Options

Pre-requisites for SANS GCFA (508) -> CHFI

scascscasc Member Posts: 461 ■■■■■■■□□□
Dear all,

Have been sponsored to go on the SANS 508, however do not have a solid background in Forensics and have enrolled to do CHFI to give me a base start. Would this be suffice considering the fact that the cost to do 408 along with 508 is prohibitive?

Best wishes
AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...

Comments

  • Options
    cyberguyprcyberguypr Mod Posts: 6,928 Mod
    CHFI provides very little help for 508. Since you mentioned you do not have forensics experience I would recommend 408. Either that or somehow supplement your dead box forensics knowledge before heading to 508.

    Here are a good link from one of our members (I always keep forgetting who it is) that touches on 408 vs. 508:

    Should I take SANS 408 or 508? (part 1) | Digital Forensics Tips
  • Options
    the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    My boss did 508 before 408. SANS has changed it dramatically and my understanding is that 508 stands almost completely on its own. It is way more geared toward Incident Response then towards forensics.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • Options
    scascscasc Member Posts: 461 ■■■■■■■□□□
    Thanks for the information guys.

    Is the GCFE a stepping stone to GCFA or a qualification in its own right and more forensics based then?
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
  • Options
    quogue66quogue66 Member Posts: 193 ■■■■□□□□□□
    I took FOR408 in March and just finished FOR508. I think taking FOR408 was helpful but not necessary. FOR408 and the GCFE focused on hard drive forensics and FOR508 and the GCFA was memory forensics (and incident response). I think you will be able to get through 508 without taking 408 first.
  • Options
    PJ_SneakersPJ_Sneakers Member Posts: 884 ■■■■■■□□□□
    Unfortunately, the official EC-Council CHFI class will not help you. There are several slides in the official curriculum that are decent, but overall it's a super-long slideshow about random data recovery tools and network attacks. Also the CHFI class is from like, 2011 or some crap. It's super outdated.

    If you have time to read a book, the McGraw All-In-One Certified Cyber Forensics Professional book by Chuck Easttom is a pretty quick read and is a decent summary of digital forensics, and it was helpful for the CCFP. The Syngress Basics of Digital Forensics by John Sammons is also a quick read, and is a quick summary as well. Neither book goes very in depth in any given topic, but they aren't long and drawn out either.
  • Options
    scascscasc Member Posts: 461 ■■■■■■■□□□
    Thanks for the comments. Just been looking at some random exam questions from aiotest king - I see what you mean regarding the value of this certification. Not sure why some people ask for it - just thought it would act as a bit of a stepping stone for me to get the SANS GCFE/GCFA etc.
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
  • Options
    PJ_SneakersPJ_Sneakers Member Posts: 884 ■■■■■■□□□□
    I mean, the class is ok. But at least a day or two of it could have been replaced with real forensics training rather than going over random undelete tools. Then again, the instructor for the class wasn't that great either. He wasn't very experienced and made a few inaccurate statements.
  • Options
    beadsbeads Member Posts: 1,531 ■■■■■■■■■□
    My personal opinion may not reflect the experiences of the board at large but... Don't confuse EC-Council with real training. SANS and EC-Council are like night and day in comparison.

    YMMV

    - b/eads
  • Options
    PJ_SneakersPJ_Sneakers Member Posts: 884 ■■■■■■□□□□
    Oh definitely not. That statement is spot on. I've never been able to attend SANS due to cost, which is how I ended up in an EC Council class (through work).
  • Options
    trueshrewkmctrueshrewkmc Member Posts: 107
    @PJ_Sneakers Thanks for the honest assessment of the official CHFI class! I'll have to sit CHFI for a WGU degree and wondered if the CHFI class material was as bad as the official EC C|EH material. Those random tool slides at the end of every section are the worst!
  • Options
    636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    beads wrote: »
    My personal opinion may not reflect the experiences of the board at large but... Don't confuse EC-Council with real training. SANS and EC-Council are like night and day in comparison.

    I disagree. I think most experiences of the board at large concur in your assessment. FWIW, I concur.
  • Options
    the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Yup I 100% agree with your opinion and have given my opinion of the CEH in interviews.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • Options
    UnixGuyUnixGuy Mod Posts: 4,564 Mod
    The number of good reviews I heard about EC-Council over the years is ZERO. Stay away...
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • Options
    gwood113gwood113 Member Posts: 66 ■■■□□□□□□□
    I took FOR508 a couple weeks ago with no forensics experience and was able to keep up with the material well enough to pass GCFA. The only thing I felt like I was missing by not taking FOR408 were the many Windows artifacts, mentioned in 508 - pounded in 408. Three subject areas that stick out in my mind are: memory analysis, hard drive file carving, and timeline construction and analysis. If you want to prepare ahead of time download the SIFT workstation from SANS and check out volatility, the sleuth kit, and log2timeline; they are some of the course heavy lifters.
  • Options
    PJ_SneakersPJ_Sneakers Member Posts: 884 ■■■■■■□□□□
    I wouldn't say there is no value, but I did feel bad for the people who paid out of pocket for the classes. It was different because my employer paid for the class... I can't imagine paying several thousand for THAT out of my own money. Seriously, online CBT training is better.
  • Options
    scascscasc Member Posts: 461 ■■■■■■■□□□
    Funny enough went for exam got 92% and invite to review board - though have zero expertise in this area. Mainly common sense if you have a security background, though elements of my BS Computer Science degree helped with the architecture around the OS (kernel, virtual memory, extendable RAM etc). Nothing too taxing.
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
Sign In or Register to comment.