GCFE Passed!
Whew! This one was a lot of work for me. My background is more on the network side as an intrusion analyst. I dont have as much background on the host side. I had a pretty steady line from my two practice tests to my final exam.
I may have over prepared a bit for this exam in terms of bringing material. I indexed my books (The biggest step), did a table of contents, transcribed the "Evidence of" poster into excel, printed some event log references, some FTK reference material, and some data about the FAT file system. In the end, I just used the table of contents, index and the data from the poster.
One thing I did to help me prepare was listen to the first seven episodes of the Digital Forensics Survival Podcast from iTunes. The guy that puts that together does Udemy classes I think. They wont replace the SANS training but they did cover some of the basics.
I thought this was the hardest of the three GIAC cert tests I have taken. I had to refer to my notes far more than I did for the GCIA or GICSP. The exam took me 2:45 although I did spend time double checking answers that I knew were right.
Next up for me will depend on work. I am waiting for approval to take For508 and the GFCA (I am working through Art of memory forensics on my own). Depending on the timing of that I may go for a CISSP next.
- Practice 1 = 76%
- Practice 2 = 81%
- Exam = 86%
I may have over prepared a bit for this exam in terms of bringing material. I indexed my books (The biggest step), did a table of contents, transcribed the "Evidence of" poster into excel, printed some event log references, some FTK reference material, and some data about the FAT file system. In the end, I just used the table of contents, index and the data from the poster.
One thing I did to help me prepare was listen to the first seven episodes of the Digital Forensics Survival Podcast from iTunes. The guy that puts that together does Udemy classes I think. They wont replace the SANS training but they did cover some of the basics.
I thought this was the hardest of the three GIAC cert tests I have taken. I had to refer to my notes far more than I did for the GCIA or GICSP. The exam took me 2:45 although I did spend time double checking answers that I knew were right.
Next up for me will depend on work. I am waiting for approval to take For508 and the GFCA (I am working through Art of memory forensics on my own). Depending on the timing of that I may go for a CISSP next.
Comments
That will depend on your comfort level with Windows Forensics in the context of proving file use and knowledge. One resource that helped me was the Digital Forensics Survival Podcat (Digital Forensic Survival Podcast – "Sharpen your computer forensic skills!"). It wont replace the course but it will help you learn the basics about some of the artifacts you will study in the course. The first 7 podcasts are pretty relevant to the course.