Passed GCFE

DonklanderDonklander GCFA, GCFE, GCIA, GCIH, GSEC, GCCC, CISSP, CEHPosts: 47Member ■■■□□□□□□□
FOR 500//Windows Forensics

Definitely had to prepare for this one differently, as most of my background was network related or high level concepts on systems.  This is actually the first time for anything SANS I had to go go through OnDemand or the books more than once.  However, I did learn quite a bit about how which interactions will create or modify artifacts.

Onto writing a whitepaper, which I've been dreading more than any class.

Comments

  • UnixGuyUnixGuy SABSA, GCFA, GPEN, CISM, RHCE, Security+, Server+, eJPT, CCNA Posts: 4,031Mod Mod
    Well done!
    Goal: MBA, August 2020
  • tboetboe GCIA,GCFE,CCNA, COMPTIA Sec+ Posts: 40Member ■■■□□□□□□□
    FOR 500//Windows Forensics

    Definitely had to prepare for this one differently, as most of my background was network related or high level concepts on systems.  This is actually the first time for anything SANS I had to go go through OnDemand or the books more than once.  However, I did learn quite a bit about how which interactions will create or modify artifacts.

    Onto writing a whitepaper, which I've been dreading more than any class.





    How much time did you spend on this one? any tips for prep? I would like to do this instead of GCIH towards the end of this month havent made up my mind just yet..
  • pinksjpinksj ■■□□□□□□□□ Posts: 89Member ■■□□□□□□□□
    Hi There congratulation on passing. I am taking this exam next week and wanted to see what advice would you have. I have vast experience in security side from Security Administration, Security Engineering to Incident Response side. But first time venturing into Forensics. Enjoyed the class by Rob Lee. Finished with the Index of the book and locations of various artifacts. Working on the exercises.
  • Randy_RandersonRandy_Randerson CFE, GASF, GAWN, GCFA, GCFE, GCIH, GLEG, GMOB, GNFA, GPEN, GSEC, GWAPT, DFCP, ACE, CompTIA A/N/S+ Posts: 113Member ■■■□□□□□□□
    pinksj said:
    Hi There congratulation on passing. I am taking this exam next week and wanted to see what advice would you have. I have vast experience in security side from Security Administration, Security Engineering to Incident Response side. But first time venturing into Forensics. Enjoyed the class by Rob Lee. Finished with the Index of the book and locations of various artifacts. Working on the exercises.
    Registry 
    Windows Event Log ID's 
    Email Headers

    Go through the labs with multiple tools just to be sure you understand what you're looking at. Things like difference between IE and Edge browsers can trip you up if you're not familiar with specific artifacts are attributed to which versions. 

    A solid index goes a long way with this class. Thankfully the books are condensed into as few as possible to make it a lot easier in my opinion. 
Sign In or Register to comment.