Need Help Deciding (Poor Forensic Guy)
So, I'm new to the forensic world, and after some good experience extracting data off of cellphones, HDD's, and etc.
I thought it's time to treat my self with getting some certified certificates.
So, cut a long story short, I've done my research, made an account on this amazing website, did some reading on the GIAC website, and I think nothing beats the Global Information Assurance Certification and so I'm going to start of by throwing questions at you experts out there to help me out on which direction to take.
I've obviously looked at there Forensics section on the website [HTML]http://www.giac.org/certifications/forensics[/HTML]
but only to find categories that were totally un-related to what I do and there ordering of the subjects being really weird, EXCEPT for the ONE.
The GASF: GIAC Advanced Smartphone Forensics
After some reading I found that this is the only field that is related to my current job and work, and this would be the most appropriate course to take immediately.
After reading about the courses above that, such as the (GCFA, GCFE, GREM, GNFA) I was just wondering if any of those are Required prior to taking the GASF, or if not required, required so as to be ABLE personally to take the GASF and successfully pass or to look good on my Resume?
I want to know why the GCFA and GCFE would be necessary to learn prior to the GASF, or even the GREM or GNFA since the GNFA is looking towards a Network Engineers or Technicians perspective Not a Digital Forensics Examiners one, and the GREM being a Network Admin's job?
I'm concerned about this since the GIAC website has ordered these subjects from top to bottom. So if I take a GASF, it would not be anything related to the others?
Also could someone tell me the difference between a GCFA and GCFE, and how one examines and how the other analyzes, like an example would be great, since they both analyze windows?
As I said I'm new to the world, so I apologize if I sound really noob to any of this, I'm just trying to figure out what's best for me!
These 3 sound most right to me and my field of work after reading about them, and to take them in this order below,
1- GCFE (GIAC Certified Forensic Examiner)
2- GCFA (GIAC Certified Forensic Analyst)
3- GASF (GIAC Advanced Smartphone Forensics)
What do you think?
Thanks In Return,
Vesalius
I thought it's time to treat my self with getting some certified certificates.
So, cut a long story short, I've done my research, made an account on this amazing website, did some reading on the GIAC website, and I think nothing beats the Global Information Assurance Certification and so I'm going to start of by throwing questions at you experts out there to help me out on which direction to take.
I've obviously looked at there Forensics section on the website [HTML]http://www.giac.org/certifications/forensics[/HTML]
but only to find categories that were totally un-related to what I do and there ordering of the subjects being really weird, EXCEPT for the ONE.
The GASF: GIAC Advanced Smartphone Forensics
After some reading I found that this is the only field that is related to my current job and work, and this would be the most appropriate course to take immediately.
After reading about the courses above that, such as the (GCFA, GCFE, GREM, GNFA) I was just wondering if any of those are Required prior to taking the GASF, or if not required, required so as to be ABLE personally to take the GASF and successfully pass or to look good on my Resume?
I want to know why the GCFA and GCFE would be necessary to learn prior to the GASF, or even the GREM or GNFA since the GNFA is looking towards a Network Engineers or Technicians perspective Not a Digital Forensics Examiners one, and the GREM being a Network Admin's job?
I'm concerned about this since the GIAC website has ordered these subjects from top to bottom. So if I take a GASF, it would not be anything related to the others?
Also could someone tell me the difference between a GCFA and GCFE, and how one examines and how the other analyzes, like an example would be great, since they both analyze windows?
As I said I'm new to the world, so I apologize if I sound really noob to any of this, I'm just trying to figure out what's best for me!
These 3 sound most right to me and my field of work after reading about them, and to take them in this order below,
1- GCFE (GIAC Certified Forensic Examiner)
2- GCFA (GIAC Certified Forensic Analyst)
3- GASF (GIAC Advanced Smartphone Forensics)
What do you think?
Thanks In Return,
Vesalius
Comments
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff
Keep in mind that GIAC exams come directly from the SANS courses. If you challenge the test without taking the corresponding class you could be at a disadvantage. Since the test costs $1,149 I normally recommend going through the Work Study Program where you get the physical class, virtual class, and exam for one low price of $1,100. It's a gamble because it may take a while to get approved/accepted plus you have to commit 6 days to work an event. Anyway, something you may want to explore.
The other route would be to suck it up and take one of the vendor based certs from EnCase or FTK which would also give you the in court credentials needed for expert witness.
Learning Android "Marshmallow" now in comparison. Interesting new wrinkles to explore.
- b/eads
I know that if I could go to SANS, I definitely would. So if you can, I'd say do it.
How different is it being someone analytical or someone that is an examiner in the world of forensics? How in-depth can you get in each one and how would it be different, or would mastering both be possible and useful to your workplace?
So I'm currently working on digital forensics, the majority of my work is based on phones (of all types) and I can say I have very good experience in doing my job really well, with a 90% success rate in examining and then extracting phones.
The thing also is I can derive from other areas to, so that means I may have the opportunity to go through other paths of forensics, and I was wondering what you think would be most beneficial to get into, both money wise and uniqueness wise?
I had a great plan for getting GIAC certified. I wrote a proposal, and got my management on board. And then they said OH HELL NO when they saw the price tag.
Don't worry about payment, but would you be kind enough to send me your proposal?
Hopefully I will make it work and I'll be able to tell the story
GCFE - How to actually recover physical data from a box, not sure if the class comes with it still, but used to give out one of those hard drive write blockers and the labs go through the actual steps and tools for gathering forensic data.
GCFA - How to analyze evidence gathered in GCFE, does NOT cover how to actually capture forensic images/data. Covers memory analysis (live system memory capture & hiberfile or vmem/similar as well as disk image analysis. Analyze how to identify malware using forensic data and create a timeline of events. Awesome course capstone.
GNFA - How to analyze/timeline and carve forensic evidence using only PCAP and netflow captures. Really good class, I really liked this one.
GREM - Take the malicious files discovered from any of the above and figure out what it's trying to do.
I haven't done GASF, so I can't say whether any of these are recommended, but hopefully this info helps you decide... If you google the SANS DFIR brochure, it recommends 408 before any of the 500 series DFIR courses.
-Ivan