GCFA (FOR508) Passed - Feel Free to Ask Questions

LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
About a week ago I passed the GCFA exam. I took FOR508 in person in May at SANS West and then studied for the whole summer off and on before tightening up for the exam before it expired.

This was my first SANS course and first GIAC exam, and I have to say I have 0 complaints and loved the material. I have 15+ years of IT and infosec-blended experience, and almost all of those years include Windows systems administration on desktop (3 years) and servers (the rest). So, I've done live troubleshooting and minor forensics-type work, but never at this depth or using saved images of any sort. So all of that was new to me, and I feel like I could pick up a forensics job or task and run with it.

My goal with taking this course was to close the feedback loop of Defense-Offense-Forensics. I have had lots of experience with being on the defense side, and love being on the offense side, so I wanted to take a course that allowed me to do more forensics against the offense, so that I can better inform my defense and make my offense even better, and so on.

Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?

Comments

  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■■□□
  • KasorKasor Member Posts: 934 ■■■■□□□□□□
    Congrats. Job well done.
    Kill All Suffer T "o" ReBorn
  • Mike7Mike7 Member Posts: 1,112 ■■■■□□□□□□
    Congrats! And welcome to the AB (advisory board) icon_thumright.gif
  • nebula105nebula105 Member Posts: 60 ■■■□□□□□□□
    LonerVamp wrote: »
    About a week ago I passed the GCFA exam. I took FOR508 in person in May at SANS West and then studied for the whole summer off and on before tightening up for the exam before it expired.

    This was my first SANS course and first GIAC exam, and I have to say I have 0 complaints and loved the material. I have 15+ years of IT and infosec-blended experience, and almost all of those years include Windows systems administration on desktop (3 years) and servers (the rest). So, I've done live troubleshooting and minor forensics-type work, but never at this depth or using saved images of any sort. So all of that was new to me, and I feel like I could pick up a forensics job or task and run with it.

    My goal with taking this course was to close the feedback loop of Defense-Offense-Forensics. I have had lots of experience with being on the defense side, and love being on the offense side, so I wanted to take a course that allowed me to do more forensics against the offense, so that I can better inform my defense and make my offense even better, and so on.

    Awesome! Congrats LonerVamp!

    I'm taking the FOR508 class next month and I'm so pumped for it!
  • vdoovdoo Registered Users Posts: 2 ■□□□□□□□□□
    Hello LonerVamp, do you have unused practice question to let go? Thanks.
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    Thanks! And no, I used both of my practice exams.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • 1point8t1point8t Member Posts: 7 ■■■□□□□□□□
    Congrats LonerVamp!

    I'm looking to take the exam within the next two months, I'm just finishing up my index.

    Do you have any advice for the exam? Were the practice tests similar to the final exam?
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    1point8t wrote: »
    Congrats LonerVamp!

    I'm looking to take the exam within the next two months, I'm just finishing up my index.

    Do you have any advice for the exam? Were the practice tests similar to the final exam?

    First, good luck!

    I would say the practice exams are very indicative and similar to the real exam. Also they are clearly written by the same person or team, as they really felt familiar, both in subject matter and tone. That said, nothing was duplicated exactly.

    I think it's just about knowing the materials, the tools and how/why you're using them, and the whole sequence and point of the DFIR process, from high level IR steps down to specific steps to find evil (kinda like that chart at the end of the 4th book [5th day] detailing steps from automated to manual actions). I found there to be questions at every level, from high level strategic statements down to exceedingly specific command switches and output deductions. And everything in between.

    I don't have a basis for comparison with other GIAC exams, but I could see how many say it's one of the harder ones they've taken.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
Sign In or Register to comment.