Passed GCFE

DonklanderDonklander Member Posts: 47 ■■■□□□□□□□
in GIAC
FOR 500//Windows Forensics

Definitely had to prepare for this one differently, as most of my background was network related or high level concepts on systems.  This is actually the first time for anything SANS I had to go go through OnDemand or the books more than once.  However, I did learn quite a bit about how which interactions will create or modify artifacts.

Onto writing a whitepaper, which I've been dreading more than any class.
· Share on FacebookShare on Twitter

Comments

  • UnixGuyUnixGuy Mod Posts: 4,505 Mod
    Well done!
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/ug_ruisDUXc

    · Share on FacebookShare on Twitter
  • tboetboe Member Posts: 44 ■■■□□□□□□□
    Donklander said:
    FOR 500//Windows Forensics

    Definitely had to prepare for this one differently, as most of my background was network related or high level concepts on systems.  This is actually the first time for anything SANS I had to go go through OnDemand or the books more than once.  However, I did learn quite a bit about how which interactions will create or modify artifacts.

    Onto writing a whitepaper, which I've been dreading more than any class.





    How much time did you spend on this one? any tips for prep? I would like to do this instead of GCIH towards the end of this month havent made up my mind just yet..
    · Share on FacebookShare on Twitter
  • pinksjpinksj Member Posts: 89 ■■□□□□□□□□
    Hi There congratulation on passing. I am taking this exam next week and wanted to see what advice would you have. I have vast experience in security side from Security Administration, Security Engineering to Incident Response side. But first time venturing into Forensics. Enjoyed the class by Rob Lee. Finished with the Index of the book and locations of various artifacts. Working on the exercises.
    · Share on FacebookShare on Twitter
  • Randy_RandersonRandy_Randerson Member Posts: 115 ■■■□□□□□□□
    pinksj said:
    Hi There congratulation on passing. I am taking this exam next week and wanted to see what advice would you have. I have vast experience in security side from Security Administration, Security Engineering to Incident Response side. But first time venturing into Forensics. Enjoyed the class by Rob Lee. Finished with the Index of the book and locations of various artifacts. Working on the exercises.
    Registry 
    Windows Event Log ID's 
    Email Headers

    Go through the labs with multiple tools just to be sure you understand what you're looking at. Things like difference between IE and Edge browsers can trip you up if you're not familiar with specific artifacts are attributed to which versions. 

    A solid index goes a long way with this class. Thankfully the books are condensed into as few as possible to make it a lot easier in my opinion. 
    · Share on FacebookShare on Twitter
Sign In or Register to comment.