GIAC Certified Incident Handler (GCIH): Complete Guide 2026
Advanced incident response and threat handling certification from SANS.
What is GIAC GCIH?
GIAC Certified Incident Handler (GCIH) validates the ability to detect, respond to, and resolve security incidents. It covers attack techniques, tools, and incident handling procedures, making it essential for SOC analysts and incident responders.
GCIH goes beyond detection to teach you how attackers think, helping you better defend against real-world threats.
Quick Exam Facts
- Exam Format: 106-150 questions
- Duration: 4 hours
- Passing Score: 70%
- Cost: $949 USD (exam only)
- SANS Course: SEC504 (recommended, ~$8,500)
- Open Book: Yes (bring your own index)
- Validity: 4 years
Exam Topic Areas
| Category | Topics |
|---|---|
| Incident Handling | IR process, containment, eradication, recovery |
| Computer Crime | Investigation, evidence handling, legal issues |
| Hacker Techniques | Reconnaissance, exploitation, post-exploitation |
| Tools | Metasploit, Nmap, Wireshark, password crackers |
| Network Attacks | DoS, spoofing, MITM, session hijacking |
| Malware Analysis | Worms, trojans, rootkits, botnets |
Incident Handling Process
- Preparation: Policies, procedures, team readiness
- Identification: Detecting and validating incidents
- Containment: Limiting damage and spread
- Eradication: Removing threat from environment
- Recovery: Restoring systems to normal
- Lessons Learned: Post-incident analysis
Attack Categories Covered
- Reconnaissance and scanning techniques
- Password attacks and credential theft
- Web application attacks
- Privilege escalation
- Lateral movement
- Data exfiltration
GCIH vs CEH Comparison
| Criteria | GCIH | CEH |
|---|---|---|
| Focus | Defensive + Offensive | Primarily Offensive |
| Depth | Very deep | Broad coverage |
| Duration | 4 hours | 4 hours |
| Cost | $949+ | $1,199 |
| Industry Preference | Premium defensive roles | Pen testing entry |
Career Impact
- Average salary: $100,000 - $140,000 USD
- Incident Response and SOC Lead roles
- Required for many government positions
- Highly valued in enterprise security teams
Plan Your Study Journey
Use our free tools to optimize your preparation