GCFE Study Material

ZiocahnZiocahn Posts: 8Member ■□□□□□□□□□
Hi guys, I intend to take the GCFE Course next year and I was hoping to get an early start on the study material. I will likely be attending the class in March but is it possible to get access to course materials any earlier then the class date?

Comments

  • docricedocrice Posts: 1,706Member ■■■■■■■■■■
    More than likely not. There's also the possibility the material will get updated shortly before your scheduled course date. If you want to prep ahead of time, you can read through existing books on Windows forensics to get your feet wet.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • azmattazmatt Posts: 114Member
    As usual, Docrice nailed it. Check out Harlan Carvey's books "Windows Forensic Analysis Toolkit Third Edition" and his book on registry forensics and you'll be in great shape.

    You'll love the 408. I think it's one of the most underrated classes SANS has as a lot of people want to go straight for the "advanced" 508 class when there's a really good chance that 408 is a lot more relevant to what they do on a daily basis.
  • TBRAYSTBRAYS Posts: 267Member
    azmatt wrote: »
    As usual, Docrice nailed it. Check out Harlan Carvey's books "Windows Forensic Analysis Toolkit Third Edition" and his book on registry forensics and you'll be in great shape.

    You'll love the 408. I think it's one of the most underrated classes SANS has as a lot of people want to go straight for the "advanced" 508 class when there's a really good chance that 408 is a lot more relevant to what they do on a daily basis.

    I'm actually taking the FOR408 Class with Chad Tilbury and I'm absolutely loving it. I will be attending the SANS conference in Orlando April for the FOR508.

    We were told today that the material is in the process of changing as we speak.
    Bachelors of Science in Technical Management - Devry University
    Masters of Information Systems Management with Enterprise Information Security - Walden University
    Masters of Science in Information Assurance - Western Governors University
    Masters of Science Cyber Security/Digital Forensics - University of South Florida
  • AlexNguyenAlexNguyen Posts: 359Member
    I took the OnDemand FOR408 course in 2012 and was a bit disappointed. I think I should take the FOR508 course instead.
    On the SANS website (back in Q1 2012), they said that you will learn FTK and EnCase with the FOR408 course. But in reality,
    the course will teach you only FTK. There's an EnCase Forensic Edition Primer section on the course book to read, but there
    was no video teaching about it. I was hoping to take this course to help me get the EnCE cert.
    If you hold already some Microsoft certs about Windows client OS, you won't learn much with this course. I've passed the exam
    at the last day before expiration, without doing any hands-on exercises from the course.
    Knowledge has no value if it is not shared.
    Knowledge can cure ignorance, but intelligence cannot cure stupidity.
  • ZiocahnZiocahn Posts: 8Member ■□□□□□□□□□
    Sorry for the thread resurrection but I felt it better then creating a new one. Thanks for the responses and I have another question:

    I personally prefer to study books and other materials however my employers would like me to take the 5 day training course.

    Part of what I will receive is:
    • Course DVD loaded with case examples, tools, and documentation
    Is this the equivalent of a course textbook I can review until I take the exam? I am worried that I will forget some of the knowledge gained between the training session and the exam if I don't continue to review.

    @Docrice I have already read that book once but I will review anyways however do you recommend any other books as well?

    Thanks again.
  • LDRydrLDRydr Posts: 10Member ■□□□□□□□□□
    The course DVD's that came with my OnDemand FOR408 include a Win8 SIFT workstation (preloaded with all the tools and an OEM license for Win8, misc documents including **** sheets such as registry locations and event ID's, images for cases that are worked in the class and timeline spreadsheets. They won't include PDF's of the printed course material as they don't want them out in the wild. They also don't include any of the videos of the classes.

    If you prefer to study books and printed materials but your employer wants you to attend the class you should consider adding in the optional OnDemand for $599. This will give you both the in-person training plus the ability to do the class online as many times as you want for 4 months. Online you have access to videos and MP3's of the class lectures. It will expire the same time as your cert test if you're adding that in, too.

    I'm in the final preparation for my GCFE test, which I'll be taking on March 17th. I'm finding the ability to go back through the videos very valuable as I study for the test.

    Another good book you could pick up for a study guide is this: http://www.amazon.com/Digital-Forensics-Open-Source-Tools/dp/1597495867. And here's a great list of forensics open source software: http://windowsir.blogspot.com/p/foss-tools.html
  • ZiocahnZiocahn Posts: 8Member ■□□□□□□□□□
    Thanks LD, I will try to get a copy of that book and persuade my employer for the OnDemand bundle!
  • docricedocrice Posts: 1,706Member ■■■■■■■■■■
    There's a good chance I'll be taking 408 via OnDemand in the coming weeks. This is to prep for 508 in San Diego in May, plus it'll help me when I try my hand at NetWars DFIR. I don't do host forensics for a living, but it's a subject that I find interesting and it integrates nicely with the overall security responsibilities I have at work. I just wish the OnDemand specials at the moment were a bit better than the $300 value that's being offered.

    As a reference, if you're taking OnDemand (and not in conjunction with a live instruction class), here's the link:

    http://www.sans.org/online-security-training/specials
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • ZiocahnZiocahn Posts: 8Member ■□□□□□□□□□
    It seems best to take the on-demand for $500 extra with the on-site training or am I misunderstanding something?

    Pricing



    [TH="bgcolor: #676F7D"]Paid by Apr 2 ‡[/TH]
    [TH="bgcolor: #676F7D"]Paid by Apr 16 ‡[/TH]
    [TH="bgcolor: #676F7D"]Paid after Apr 16 ‡[/TH]
    [TH="bgcolor: #676F7D"]Options[/TH]


    $5,050
    $5,150
    $5,400
    GCFE Certification $599
    OnDemand $599


  • Psyco32Psyco32 Posts: 104Member ■■■□□□□□□□
    SANS is probably giving a discount if you pre-register for taking the course on-site. The On-Demand price is the price normally without discount.
    2014 GOALS
    > GMOB [MAR_2014] OSCP [MAY_2014] GREM [OCT_2014]
  • LDRydrLDRydr Posts: 10Member ■□□□□□□□□□
    docrice wrote: »
    I just wish the OnDemand specials at the moment were a bit better than the $300 value that's being offered.
    SANS Institute
    Roger that! I signed up for my FOR408 back when it was either $850 off, a Toshiba Windows ultrabook or a MacBook Air. I grabbed the MacBook as it was my first Mac and it was decent deal ($850 vs $1000 retail). I'll also need to be picking up additional Mac forensics skills going forward and some Mac tools only run on Mac (although FTK does a decent enough job with the file system).

    I'll probably do the same for FOR508 later this year, that is wait for the better discount that seems to come around each fall.
Sign In or Register to comment.