Books to read for GCIH

All so I have been thinking hard on ways to get my GCIH paid for but I cant figure out a way so im thinking of Challenging this exam with out the course. are there any recommendations for books?

I am thinking of these as of now

Counter Hack Reloaded

Hacker Techniques, Tools, and Incident Handling

Incident Response and Computer Forensics, Second Edition

If you have any other suggestions let me know.

Find more posts tagged with

Comments

TacoRocket

Those are pretty much it. However, I am still going to recommend the class because the exam covers a bit that those book don't. Won't mean you will fail the exam but might make it harder.

Clm wrote: »

All so I have been thinking hard on ways to get my GCIH paid for but I cant figure out a way so im thinking of Challenging this exam with out the course. are there any recommendations for books?

I am thinking of these as of now

Counter Hack Reloaded

Hacker Techniques, Tools, and Incident Handling

Incident Response and Computer Forensics, Second Edition

If you have any other suggestions let me know.

NetworkNewb

I don't have any books to recommend, but if you look up the course and look at the topics discussed each day those are pretty much exactly what was covered.

If I were challenging the exam I would put each day's topics together on one sheet and use that as a template of things I would need to learn. Best of luck!

NetworkNewb

TacoRocket wrote: »

Those are pretty much it. However, I am still going to recommend the class because the exam covers a bit that those book don't. Won't mean you will fail the exam but might make it harder.

This ^^ But also, the actual course materials cover every question your bound to find on the exam.

bigdogz

You can apply for the Work Study program and facilitate. It costs less. You can also try the mentor program which is a 3 for 2 cost... 3 people go for the price of 2. Otherwise it's ~$!,100 USD.

I do not know anyone who has challenged the exam.

bigdogz

JoJoCal19 posted this from another poster.... dynamik...

https://www.ethicalhacker.net/forums...t=11757#p62170

[FONT=&quot]I've challenged every SANS certification I have, with the exception of one that I got for free for participating in a study. The nice thing about SANS/GIAC is that they're vendor neutral/open-source whenever possible, so a lot of the information is usually already floating around somewhere. I go through the two practices you get with a challenge, and I make note of every tool, technique, etc. that is mentioned anywhere. I combine this list with the day-by-day breakdown of the corresponding course, and then create an outline in Word for each topic. Then I research. [/FONT]

[FONT=&quot]I include help output, man pages, examples, workflows, etc. I usually end up with about 400+ pages for each exam. I also include anything related I come across while doing research and think might be applicable. For example, if I think a NIST document is relevant, I read through that and include it in the printout I bring in with me. The thing about doing all this work is that you learn the materially REALLY well. I often only end up referring to it a few times throughout the exam, and my lowest score so far is 85%.[/FONT]

[FONT=&quot]I wouldn't try to match up other courses because they're just not going to fit well. For example, the OffSec courses (as much as I love [hate] them), just don't map to GPEN and GXPN. I haven't done the Hacker Academy Forensics module. While it will probably help some, I doubt it will prepare you for the exam.[/FONT]

[FONT=&quot]Here are a few recommendations off the top of my head:[/FONT]
[FONT=&quot]GSEC - Network Security Bible[/FONT]
[FONT=&quot]GPEN - I didn't prepare for this one since I do pen testing full time; I think I even gifted my practice exams. I'd probably go with the usual suspects of Hacking Exposed, Gray Hat Hacking, Penetration Tester's Open Source Toolkit, the Metasploit book, etc.[/FONT]
[FONT=&quot]GCFA - File System Forensic Analysis, and 3-4 of the new Syngress Forensic books[/FONT]
[FONT=&quot]GCIH - Real Digital Forensics (probably brought this to GCFA as well), NIST 800-61 - Look at the course page, only one day is incident handling and the rest are hacker techniques. You should be in good shape if you have GPEN under control and have a good handle on the six steps. [/FONT]
[FONT=&quot]GCIA - Multiple Bejtlich books, The TCP/IP Guide, the official Snort manual[/FONT]
[FONT=&quot]GWAPT - WAHH2, Hacking Exposed Web Apps (3rd, I think), tons of OWASP material [/FONT]
[FONT=&quot]GAWN - Haven't done this one, but the resources you listed will fall ridiculously short. The Hacking Exposed Wireless book will probably be the best single resource, but you'll probably have to research a lot of items (RFID, Zigbee, Bluetooth, etc.) to be fully prepared. This is a very broad course. [/FONT]
[FONT=&quot]GXPN - Did the course for this one[/FONT]
[FONT=&quot]GCFW - In addition to the GCIA material (lots of overlap -- a solid grasp on TCP/IP will go far with both of these), just spend time with pfSense, iptables, etc. and take notes for anything new on the practice exams[/FONT]

[FONT=&quot]I haven't done either GCWN or GCUX, but again, just do research. You'll probably be able to cobble together what you need from blogs, Technet, etc. You may not find dedicated books on this subject, but security may make up 25-30% of a general book on Windows or *nix.[/FONT]

bigdogz

Remember that it is an open book exam and to have an index.

Good Luck.

Clm

Thanks for the tips

JoJoCal19

The best thing to do in addition to what NetworkNewb posted about getting all of the days topics, is to go to GIAC's website and get all of the exam topics as well.

TacoRocket

We should really sticky your post though. Solid resources.

JoJoCal19 wrote: »

The best thing to do in addition to what NetworkNewb posted about getting all of the days topics, is to go to GIAC's website and get all of the exam topics as well.

grouchy_Smurf

Would also maybe suggest the SANS reading room, looking through topics on Incident Handling. Also get on Linkedin and follow Black Hills Information Security. The owner of BHIS (John Strand- Great guy) is the current primary author of the SANS504 coursework.