Passed GCFE

cyberguyprcyberguypr Mod Posts: 6,928 Mod
As the title says, I passed GCFE Saturday with 89%. I took the class 2 months ago in DC (review here). Came back and spent some time reviewing the OnDemand course. I also hit the labs again to practice browser forensics and some of the tools. I took one of the practice tests and got a 79% without using the index. Not bad considering the sheer amount on minutiae covered. I then spent 2 weeks building the index, which ended up being 13 pages mostly detailing where every registry key for every artifact covered in the course is located. With so many similar keys is super easy to get them confused. The second practice exam using the index got me a 92%. I stuck to my "term, book, page, description" format as seen here: http://www.techexams.net/forums/sans-institute-giac-certifications/98047-passed-gcih.html.

The obligatory question is "what's next?" My boss was extremely generous and purchased and EnCase annual training passport for me so the immediate plan now is to hit the EnCase OnDemand training in order to prepare for the EnCe certification. I'm thinking to kill this by February/March. Once this is out of the way I need to decide which SANS course I'll be hitting in 2016. Right now I am debating between FOR 508, 578 Threat Intel, or 511 Continuous Monitoring. Most likely I will end up having my employer pay for one and do a second one out of pocket through Work Study here in Chicago.

Comments

  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Congrats! Would be excellent if you could post your thoughts on the EnCase on-Demand as it was something I was looking into.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    Congrats on the pass!!! I've heard from several people at the last SANS conference I attended for Work Study that even if you're not in forensics or handling forensics as a primary duty, FOR408 is still a good class to take. What are your thoughts?
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • RobicusRobicus Member Posts: 144 ■■■□□□□□□□
    What a rock star! You slayed another one.

    Congratulations. :)
    What's Next? eLearnSecurity's eCIR

    MSISE, CISSP, GSE (#202), GSEC, GCIA, GCIH, GPEN, GMON, GCFE, GCCC, GCPM, eJPT, AWS CCP
  • URG_PSH_FINURG_PSH_FIN Member Posts: 33 ■■□□□□□□□□
    Congrats!!
    MS in Information Assurance - Regis University

    2018 Goals - [ ] GSE Lab [ ] OSCP Enrollment
    Late 2018-Early 2019 Goals: [ ] RHCSA [ ] RHCE
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    I will definitely review the Encase OnDemand. My plan is to try it out and see how I like it, as I also have the option of going to the Chicago (suburbs) physical instructor-led training sessions. From her eon the office slows down so I should be able to do at least 2 session before the end of the year.

    My role is not 100% forensics, but when I forensicate it must be done the right way and it must be done quick. The class definitely helped optimize my process. One of the greatest aspects of the course is that it show you a boatload of Windows artifacts, how to process them manually, how to process them with tools, as well as the nuances from Windows XP through 10. The same applies for the most popular browsers, going from the oldest to the latest versions.
  • DAVIS NGUYENDAVIS NGUYEN Member Posts: 1,472 ■■■□□□□□□□
Sign In or Register to comment.