GCFE Self Study resources and tips

NavyMooseCCNANavyMooseCCNA Member Posts: 544 ■■■■□□□□□□
Good Evening everyone,

This is my first post here, please be gentle :)

When I pass my Security+ exam I am planning on going for the GIAC GCFE exam. I've spent a couple of days looking at books for self study. I've learned that GIAC/SANS do not publish books nor do they have recommended books listed.

I've seen several books here and other places. "Windows Forensics", "Digital Forensics with Open Source Tools", and "Incident Response & Computer Forensics". Are there any other books that you can recommend?

One of my concerns; I was a Windows Admin for seven years and have almost no experience with and almost no knowledge of Linux. Do I need to become proficient with Linux to be successful in the more advanced security certifications? I can run a directory listing and get an IP address off a Linux box, and that is about it.

Thank you in advance!

'My dear you are ugly, but tomorrow I shall be sober and you will still be ugly' Winston Churchil

Comments

  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    Sorry to say unless you're already a subject matter expert, you pretty much need the SANS book to pass the test. The questions are usually straight out of the books and if you have the books the tests are usually pretty easy (esp. the low level ones). It doesn't sound like self-study would be ideal for passing in your case. I know it sucks, SANS' pricing pretty much eliminates most small/mid-size businesses and nonprofits. Despite that, they certainly aren't hurting for business from what I've seen and in talking to some of the staff.....

    I've never reviewed the SANS FOR408: Windows Forensic Analysis materials (the training class for the GCFE), but looking at the page it looks to be straight-up Windows, so *nix skills need not apply.

    Otherwise basic Linux skills are pretty much a must-have to get into the deeper, hands-on technical infosec stuff. If nothing else I'd suggest picking up a Linux+ book and learning the basics from that. Not perfect, but a good starting point (even if you don't take the Linux+ exam itself). After you've got the basics the SANS classes will show you what you need to know or at least give you a starting point from which to learn the deeper things yourself.
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    Are there any other books that you can recommend?

    Yes, the Sans 408 book set. If it were me, I'd keep and eye on Ebay. Expect to pay $600+ for anything current. Nothing older than two years old, three tops. Another alternative is find someone who took the exam and ask them for there index. A good index will tell you what you need to study for to pass the exam, and better yet your not volatilizing any SANS copyright agreements.
    Still searching for the corner in a round room.
  • ramrunner800ramrunner800 Member Posts: 238
    As others have stated, there is unfortunately no set of materials that will prep you for a GIAC exam, other than the official course materials. The only way to get those are from SANS themselves, or from someone willing to risk alot by selling their materials. The only way to really self study for a SANS exam is to go through the exam objectives , and master each item. You will run into difficulty at some points because SANS will recommend solving certain problems in a specific manner, which is difficult to know without the official books. To get started I'd recommend downloading the pdf of the SANS 'Evidence Of' poster, and mastering each of the artifacts. Also search the SANS blogs for each different artifact, which will give you insight to their recommended solutions. If you do those things, you'll have a good start on GCFE.
    Currently Studying For: GXPN
  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    I've taken SANS408, all windows, and yes, I can't imagine passing that without the course / books unless you're already totally fluent in all the material and even then who knows.
  • quogue66quogue66 Member Posts: 193 ■■■■□□□□□□
    I took the FOR408 class in March and passed the GCFE in early April. I spent a lot of time studying and I thought the exam was pretty tough. It took me almost the entire three hours and I scored an 84 which is a lot lower than I was expecting. I would not recommend taking this exam without any forensics experience and not taking the course. If you do decide to take the exam you will receive two practice tests when you pay for your exam. The practice tests are the same level of difficulty as the actual exam. If you can pass the practice exams there is a good chance you will be able to pass the exam.
  • NavyMooseCCNANavyMooseCCNA Member Posts: 544 ■■■■□□□□□□
    Ok, thank you everyone. I think I'll look at providers other than SANS/GIAC. There is no way I can afford to spend that kind of money on a course, nor take that kind of time off. My company won't reimburse for non-academic training.

    'My dear you are ugly, but tomorrow I shall be sober and you will still be ugly' Winston Churchil

  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    My company won't reimburse for non-academic training.

    If you wanted to jump to the 508 course instead of the 408 course you could say it was part of the "Incident Response" graduate level certificate.
    Graduate certificates | Cyber Security | Information Security | SANS

    They are considered an accredited education institution.
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    OP, no one has asked yet what is your goal by pursuing a forensics cert. Are you trying to fill a knowledge gap, make your resume attractive, fulfill a need at your current job, etc? Just trying to figure out what your path is to see what makes sense.
  • NavyMooseCCNANavyMooseCCNA Member Posts: 544 ■■■■□□□□□□
    Make my resume more attractive and fill a knowledge gap. I did risk management with the IA folks when I was a DOD contractor and I enjoyed the security aspect a lot. I'd like to get more involved in the forensics area. I'm fairly analytical and I am looking to play to my strengths.

    I am in a Security+ class now and looking for my next step. I found CHFI and I'm looking at other certifications along those lines. GIAC is just too expensive.

    'My dear you are ugly, but tomorrow I shall be sober and you will still be ugly' Winston Churchil

  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    I have several of the SANS certification without the official course book and experience, so its possible if you study and understand the underlying concepts.

    GCFE may be a little difficult because there is no SANS authors, instructor or certified GCFE professional had authored forensic books independently on their own. But luckily several sections are kind of straight forward so printouts will help greatly in this sections.

    You may want to get Windows Forensic Analysis Toolkit, Fourth Edition: Advanced Analysis Techniques for Windows 8 and

    Windows Registry Forensics, Second Edition: Advanced Digital Forensic Analysis of the Windows Registryby harlan carvey

    There is a third edition for Incident Response and Computer Forensic, you may want to see if its aligned with the course syllabus as well.

    I also suggest getting a practice test and filled up the rest with printouts from google results or other resources.
  • NavyMooseCCNANavyMooseCCNA Member Posts: 544 ■■■■□□□□□□
    LionelTeo wrote: »
    I have several of the SANS certification without the official course book and experience, so its possible if you study and understand the underlying concepts.

    GCFE may be a little difficult because there is no SANS authors, instructor or certified GCFE professional had authored forensic books indepedetly on their own. But luckily several sections are kind of straight forward so printouts will help greatly in this sections.

    You may want to get Windows Forensic Analysis Toolkit, Fourth Edition: Advanced Analysis Techniques for Windows 8 and

    Windows Registry Forensics, Second Edition: Advanced Digital Forensic Analysis of the Windows Registryby harlan carvey

    There is a third edition Incident Response and Computer Forensic, you may want to see if its aligned with the course syllabus as well.

    I also suggest getting a practice test and filled up the rest with printouts from google results or other resources.
    Thank you for the book suggestions. I decided GIAC is too expensive for me; maybe a future employer would be willing to pay for this training and certification.

    'My dear you are ugly, but tomorrow I shall be sober and you will still be ugly' Winston Churchil

  • PJ_SneakersPJ_Sneakers Member Posts: 884 ■■■■■■□□□□
    What is your budget for training? It's all expensive.
  • NavyMooseCCNANavyMooseCCNA Member Posts: 544 ■■■■□□□□□□
    What is your budget for training? It's all expensive.
    Self study is my budget. I'm going to wrap up my Sec+ and stay with my employer for another six months before looking for a better job. I career changed back into IT and was unemployed for six months. I got a grant for IT training and used it for CCNA and ITIL.

    'My dear you are ugly, but tomorrow I shall be sober and you will still be ugly' Winston Churchil

  • PJ_SneakersPJ_Sneakers Member Posts: 884 ■■■■■■□□□□
    You might just want to read up on it and do some self study at this point until you can justify the money on a forensics certification. The tests are all expensive, and the classes are all expensive. If that's not your bread and butter, you might be wasting money on them.
Sign In or Register to comment.