I recently took and passed the GCFA certification exam for forensic analysis. It was an interesting and educational experience, touching on logfile analysis, memory forensics, deep filesystem analysis, and timeline generation. Most of the content focused on Windows (event logs, NTFS filesystem formats, etc); I’m looking forward to finding a matching course with a Linux focus.
