LER.me

Make All Learning Count.

Get Connected

  • What is a LER?
  • FAQs (opens in new tab)
  • Partner with Us
  • Visit EBSCOed (opens in new tab)

View our Policies

  • Accessibility (opens in new tab)
  • Standards (opens in new tab)
  • Terms of Use (opens in new tab)
  • Privacy Policy (opens in new tab)
  • Opt out (opens in new tab)

Get the app

Get it on Google PlayDownload on the App Store

© 2026 All rights reserved.

Powered by EBSCOed

Skip to main contentSkip to footer
  • Live Data
My LER
My LER
  1. Programs
  3. GIAC Certified Incident Handler (GCIH)

GIAC Certified Incident Handler (GCIH)

GIAC

Certification

Become a contributor for free to openly demonstrate student outcomes, industry alignment & eligibility criteria.

The GIAC Incident Handler (GCIH) certification validates a practitioner's ability to detect, respond, and resolve computer security incidents using a wide range of essential security skills. GCIH certification holders have the knowledge needed to manage security incidents by understanding common attack techniques, vectors and tools, as well as defend against and respond to such attacks when they occur.

Format

Hybrid

Eligibility Calculator

Which aid programs apply to this program?

Record QualityEligibility Calculators
Loading Skills & Competencies
Program Pathways

Credentials this program stacks toward

No program pathways.

Loading What You'll Learn
Program Details

Detailed information about this program

Areas Covered - Incident Handling and Computer Crime Investigation - Computer and Network Hacker Exploits - Hacker Tools (Nmap, Metasploit and Netcat) Who is GCIH for? - Incident handlers - Incident handling team leads - System administrators - Security practitioners - Security architects - Any security personnel that are first responders GCIH with CyberLive GIAC knows that cyber security professionals need: - Discipline-specific certifications - Practical testing that validates their knowledge and hands-on skills In response to this industry-wide need, GIAC developed CyberLive - hands-on, real-world practical testing. CyberLive testing creates a lab environment where cyber practitioners prove their knowledge, understanding, and skill using: - Actual programs - Actual code - Virtual machines Candidates are asked practical questions that require performance of real-world-like tasks that mimic specialized job roles. Exam Format 1 proctored exam 106 questions 4 hours Minimum passing score of 69% Note: GIAC reserves the right to change the specifications for each certification without notice. Based on a scientific passing point study, the passing point for the GCIH exam has been determined to be 69% for all candidates receiving access to their certification attempts on or after May 10th, 2025. To verify the format and passing point of your specific certification attempt, read the Certification Information found in your account at https://exams.giac.org/pages/attempts. Delivery NOTE: All GIAC Certification exams are web-based and required to be proctored. There are two proctoring options: remote proctoring through ProctorU, and onsite proctoring through PearsonVUE. Click here for more information. GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.

Requirements

What you need to earn this credential

No requirements listed.

Financial Aid

Eligible funding programs

No funding information available.

Scholarships

No scholarships listed.

Visit Program Website
Locations

Where this program is offered

No locations specified.

Loading Student Outcomes
Related Programs

Programs related to this one

No related programs.

Skills & Competencies

Skills developed through this program

  • Understand how to conduct password attacks
  • Identify and defend against an attacker already in an environment, discover methods used to establish persistence, hide their presence, and achieve actions on objectives
  • Identify and defend against the use of exploitation tools such as Metasploit and covert communications tools such as netcat
  • Identify and defend against endpoint specific attacks and pivoting in an environment
  • Exploit insecure web application references using common methods
  • Apply the PICERL and DAIR incident handling processes and address incident response challenges
Career Pathways

Occupations this program prepares you for

  • Digital Forensics Analysts15-1299.06
What You'll Learn

Key competencies developed through this program

Auto-populated·from NSX Competency Framework

Mastery: developing (Level 2)(based on Certification)

  • Forensic examination workflows — execute independently across common case types including malware incidents and data theft investigations with reduced oversight.
  • Network monitoring software — configure and run analyses on captured traffic data to identify intrusion indicators within a corporate network environment.
  • System malfunction diagnosis — troubleshoot recurring program and operating system errors, restoring normal functioning on forensic workstations with minimal guidance.
  • File system software — analyze NTFS, FAT, and ext4 artifacts routinely to recover deleted files and reconstruct user activity timelines.
  • Forensic reports — produce structured written findings that document methodology, evidence, and conclusions for review by senior analysts or legal teams.
  • Database forensics — query and interpret database logs and transaction records to support business problem analysis and fraud investigations.
  • Expert system software — apply established forensic suites such as EnCase or FTK to process digital evidence across standard case scenarios.
  • Active listening and interviewing — gather accurate technical information from witnesses and system users to inform forensic examination scope.
  • Computer program testing — test and monitor deployed forensic tools and scripts to ensure reliable performance across case environments.
  • Evidence triage — apply deductive reasoning to prioritize examination of digital artifacts based on investigative leads in time-sensitive cases.

Some details on this page are auto-populated from public workforce data sources: O*NET (opens in new tab), BLS (opens in new tab), College Scorecard (opens in new tab), DOL Training Provider Results (opens in new tab), NSX (opens in new tab). Provided in partnership with LER.me Career Intelligence.

Student Outcomes

Performance metrics for this program

Completion Rate
Not reported
Placement Rate
Not reported