GCIA passed. Now what?
justSomeGuy
Registered Users Posts: 4 ■□□□□□□□□□
in GIAC
I just passed my GCIA exam today and was curious as to what other SANs certs others have moved onto from there. I work mostly with IDS, netflow, and pcap solutions, so I was considering FOR 572 - Advanced Network Forensics and Analysis. Does anyone have feedback on this one? I'm also considering 501 or 504, but am unsure if those will be useful. Any feedback would be appreciated. Thanks!
Comments
-
JDMurray Admin Posts: 13,091 AdminThe foundation of the GIAC certs are the GSEC, GCIH, and GCIA. If you are looking towards the GSE then the GCWN and GCUX are recommended too. All of the other GIAC cert are specialty branches as shown on the GIAC Certification Roadmap.
-
justSomeGuy Registered Users Posts: 4 ■□□□□□□□□□Thanks! I was considering the Linux hardening one, but network forensics is something I actually enjoy, hence my curiosity about 572. I've only found 1 thread on it and the exam was never taken.
-
JDMurray Admin Posts: 13,091 AdminOne thing that interests me in SANS digital forensics training is that "incident handling" is also thrown in to those classes too. I assume this refers to the use of forensics in incident investigation, but I'm interested to know if any of the FOR classes describe in more detail the overall incident response/handling process than is covered in SANS SEC504.
-
justSomeGuy Registered Users Posts: 4 ■□□□□□□□□□Is GCIH just as technical and difficult as GCIA. I'm considering picking that up before heading on to any advanced certs. For context, when studying for GCIA, I put in about 4 days of dedicated studying and did both practice exams the day before the actual one. Did not touch the labs, although I had plenty of Snort/Silk/tcpdump experience.
-
gwood113 Member Posts: 66 ■■■□□□□□□□@justSomeGuy
FOR572 is the only other real network focused class. You'll like it since you're already familiar with silk. GCIH is more mostly host focused centering on beginner pentesting skills. I would not consider it as technically challenging as GCIA. At least not in the same way.
@JDMurray
FOR508 the host forensic class goes into incident handling pretty well. FOR508, 572, and 610 are the IR team triad: host, network, and malware. -
JDMurray Admin Posts: 13,091 AdminI only see Windows forensics and mobile (Android) forensics SANS classes. Do any of the SANS forensics classes also cover UNIX (iOS) or Linux (other than Android) forensics?
-
gwood113 Member Posts: 66 ■■■□□□□□□□508 covers *nix environments in the course books, but all of the forensic practice is on windows targets (hhd images, memory images, etc.)
Given the variety and nuance of the countless flavors of Linux I doubt the DIFR team will ever produce a generic Linux forensic course. You could probably conduct effective host forensics applying the tools and methods from 508 with a little practice though. -
GirlyGirl Member Posts: 219I only see Windows forensics and mobile (Android) forensics SANS classes. Do any of the SANS forensics classes also cover UNIX (iOS) or Linux (other than Android) forensics?
I took the 575 Course less than 6months ago.
I see that you are the mod for the Java and Developers forums. If you are indeed knowledgeable in those areas some of the 575 course will not be new to you. It covers iOS/Android and the wearable devices. It might have touched slightly on the tablet I don't recall. Google devices were touched on slightly if my memory serves me correct. It is more backend development and frontend applications/security/app manipulations/API, etc. That's the majority of it. I don't believe any Linux/Unix was in any of my books. If it was it wasn't much of it. -
lostsol Member Posts: 18 ■□□□□□□□□□justSomeGuy wrote: »I just passed my GCIA exam today and was curious as to what other SANs certs others have moved onto from there. I work mostly with IDS, netflow, and pcap solutions, so I was considering FOR 572 - Advanced Network Forensics and Analysis. Does anyone have feedback on this one? I'm also considering 501 or 504, but am unsure if those will be useful. Any feedback would be appreciated. Thanks!
-
silvercleric Member Posts: 1 ■■■□□□□□□□Hello,
I believe that this document may be of help - a visual representation of the different "paths" is found on page 2 of the document.
https://www.sans.org/media/security-training/apac_2017_brochure.pdf
please note that the training dates are for the APAC region.
HTH