Your purchase of the certification exam grants you access to one exam attempt, pass or fail.
  • The exam will be delivered online and you are free to take it at your convenience.  However, once you begin the exam, you cannot stop it.  We suggest you carefully block enough time for you to take the exam without interruption.
  • Upon successful completion, ACFP will mail your certificate and other materials to the address listed in your ACFP profile.  Ensure it is correct prior to taking the exam.

Frequently Asked Questions

  • What is the CrCCI training course?

    The CrCCI teaches students the skills necessary to respond to all kinds of cybercrime incidents, from initial incident response and digital crime scene evidence acquisition to advanced forensic analysis and tracking International cybercriminals across the Internet.

    The main goal for this course is to empower the nation’s cyber investigators with the knowledge, skills and abilities to undertake and successfully carry out their own investigations.  This course is the first step for investigators to turn the tables on cyber criminals who are fleecing legitimate economies worldwide of billions of dollars every year.


    Some Course highlights include:

    • 15  hands-on labs – devised of real world scenarios
    • Analysis of Windows forensic artifacts
    • Volatile memory analysis
    • Network intrusion investigations
    • Internet activity and email analysis
    • Network traffic data analysis
    • International cybercriminal profiling
    • Attack vector identification
    • Dynamic malware analysis
  • Who should take the CrCCI (Cyber-Crime Investigator) training course?

    Anybody whose job requires them to respond to cyber incidents, or anyone with an interest in cybercrime investigation, should take the CrCCI training course.  This course will help you by providing fast solutions to the following emergency situations:

    Corporate Risk/Security – Intellectual Property Theft Case:  Your Research and Development Director quits and goes to work for a competitor.

    Can you determine if he copied your company’s secrets to a USB drive to take with him?

    Police Investigations – Kidnapping Case: A child is taken from his home at night and the family receives an email with a proof-of-life picture and ransom demand.

    Can you extract IP addresses from the email headers to track the offender back to his location, or extract lat/long coordinates from the picture’s EXIF data to determine the exact location the picture was taken?

    Can you analyze the malware, determine its capabilities, identify its target data, and destroy its data exfiltration file before your corporate proprietary information is lost?

    Federal Cyber Agent – Botnet Investigation Case:  You’ve tracked botnet malware back to a specific set of command and control servers, but what’s the next step?

    Can you determine the server’s physical location in the world and research current and historical whois information?  Are you able to research other malicious domains associated with the same IP address and track Command and Control proxy servers back to specific malicious actors?


  • What is an ACFP Certified Cyber-Crime Investigator?

    Successful completion of the CrCCI training course is an accomplishment that students take great pride in.  The CrCCI certification is a professional credential that can be earned by successfully scoring an 70% or better on a comprehensive exam based on all 12 modules taught in the CrCCI training course.  Students that pass the Certified Cyber-Crime Investigator (CrCCI) exam will receive a printed and framed certificate to verify their accomplishment, and will be allowed to refer to themselves as an Certified Cyber-Crime Investigator (CrCCI).  They will be granted rights to use the ACFP logo as a professional affiliation or on their resume, and ACFP will verify their certifications to prospective employers.

    Certified Cyber-Crime Investigators are an elite group of professionals who have worked hard to study, practice, and prepare for real-life cybercrime investigations.  The ACFP is a key differentiator from other job seekers on the market.


  • Am I required to take the CrCCI training course to attempt the Certified Cyber-Crime Investigator Exam?

    No, anybody can attempt the Certified Cyber-Crime Investigator exam.  However, the CrCCI training course is a highly recommended prerequisite.  There simply is no other training equivalent to it in breadth and quality and it will be difficult, even for long-term, expert cybercrime investigators, to pass it without undertaking the training course first.

  • Why take the CrCCI training course?

    Cybercrime is epidemic. The headlines declare it daily:

    2014 – Home Depot is hacked, losing an estimated 55 million credit cards to the cybercrime underground.

    2013 – Russian Hackers steal 40 million credit cards from Target, resulting in approx $1 billion in losses to the company.

    2012 – The Shamoon virus destroys nearly 30,000 Saudi Aramco Computers, temporarily shutting down one of the world’s largest corporations.

    2011 – SONY data breach lost personal details and payment information for approximately 77 million customers, resulting in massive monetary loss and the temporary closure of the PlayStation Gaming Network.

    The corporations victimized in these situations were unprepared to respond to the attacks causing delayed investigations and reduced information flow to decision-making executives.  Eventually, they contracted out the investigations to high-priced consultants, whose investigative results were often too little, too late.

    CrCCI’s mission is to provide our students the knowledge and skills necessary to respond to network attacks immediately, analyze the evidence, produce actionable cyber-intelligence, and implement it to shore up security vulnerabilities before they become massive breaches like those mentioned above.

    There is a dearth of quality training in computer forensics, even less for hacker and malware focused investigations, and almost nothing that is available in a convenient online format that can be studied from the comfort of your own home, and fit to your own schedule.  ACFP fills this void by providing the finest cybercrime investigation training in the world, created and delivered by some of the world’s foremost experts in their field, and streamed directly to any Internet-connected device you choose to employ.


  • Does CrCCI only teach Hacker Investigations?

    No, while CrCCI does teach hacker and malware investigations, it is based on first teaching solid computer forensic practices and procedures that are applicable to all types of cybercrime.  This course teaches and is equally applicable to all subfields of cybercrime investigations.

  • What Makes ACFP CrCCI Different?

    There are a number of computer forensic training and certification programs available on the market, however, CrCCI stands alone because it was designed to teach the skills necessary to conduct modern cybercrime investigations against real-life criminals. It is based on real case examples and requires practical application of skills throughout a series of hands-on labs.

    What differentiates CrCCI?

    Focus on network intrusion investigations

    Introduction to malware analysis

    Cutting-edge techniques such as volatile memory analysis

    Entirely based on real-life cases and methodologies to respond to them

    Taught and designed by a recognized expert in worldwide cybercrime investigation and computer forensics


  • I do not have a technical background but I am interested in the topic; should I still take the CrCCI course?

    Yes, ACFP has taught many students with no technical background who still achieved a high level of success in the CrCCI course.  This is because this course begins at the most basic level of computer forensics, designed to welcome students who are new to the field to cybercrime investigations.  The course then reinforces the lecture and theory with labs that teach students how to utilize theory in real-life situations.  It is true that the CrCCI course eventually teaches some of the most advanced and cutting edge investigative techniques used in the field today but each technique is introduced in a clear and easy-to-understand manner.  This approach ensures that the CrCCI course is equally applicable to both brand new practitioners and veteran cybercrime investigators.

  • What Does Lab Intensive Mean?

    A primary tenant of the ACFP teaching pedagogy is that students cannot learn the highly technical practice of computer forensics, network intrusion, and malware analysis without intensive, hands-on experience.  Theory and academic knowledge are important but they are just a primer for real-life, practical experience.

    The ACFP Cybercrime Investigator course employs 15 different real-life analytical labs.  Each lab in this course is a step in the process of investigating a real life hacker attack on a victim computer infected with real-life malware.  The labs walk the student investigator through the process of identifying the malware, the attack vector, and understanding how the attacker conducted his evil activities on the victim computer.  The final labs teach cutting edge capabilities in the field of volatile memory analysis and dynamic analysis of the attacking malware.

    By the time the course is finished, the students have investigated an entire network intrusion, identified the attacker, the data breach, and analyzed the capability of the malware used in the attack.  ACFP teaches both academic knowledge and provides practical experience.  This is the only way to prepare students for the real world of Cybercrime investigation.


  • How often is the training course updated?

    Every 6 months, small scale updates are pushed to the course.  This may include tool version updates, changes to laws, or slide/ lecture corrections.  Every 2 years, all courses are fully reviewed and updated versions are released.

  • How much does the CrCCI Course and Certification exam cost?

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt