GCFA: GIAC Certified Forensic Analyst (FOR508)

eth0

Someone have certificate GCFA: GIAC Certified Forensic Analyst GIAC Certified Forensic Analyst | GCFA Certification with course FOR508 https://www.sans.org/selfstudy/course/advanced-incident-response-digital-forensics ?

Opinions?

Also how look this self study? For what is this "Access Period: 4 months"? This are not some PDF materials?(!)

ramrunner800

eth0 wrote: »

Someone have certificate GCFA: GIAC Certified Forensic Analyst GIAC Certified Forensic Analyst | GCFA Certification with course FOR508 https://www.sans.org/selfstudy/course/advanced-incident-response-digital-forensics ?

Opinions?

Also how look this self study? For what is this "Access Period: 4 months"? This are not some PDF materials?(!)

I have taken FOR508 and the GCFA exam. It is excellent training for incident responders, and is alot of fun too. Our team sends all new analysts to the course, it is considered absolutely essential.

I am only familiar with SANS On Demand and in person trainings. I don't know how the self-study package differs, though it appears to include On Demand, so you should be fine. The 4 month access period is for your access to the online portions of the content. In On Demand this is for videos and MP3's of the lectures. I would imagine that the self study is pretty much the same as On Demand. SANS does not provide PDF's of their materials, and all eletronic materials have expiration dates. For the books, I believe that they will mail you physical copies. This is also necessary because the exam is open book, but paper materials only.

eth0

Thanks, our team want have certificates for IR and this is one of total two from SANS. I have some forensic background (but not US oriented, there is some diffrence in law etc, like we don't have chain of custody etc) so I selected this certificate, and probably (very expensive) will can take that .

gwood113

Self study includes mp3s of the course recorded at one of the major conferences. They are normally recordings of the course author or one of the main contributors. You have a four month window to listen to them online; however you can download them anytime during your access window.

I took FOR508 and GFCA in June. It's a good course. You do all your work in The SIFT workstation. Some open source tools for forensics that are relevant are mandiant redline, the sleuth kit, log2timeline/plaso, and volatility.

A couple books that relate to the subject matter:

Incident Response & Computer Forensics, Third Edition, 3rd Edition

The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory

eth0

is there any special knowledge needed to start with this course? i found some reviews that people recommend 408 (Windows forensics if I good remember). What do you think?

please also share some example exam questions, is this multi select or single select? is this hard to pass? I am scared because 1k$ for exam is a lot (like 1mo salary there)

Thanks!

ramrunner800

eth0 wrote: »

is there any special knowledge needed to start with this course? i found some reviews that people recommend 408 (Windows forensics if I good remember). What do you think?

please also share some example exam questions, is this multi select or single select? is this hard to pass? I am scared because 1k$ for exam is a lot (like 1mo salary there)

Thanks!

The course will be easier if you already have some knowledge of Windows forensics, but you can catch up if you don't already have that. In my 508 class, only 3 people had already taken FOR 408.

Definitely look into the On Demand as well. The self-study webpage you provided says On Demand is included, but confirm that. If self-study only comes with books and MP3's, then get On Demand. On Demand will come with books and MP3's, as well as videos, but they both cost the same amount. Also, you can get ~$400 off on the exam if you purchase it with the course.

eth0

is hard to pass this exam? it will be big fail to retake it for 1k$

can you write some example question(s)?