Passed GCFE

As the title says, I passed GCFE Saturday with 89%. I took the class 2 months ago in DC (review here). Came back and spent some time reviewing the OnDemand course. I also hit the labs again to practice browser forensics and some of the tools. I took one of the practice tests and got a 79% without using the index. Not bad considering the sheer amount on minutiae covered. I then spent 2 weeks building the index, which ended up being 13 pages mostly detailing where every registry key for every artifact covered in the course is located. With so many similar keys is super easy to get them confused. The second practice exam using the index got me a 92%. I stuck to my "term, book, page, description" format as seen here: http://www.techexams.net/forums/sans-institute-giac-certifications/98047-passed-gcih.html.

The obligatory question is "what's next?" My boss was extremely generous and purchased and EnCase annual training passport for me so the immediate plan now is to hit the EnCase OnDemand training in order to prepare for the EnCe certification. I'm thinking to kill this by February/March. Once this is out of the way I need to decide which SANS course I'll be hitting in 2016. Right now I am debating between FOR 508, 578 Threat Intel, or 511 Continuous Monitoring. Most likely I will end up having my employer pay for one and do a second one out of pocket through Work Study here in Chicago.

Find more posts tagged with

Comments

the_Grinch

Congrats! Would be excellent if you could post your thoughts on the EnCase on-Demand as it was something I was looking into.

JoJoCal19

Congrats on the pass!!! I've heard from several people at the last SANS conference I attended for Work Study that even if you're not in forensics or handling forensics as a primary duty, FOR408 is still a good class to take. What are your thoughts?

Robicus

What a rock star! You slayed another one.

Congratulations.

URG_PSH_FIN

Congrats!!

cyberguypr

I will definitely review the Encase OnDemand. My plan is to try it out and see how I like it, as I also have the option of going to the Chicago (suburbs) physical instructor-led training sessions. From her eon the office slows down so I should be able to do at least 2 session before the end of the year.

My role is not 100% forensics, but when I forensicate it must be done the right way and it must be done quick. The class definitely helped optimize my process. One of the greatest aspects of the course is that it show you a boatload of Windows artifacts, how to process them manually, how to process them with tools, as well as the nuances from Windows XP through 10. The same applies for the most popular browsers, going from the oldest to the latest versions.

DAVIS NGUYEN

Congrats!