Passed GCFE

I took the GCFE exam a couple days ago and passed with an 84. The exam was much more difficult than I expected. I felt like this exam, more than the others, required a solid core foundation of the material. It is always helpful to have a good index but the index wasn't as much of a factor for this test. The test was 115 questions and 3 hours long and I used the entire time. I took the SANS FOR408 class in Philadelphia in early March. Then I read the books cover to cover and made my index and some notes, took the 2 practice tests (scored 78 and 87) and took the test. I probably should have spent more time studying and working with the tools but I wanted to get this out of the way.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

EngRob

Congrats on the pass!

CIPHERSTONE

Sweet! Congrats!!

636-555-3226

Congrats man. Mind writing up some thoughts on the material? Useful in daily life? If someone was on the fence with taking this test, what kind of good skills would they take out of it? Recommend it to someone with a base level of knowledge or a good foundation already in place?

quogue66

The material is definitely relevant and useful for real world forensics. They teach you a lot of great tools and best practices for forensic analysis. They tell you where to look in the registry, what you can and can not find, browser forensics, event logs and even discuss what may be recovered if deleted. I took two forensics classes in college (2011 and 2014) and that was a good enough foundation for the class. If you're specifically asking about the exam and what type of skill set is required to pass without the class I'm not really sure how easy that would be. The material in the class is catered to the exam or vice versa.

testing010101

Hey, I PM'd you a question about the exam.

cyberguypr

Congrats on the pass. In regards to real world forensics, I just finished taking 3 EnCase classes (working on EnCe practical right now) and can tell you that GCFE and course FOR 408 cover way more real life hands-on stuff that what EnCase covers.

NOC-Ninja

Congrats!

UnixGuy

I thought the course was FOR 508? isn't FOR 408 just windows?

cyberguypr

FOR 408 (GCFE) is Windows Forensic Analysis covering of course Win artifacts, USB, shell items, browser, email, etc. FOR 508 (GCFA) is Advanced Digital Forensics and Incident Response covering kill chain, memory forensics, timeline analysis, etc. Both courses are Windows-centric.

JoJoCal19

Congrats on the pass!!! How helpful is FOR408 to security engineers or other security positions? Curious just in case I get picked to facilitate it instead of one of my other choices.

testing010101

JoJoCal19 wrote: »

Congrats on the pass!!! How helpful is FOR408 to security engineers or other security positions? Curious just in case I get picked to facilitate it instead of one of my other choices.

Depends on how much forensics those engineering positions are actually performing. IMO the class was very applicable to a day-to-day digital forensics analyst.

Robicus

Awesome job! It sounds like your worked very hard and put the time in. Congratulations!

DAVIS NGUYEN

Congrats!