GCIA passed. Now what?

justSomeGuyjustSomeGuy Registered Users Posts: 4 ■□□□□□□□□□
I just passed my GCIA exam today and was curious as to what other SANs certs others have moved onto from there. I work mostly with IDS, netflow, and pcap solutions, so I was considering FOR 572 - Advanced Network Forensics and Analysis. Does anyone have feedback on this one? I'm also considering 501 or 504, but am unsure if those will be useful. Any feedback would be appreciated. Thanks!

Comments

  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    The foundation of the GIAC certs are the GSEC, GCIH, and GCIA. If you are looking towards the GSE then the GCWN and GCUX are recommended too. All of the other GIAC cert are specialty branches as shown on the GIAC Certification Roadmap.
  • justSomeGuyjustSomeGuy Registered Users Posts: 4 ■□□□□□□□□□
    Thanks! I was considering the Linux hardening one, but network forensics is something I actually enjoy, hence my curiosity about 572. I've only found 1 thread on it and the exam was never taken.
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    One thing that interests me in SANS digital forensics training is that "incident handling" is also thrown in to those classes too. I assume this refers to the use of forensics in incident investigation, but I'm interested to know if any of the FOR classes describe in more detail the overall incident response/handling process than is covered in SANS SEC504.
  • DAVIS NGUYENDAVIS NGUYEN Member Posts: 1,472 ■■■□□□□□□□
  • justSomeGuyjustSomeGuy Registered Users Posts: 4 ■□□□□□□□□□
    Is GCIH just as technical and difficult as GCIA. I'm considering picking that up before heading on to any advanced certs. For context, when studying for GCIA, I put in about 4 days of dedicated studying and did both practice exams the day before the actual one. Did not touch the labs, although I had plenty of Snort/Silk/tcpdump experience.
  • gwood113gwood113 Member Posts: 66 ■■■□□□□□□□
    @justSomeGuy
    FOR572 is the only other real network focused class. You'll like it since you're already familiar with silk. GCIH is more mostly host focused centering on beginner pentesting skills. I would not consider it as technically challenging as GCIA. At least not in the same way.

    @JDMurray
    FOR508 the host forensic class goes into incident handling pretty well. FOR508, 572, and 610 are the IR team triad: host, network, and malware.
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    I only see Windows forensics and mobile (Android) forensics SANS classes. Do any of the SANS forensics classes also cover UNIX (iOS) or Linux (other than Android) forensics?
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    With your skills you should be good to go for FOR572, go for it!
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


  • gwood113gwood113 Member Posts: 66 ■■■□□□□□□□
    508 covers *nix environments in the course books, but all of the forensic practice is on windows targets (hhd images, memory images, etc.)

    Given the variety and nuance of the countless flavors of Linux I doubt the DIFR team will ever produce a generic Linux forensic course. You could probably conduct effective host forensics applying the tools and methods from 508 with a little practice though.
  • GirlyGirlGirlyGirl Member Posts: 219
    JDMurray wrote: »
    I only see Windows forensics and mobile (Android) forensics SANS classes. Do any of the SANS forensics classes also cover UNIX (iOS) or Linux (other than Android) forensics?

    I took the 575 Course less than 6months ago.

    I see that you are the mod for the Java and Developers forums. If you are indeed knowledgeable in those areas some of the 575 course will not be new to you. It covers iOS/Android and the wearable devices. It might have touched slightly on the tablet I don't recall. Google devices were touched on slightly if my memory serves me correct. It is more backend development and frontend applications/security/app manipulations/API, etc. That's the majority of it. I don't believe any Linux/Unix was in any of my books. If it was it wasn't much of it.
  • lostsollostsol Member Posts: 18 ■□□□□□□□□□
    I just passed my GCIA exam today and was curious as to what other SANs certs others have moved onto from there. I work mostly with IDS, netflow, and pcap solutions, so I was considering FOR 572 - Advanced Network Forensics and Analysis. Does anyone have feedback on this one? I'm also considering 501 or 504, but am unsure if those will be useful. Any feedback would be appreciated. Thanks!
    I'd highly recommend FOR572. I haven't taken 503 yet, but am planning it. How did it handle encrypted packets? Also, a new course was released, SEC555 on SIEMs.
  • silverclericsilvercleric Member Posts: 1 ■■■□□□□□□□
    Hello,
    I believe that this document may be of help - a visual representation of the different "paths" is found on page 2 of the document.
    https://www.sans.org/media/security-training/apac_2017_brochure.pdf
    please note that the training dates are for the APAC region.
    HTH
Sign In or Register to comment.