Whew! This one was a lot of work for me. My background is more on the network side as an intrusion analyst. I dont have as much background on the host side. I had a pretty steady line from my two practice tests to my final exam.
- Practice 1 = 76%
- Practice 2 = 81%
- Exam = 86%
I may have over prepared a bit for this exam in terms of bringing material. I indexed my books (The biggest step), did a table of contents, transcribed the "Evidence of" poster into excel, printed some event log references, some FTK reference material, and some data about the FAT file system. In the end, I just used the table of contents, index and the data from the poster.
One thing I did to help me prepare was listen to the first seven episodes of the Digital Forensics Survival Podcast from iTunes. The guy that puts that together does Udemy classes I think. They wont replace the SANS training but they did cover some of the basics.
I thought this was the hardest of the three GIAC cert tests I have taken. I had to refer to my notes far more than I did for the GCIA or GICSP. The exam took me 2:45 although I did spend time double checking answers that I knew were right.
Next up for me will depend on work. I am waiting for approval to take For508 and the GFCA (I am working through Art of memory forensics on my own). Depending on the timing of that I may go for a CISSP next.
