Options
Passed GCFE
cyberguypr
Mod Posts: 6,928 Mod
in GIAC
As the title says, I passed GCFE Saturday with 89%. I took the class 2 months ago in DC (review here). Came back and spent some time reviewing the OnDemand course. I also hit the labs again to practice browser forensics and some of the tools. I took one of the practice tests and got a 79% without using the index. Not bad considering the sheer amount on minutiae covered. I then spent 2 weeks building the index, which ended up being 13 pages mostly detailing where every registry key for every artifact covered in the course is located. With so many similar keys is super easy to get them confused. The second practice exam using the index got me a 92%. I stuck to my "term, book, page, description" format as seen here: http://www.techexams.net/forums/sans-institute-giac-certifications/98047-passed-gcih.html.
The obligatory question is "what's next?" My boss was extremely generous and purchased and EnCase annual training passport for me so the immediate plan now is to hit the EnCase OnDemand training in order to prepare for the EnCe certification. I'm thinking to kill this by February/March. Once this is out of the way I need to decide which SANS course I'll be hitting in 2016. Right now I am debating between FOR 508, 578 Threat Intel, or 511 Continuous Monitoring. Most likely I will end up having my employer pay for one and do a second one out of pocket through Work Study here in Chicago.
The obligatory question is "what's next?" My boss was extremely generous and purchased and EnCase annual training passport for me so the immediate plan now is to hit the EnCase OnDemand training in order to prepare for the EnCe certification. I'm thinking to kill this by February/March. Once this is out of the way I need to decide which SANS course I'll be hitting in 2016. Right now I am debating between FOR 508, 578 Threat Intel, or 511 Continuous Monitoring. Most likely I will end up having my employer pay for one and do a second one out of pocket through Work Study here in Chicago.
Comments
-
Options
the_Grinch
Member Posts: 4,165 ■■■■■■■■■■
Congrats! Would be excellent if you could post your thoughts on the EnCase on-Demand as it was something I was looking into.WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
Options
JoJoCal19
Mod Posts: 2,835 Mod
Congrats on the pass!!! I've heard from several people at the last SANS conference I attended for Work Study that even if you're not in forensics or handling forensics as a primary duty, FOR408 is still a good class to take. What are your thoughts?Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework -
Options
Robicus
Member Posts: 144 ■■■□□□□□□□
What a rock star! You slayed another one.
Congratulations.
What's Next? eLearnSecurity's eCIR
MSISE, CISSP, GSE (#202), GSEC, GCIA, GCIH, GPEN, GMON, GCFE, GCCC, GCPM, eJPT, AWS CCP -
Options
URG_PSH_FIN
Member Posts: 33 ■■□□□□□□□□
Congrats!!MS in Information Assurance - Regis University
2018 Goals - [ ] GSE Lab [ ] OSCP Enrollment
Late 2018-Early 2019 Goals: [ ] RHCSA [ ] RHCE -
Optionscyberguypr
Mod Posts: 6,928 Mod
I will definitely review the Encase OnDemand. My plan is to try it out and see how I like it, as I also have the option of going to the Chicago (suburbs) physical instructor-led training sessions. From her eon the office slows down so I should be able to do at least 2 session before the end of the year.
My role is not 100% forensics, but when I forensicate it must be done the right way and it must be done quick. The class definitely helped optimize my process. One of the greatest aspects of the course is that it show you a boatload of Windows artifacts, how to process them manually, how to process them with tools, as well as the nuances from Windows XP through 10. The same applies for the most popular browsers, going from the oldest to the latest versions.
