Passed GCFE

quogue66quogue66 GREM GPEN GCIA GSEC GCFE GCFA GCIH GASF GSE (multiple choice)Posts: 164Member ■■■□□□□□□□
I took the GCFE exam a couple days ago and passed with an 84. The exam was much more difficult than I expected. I felt like this exam, more than the others, required a solid core foundation of the material. It is always helpful to have a good index but the index wasn't as much of a factor for this test. The test was 115 questions and 3 hours long and I used the entire time. I took the SANS FOR408 class in Philadelphia in early March. Then I read the books cover to cover and made my index and some notes, took the 2 practice tests (scored 78 and 87) and took the test. I probably should have spent more time studying and working with the tools but I wanted to get this out of the way.

Comments

  • EngRobEngRob Posts: 247Member ■■■□□□□□□□
    Congrats on the pass!
  • CIPHERSTONECIPHERSTONE Posts: 30Member ■□□□□□□□□□
    Sweet! Congrats!!
  • 636-555-3226636-555-3226 Posts: 976Member ■■■■■□□□□□
    Congrats man. Mind writing up some thoughts on the material? Useful in daily life? If someone was on the fence with taking this test, what kind of good skills would they take out of it? Recommend it to someone with a base level of knowledge or a good foundation already in place?
  • quogue66quogue66 GREM GPEN GCIA GSEC GCFE GCFA GCIH GASF GSE (multiple choice) Posts: 164Member ■■■□□□□□□□
    The material is definitely relevant and useful for real world forensics. They teach you a lot of great tools and best practices for forensic analysis. They tell you where to look in the registry, what you can and can not find, browser forensics, event logs and even discuss what may be recovered if deleted. I took two forensics classes in college (2011 and 2014) and that was a good enough foundation for the class. If you're specifically asking about the exam and what type of skill set is required to pass without the class I'm not really sure how easy that would be. The material in the class is catered to the exam or vice versa.
  • testing010101testing010101 Posts: 22Member ■□□□□□□□□□
    Hey, I PM'd you a question about the exam.
  • cyberguyprcyberguypr Senior Member Posts: 6,834Mod Mod
    Congrats on the pass. In regards to real world forensics, I just finished taking 3 EnCase classes (working on EnCe practical right now) and can tell you that GCFE and course FOR 408 cover way more real life hands-on stuff that what EnCase covers.
  • UnixGuyUnixGuy SABSA, GCFA, GPEN, CISM, RHCE, Security+, Server+, eJPT, CCNA Posts: 4,037Mod Mod
    I thought the course was FOR 508? isn't FOR 408 just windows?
    Goal: MBA, August 2020
  • cyberguyprcyberguypr Senior Member Posts: 6,834Mod Mod
    FOR 408 (GCFE) is Windows Forensic Analysis covering of course Win artifacts, USB, shell items, browser, email, etc. FOR 508 (GCFA) is Advanced Digital Forensics and Incident Response covering kill chain, memory forensics, timeline analysis, etc. Both courses are Windows-centric.
  • JoJoCal19JoJoCal19 California Kid Posts: 2,800Mod Mod
    Congrats on the pass!!! How helpful is FOR408 to security engineers or other security positions? Curious just in case I get picked to facilitate it instead of one of my other choices.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • testing010101testing010101 Posts: 22Member ■□□□□□□□□□
    JoJoCal19 wrote: »
    Congrats on the pass!!! How helpful is FOR408 to security engineers or other security positions? Curious just in case I get picked to facilitate it instead of one of my other choices.

    Depends on how much forensics those engineering positions are actually performing. IMO the class was very applicable to a day-to-day digital forensics analyst.
  • RobicusRobicus CISSP, GSE #202, GSEC, GCIA, GCIH, GPEN, GMON, GCFE, GCCC, eJPT Posts: 140Member ■■■□□□□□□□
    Awesome job! It sounds like your worked very hard and put the time in. Congratulations!
    What's Next? Sans Cyber Security Master's Degree (MSISE) [Currently Enrolled]
    ... Progress { | | | | | | | | | . } // 95%

    CISSP, GSE #202, GSEC, GCIA, GCIH, GPEN, GMON, GCFE, GCCC, eJPT
  • DAVIS NGUYENDAVIS NGUYEN Posts: 1,472Member ■■■□□□□□□□
Sign In or Register to comment.