Need help/advice from people familiar with FOR508
joaoalemao
Member Posts: 12 ■□□□□□□□□□
in GIAC
Hi,
I currently hold a GCFE cert (did the FOR408 course), and I am thinking about pursuing the GCFA through attending the OnDemand FOR508. The course is unavailable until 20th of May, I believe they take it down a couple of times a year for updating. There is a 15% discount for registrations before the course is ready on 20th of May. Here is the upcoming course page:
Advanced Computer Forensic Analysis and Incident Response
After diving into the course syllabus and sections I noticed that hands-on exercises are done on not so modern OSs such as: Windows XP, Windows 7 and Server 2008. No presence of newer operating systems(like Windows 8 nor Server 2012)
My question to people that have taken the course or that are familiar with it is: ¿How important is to have hands on experience with later versions of windows on this particular course? Or maybe the way the course is approached, it is not that important because it focuses on a broader perspective more independent on the OSes involved?
Thank you very much for any of your opinions.
I currently hold a GCFE cert (did the FOR408 course), and I am thinking about pursuing the GCFA through attending the OnDemand FOR508. The course is unavailable until 20th of May, I believe they take it down a couple of times a year for updating. There is a 15% discount for registrations before the course is ready on 20th of May. Here is the upcoming course page:
Advanced Computer Forensic Analysis and Incident Response
After diving into the course syllabus and sections I noticed that hands-on exercises are done on not so modern OSs such as: Windows XP, Windows 7 and Server 2008. No presence of newer operating systems(like Windows 8 nor Server 2012)
My question to people that have taken the course or that are familiar with it is: ¿How important is to have hands on experience with later versions of windows on this particular course? Or maybe the way the course is approached, it is not that important because it focuses on a broader perspective more independent on the OSes involved?
Thank you very much for any of your opinions.
Comments
-
wastedtime Member Posts: 586 ■■■■□□□□□□I took the corse about 2 years ago and it was very OS agnostic or to put it better they would go over stuff from multiple OSes (Linux/Win). I do remember the instructor saying that 408 was basically windows forensics. I also remember constantly being in the SIFT Kit distro. As far as how new the OSes will be I am not sure. I know they are constantly working on the courses to keep them up to date but they may have not gotten to those yet.
-
joaoalemao Member Posts: 12 ■□□□□□□□□□ok, thank you very much for your reply. Good to have somebody else´s opinion:)
cheers,
J. -
docrice Member Posts: 1,706 ■■■■■■■■■■I just took this course in San Diego and I don't think it's all that important that Windows 8 and 2012 is not included. The course is more about understanding sound methodology about obtaining artifacts and looking at a larger collection of hosts to see how intrusions occur, the methods to find their pivot points, and how attackers might attempt to cover their tracks. The knowledge from FOR408 will help you in looking at the larger network, not just an individual hosts.Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/