Forensic certifications closest to OSCP level of learning
johseg
Member Posts: 7 ■□□□□□□□□□
Hi, I'm a security engineer and we had a security breach recently at our company. Senior management wants to invest into trainings for employees to handle the aftermath of such incidents better next time. I just finished my OSCP and will be responsible for the next incident response. I learned a lot getting my OSCP and I'm looking for a forensic certification that is as close as possible to the training I received from offensive security. I also have various other security certifications that I got via multiple choice tests. While there's a value in that I still would prefer a more hands-on approach to learning. I looked into the list of available security certifications and none of them appealed to me right away. What's your recommendation? Btw. I'm in Germany and not in law enforcement, some are excluded by that. Thanks
Comments
-
johseg Member Posts: 7 ■□□□□□□□□□I forgot one important thing: We're a linux shop, so windows-centric certifications are of limited use to me.
-
Cuse0311 Member Posts: 53 ■■■□□□□□□□Maybe the GCIH from SANS, have you looked at that?
I second that. You could also take a look at some of the SANS forensics certifications as well. They have a really solid advanced network forensics course.
https://www.giac.org/certification/network-forensic-analyst-gnfa -
bigdogz Member Posts: 881 ■■■■■■■■□□If you are looking for vendor neutral certification, then SANS GIAC certs are your best option. The vendor certifications require some practice and knowledge within their respective application.
Good Luck!!! -
johseg Member Posts: 7 ■□□□□□□□□□Thank you all for your replies. I read through the various GIAC offerings and Certified Incident Handler + Certified Forensic Analyst (GCFA) seems to be pretty close to what I want. Too bad offensive security doesn't offer something in this regard (but they're not called defensive security, sooo ... )
-
TacoRocket Member Posts: 497 ■■■■□□□□□□GCFE, GCFA are great for Windows and Forensics in general.
If you want to go deeper there is 526 and 572 as well from SANS.These articles and posts are my own opinion and do not reflect the view of my employer.
Website gave me error for signature, check out what I've done here: https://pwningroot.com/ -
johseg Member Posts: 7 ■□□□□□□□□□TacoRocket wrote: »If you want to go deeper there is 526 and 572 as well from SANS.
-
cyberguypr Mod Posts: 6,928 ModGet a quote from a local incident response or computer forensic firm. That will change his mind quickly.
-
TacoRocket Member Posts: 497 ■■■■□□□□□□Also look into the SANS work study. Changes the price from 8k+ to around $1100.Thank you for the hint. Unfortunately the trainings are really expensive. I'll need to talk to my manager about thatThese articles and posts are my own opinion and do not reflect the view of my employer.
Website gave me error for signature, check out what I've done here: https://pwningroot.com/ -
ramrunner800 Member Posts: 238I have to disagree with the GCIH recommendations in here. GCIH doesn't really cover forensics, it's primarily focused on Hacker Tools and Techniques, as the title of the course would suggest. I honestly find GCIH to be a pretty overrated cert, held by lots of folks due to DOD 8870. It's not a bad course to take by any means, but it certainly doesn't belong in any discussion with OSCP. It's the course my org sends our tech writers and non-technical management folks to to get their feet wet. GCFE and GCFA are both excellent courses if you want forensics knowledge and work hands on. GCFE is a bit dry and more pure forensics, GCFA is a bit more exciting, and covers intrusions. I don't know of any other courses that teach similar knowledge.Currently Studying For: GXPN
-
BlackBeret Member Posts: 683 ■■■■■□□□□□InfoSec Institute training/certs are hands on and cheaper than SANS. Also, they offer discounts to a lot of professional organization members, ISACA and Infraguard are two that I know of off the top of my head. I wouldn't say they're as good as SANS, but when I can get courses for half the price, it makes it easier.
-
mokaz Member Posts: 172Hi there,
I would give a go for the CCE if Forensics would be a targeted field of mine (i might even do so anyways...):
https://www.isfce.com/index.html
A online paced self paced "bootcamp", as they call it is available here:
Computer Forensic Training Center Online
Cheers,
m. -
princesamus Member Posts: 8 ■□□□□□□□□□ramrunner800 wrote: »I have to disagree with the GCIH recommendations in here. GCIH doesn't really cover forensics, it's primarily focused on Hacker Tools and Techniques, as the title of the course would suggest. I honestly find GCIH to be a pretty overrated cert, held by lots of folks due to DOD 8870. It's not a bad course to take by any means, but it certainly doesn't belong in any discussion with OSCP. It's the course my org sends our tech writers and non-technical management folks to to get their feet wet. GCFE and GCFA are both excellent courses if you want forensics knowledge and work hands on. GCFE is a bit dry and more pure forensics, GCFA is a bit more exciting, and covers intrusions. I don't know of any other courses that teach similar knowledge.
I'm coming a bit late, but still wanted to agree with this post. You should go for GCFE|A or GNFA for the network part.
For the rest the only cert which I think would match is the future CSX-Specialist (Respond) https://cybersecurity.isaca.org/csx-careers
As i had the chance to test the lab environment for the CSX-Practitioner (never took the exam), I can say that it's really hands on and pretty convenient as it's through web browser only. Even if I don't really like other ISACA's certs, like CISA, CISM, etc. I have to say they did a pretty good job for building CSX certs.
Wait&see if it will be recognized by companies. -
PJ_Sneakers Member Posts: 884 ■■■■■■□□□□The IACIS CFCE is probably the closest to OSCP. Each candidate is given a unique forensics scenario that must be properly investigated, analyzed, and reported. It is for all intents and purposes, a completely simulated case that must be processed in order to achieve certification.
-
SteveLavoie Member Posts: 1,133 ■■■■■■■■■□I would choose the most appropriate course from SANS and make a proposal to your management. The timing is good... they had a breach, they want training, money will follow
-
al88 Member Posts: 62 ■■■□□□□□□□princesamus wrote: »I'm coming a bit late, but still wanted to agree with this post. You should go for GCFE|A or GNFA for the network part.
For the rest the only cert which I think would match is the future CSX-Specialist (Respond) https://cybersecurity.isaca.org/csx-careers
As i had the chance to test the lab environment for the CSX-Practitioner (never took the exam), I can say that it's really hands on and pretty convenient as it's through web browser only. Even if I don't really like other ISACA's certs, like CISA, CISM, etc. I have to say they did a pretty good job for building CSX certs.
Wait&see if it will be recognized by companies.
While I support SANS could be the best out there as training, CSX-P is your closest OSCP experience in terms of Certification (Lab style instead of Multiple choices).
If you still wanna go SANS, then aim for FOR508 (GCFA) .. as SEC504 (GCIH) will be below your expectation if you already have an OSCP.
FOR500 (GCFE) won't add much value to you as it is Windows Forensics (which you mentioned is out of your current focus)