Difficulty of GCFE?

Hi folks,

I'm taking SANS 408 in class and while I currently work in this space/field, I've found that a lot of the information we're learning is like drinking from a fire hose. I'm required to take the cert for work so I'm a little concerned about the difficulty. Windows registry and shellbags in particular are all black magic to me.

I also keep hearing about making this ominous "index" of which I have yet to understand or create.

Any words of advice?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

cyberguypr

I've done some forensication, not much. I knew the basics but had some gaps in my practical skills, so I took this class last September. After creating my index I took the exam in January. Passed with an 89%. If you pay attention in class and do all the labs, review the material, and make a good index I would it would be very difficult to fail.

In regards to the index, remember that the exam is open book and you can take in any printed resource you like. The idea of the index is to have a place where you can quickly reference the sea of knowledge that is thrown at you in the course. Some of us do indexes in different manners. I go with TERM | BOOK | PAGE | EXPLANATION. See an example here:

indexGIAC.JPG

TechGromit

cyberguypr wrote: »

I go with TERM | BOOK | PAGE | EXPLANATION. See an example here:

And I used tabs, So it was Term, Book Number, Tab #, Topic. Tabs allowed me to mark the exact page I needed to flip to without flipping pages to find the correct one. 60 tabs was the most using all three sides of the book, without going into a second layer of them. Also highlight the relevant information on the pages, so I didn't need to read the whole page to find the answer. If you know the material, generally you can answer about half the questions in 10 or 20 seconds each (about 30 minutes), leaving you around 3 minutes for each question you don't know to look them up.

YFZblu

Something like shellbags is a convoluted topic even for experienced investigators. Fortunately shellbags is a well-documented artifact. I would recommend reading up on your pain points prior to the class to break the ice beforehand.

YFZblu

As a follow-up, I reviewed my 408 books for Shellbags content. A mere seven pages is dedicated to Shellbags, half of which is related to tools which parse them for you - so it's not a big deal.