Donklander said: FOR 500//Windows ForensicsDefinitely had to prepare for this one differently, as most of my background was network related or high level concepts on systems. This is actually the first time for anything SANS I had to go go through OnDemand or the books more than once. However, I did learn quite a bit about how which interactions will create or modify artifacts.Onto writing a whitepaper, which I've been dreading more than any class.How much time did you spend on this one? any tips for prep? I would like to do this instead of GCIH towards the end of this month havent made up my mind just yet..
pinksj said: Hi There congratulation on passing. I am taking this exam next week and wanted to see what advice would you have. I have vast experience in security side from Security Administration, Security Engineering to Incident Response side. But first time venturing into Forensics. Enjoyed the class by Rob Lee. Finished with the Index of the book and locations of various artifacts. Working on the exercises.
