GCFA - Passed!

Kiyori

Hello, everyone,

Happy to be able to announce that I’ve successfully completed the GCFA exam with an 85%! I wanted to share my experience and hopefully help someone else out.

I am doing it as part of the DFIR graduate certificate program, so I have 3 months with the OnDemand course materials, books, and labs.

Like with most of the other certifications I’ve completed, I always make heavy use of the MP3 files. I like to keep it playing in the background during “free ear time”; this could be anything from doing mundane ticket work at the office, chores around the house, or commuting. Although I could not ingest everything, I attempted to have it playing constantly so in that one minute of paying attention, I could learn something new.

I did not complete the video series/quizzes/labs, and definitely wish that I had. I’m sure that it would have been massively helpful, especially when it came to having to know what tools did what, and what kind of commands/output would be seen.

Of course, I made an index of the books. Even better, the books have their own index at the end, and I used that really heavily. This round, I chose to do 3 different pages: theory, tools, and events. I didn’t even touch the theory page, but made heavy use of the tools and events pages. Basically, if there was a mention of a piece of malware or tool or event, I annotated it no matter which book or page. There are a lot!

One thing I wish I had done with the index was write down every single Registry location in another page that was published in the books. I definitely think that would have been the game-changer that would have taken me to over a 90%.

Finally, the other major item which helped me out tremendously was to tab places in the books where I knew I wouldn’t be able to memorize, but would be very important. For example, I made tabs in the books where timestamps, artifacts, and normal processes were. Since I knew I had those tabs and where they were, I was able to quickly flip to the right information without having to use any part of the index.

I was definitely stressed out because I waited until the VERY LAST DAY of the course to sit for the exam – that is not my normal habit, but life just hit kind of hard over the past few months. I’m just glad I was able to adapt and pass the exam in the end

Hope this helps!