GCFE Passed!
Whew! This one was a lot of work for me. My background is more on the network side as an intrusion analyst. I dont have as much background on the host side. I had a pretty steady line from my two practice tests to my final exam.
I may have over prepared a bit for this exam in terms of bringing material. I indexed my books (The biggest step), did a table of contents, transcribed the "Evidence of" poster into excel, printed some event log references, some FTK reference material, and some data about the FAT file system. In the end, I just used the table of contents, index and the data from the poster.
One thing I did to help me prepare was listen to the first seven episodes of the Digital Forensics Survival Podcast from iTunes. The guy that puts that together does Udemy classes I think. They wont replace the SANS training but they did cover some of the basics.
I thought this was the hardest of the three GIAC cert tests I have taken. I had to refer to my notes far more than I did for the GCIA or GICSP. The exam took me 2:45 although I did spend time double checking answers that I knew were right.
Next up for me will depend on work. I am waiting for approval to take For508 and the GFCA (I am working through Art of memory forensics on my own). Depending on the timing of that I may go for a CISSP next.
- Practice 1 = 76%
- Practice 2 = 81%
- Exam = 86%
I may have over prepared a bit for this exam in terms of bringing material. I indexed my books (The biggest step), did a table of contents, transcribed the "Evidence of" poster into excel, printed some event log references, some FTK reference material, and some data about the FAT file system. In the end, I just used the table of contents, index and the data from the poster.
One thing I did to help me prepare was listen to the first seven episodes of the Digital Forensics Survival Podcast from iTunes. The guy that puts that together does Udemy classes I think. They wont replace the SANS training but they did cover some of the basics.
I thought this was the hardest of the three GIAC cert tests I have taken. I had to refer to my notes far more than I did for the GCIA or GICSP. The exam took me 2:45 although I did spend time double checking answers that I knew were right.
Next up for me will depend on work. I am waiting for approval to take For508 and the GFCA (I am working through Art of memory forensics on my own). Depending on the timing of that I may go for a CISSP next.
Comments
-
sb97
Member Posts: 109
I have a bit more background in the GCFA material. I do get involved with IR work. I am really looking forward to that class (Assuming I get the approvals) -
quogue66
Senior Member Member Posts: 176 ■■■□□□□□□□
Congrats...this was a little difficult for me, too. I think the GCFA has been the most difficult over all. -
sb97
Member Posts: 109
Some people in my 408 class had already taken the 508 class and test (GCFA). They said the test was really hard. They compared it to the CISSP in terms of difficulty.
-
hangman
Member Posts: 9 ■■□□□□□□□□
Congrats!! I'm taking the FOR408 in the summer and would like to read ahead on Forensic stuff. Any recommendations for which book I should start reading? THanks!
-
sb97
Member Posts: 109
Congrats!! I'm taking the FOR408 in the summer and would like to read ahead on Forensic stuff. Any recommendations for which book I should start reading? THanks!
That will depend on your comfort level with Windows Forensics in the context of proving file use and knowledge. One resource that helped me was the Digital Forensics Survival Podcat (Digital Forensic Survival Podcast – "Sharpen your computer forensic skills!"). It wont replace the course but it will help you learn the basics about some of the artifacts you will study in the course. The first 7 podcasts are pretty relevant to the course.
