Anyone have the GCFA?

pysicalpysical Member Posts: 6 ■□□□□□□□□□
I will be taking a course soon that includes a 6 day GCFA boot camp. I already have the Sec+ and that was a nervous test. Got a 810 on it though. Is the GCFA easier than that? I know it is open book but I assume not every question is going to just be a quick lookup and that you will need to think out the answers. I already have a solid 20-30 page index ready to go (from someone in a previous class). Just trying to see if anyone can give me any feedback on it.

Thanks.

Comments

  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    I haven't tested for the GCFA, so someone else will have to speak to the exam.

    I have however taken SANS FOR508 which is the material GCFA covers. The material tested on by the GCFA is the most comprehensive enterprise forensics and incident response coursework available. Conversely, Security+ is an entry-level certification. They are not in the same universe...
  • gwood113gwood113 Member Posts: 66 ■■■□□□□□□□
    GIAC tests and CompTIA tests are not comparable; the GIAC ones are much further in depth imo. I found GCFA to be hard. However, with the appropriate effort, I was able to pass it without any prior forensic experience.

    From your mention of looking answers up I assume this is your first GIAC test so here's my general advice:

    Every answer to every question on the test is in the books (GCFA has 6 I think). That said you will not have enough time to flip through the book to look up said answers on the test so an index is a very helpful tool. Each entry in your index should consist of keyword, book #, page #, and a description detailed enough for you to define the keyword.

    Don't use your friend's index (at first) go through the books to build your index from scratch. You can integrate your friend's work after that if you wish.

    The reason for this is two fold: it helps you study the material and people are different so his notes might not make sense to you when it's test time.

    TL;DR: GIAC tests are hard (i consider GCFA the hardest I've taken) , make your own index, i passed without any prior forensic experience
  • quogue66quogue66 Member Posts: 193 ■■■■□□□□□□
    I took the GCFA and it was the most difficult GIAC exam I have taken. Memory forensics was completely new to me and I dedicated a lot of time to the labs, studying and indexing the books. I have not taken the Sec+ and I don't know anyone that has. I think it is considered to me the most entry level security cert. I would say that GCFA is much more difficult than Sec+
  • BlackBeretBlackBeret Member Posts: 683 ■■■■■□□□□□
    So aside from comparing an entry level CompTIA cert and an experienced level GIAC cert... if it hasn't jumped out at you from the other posts yet, GCFA is a technical forensics certification. It's not related to Sec+ at all. If you've previously worked as a forensic analyst it might be easier than Sec+. If you've never worked in IT security and you're still learning then don't expect the exam to be anything resembling easy. You also should not worry about the exam at this point, you should focus on going to the class and learning as much as possible.
  • sb97sb97 Member Posts: 109
    I am taking the For508 class and exam this year (I think). I did the For408 course and GCFE exam last year. There were people in the class who had already taken the GCFA and said it was difficult. They compared it to the CISSP in terms of difficulty.
  • pandimuspandimus Member Posts: 651
    Passed GCFA today. It was miserable. Even with a good index, and taking both practise tests. The thing about GFCA is they dont play with words. There are not two answers that are kinda right, like comptia does. There is only one answer that is 100% correct. Albeit, If you dont know the answer, good luck finding it. I did take the FOR508 class in january. It definitly gave me a good primer, but I would say these certs are definitly geared toward people in the field. You not gonna buy your way in, like comptia/Eccouncil
    Xinxing is the hairy one.
  • MalwareMikeMalwareMike Member Posts: 147 ■■■□□□□□□□
    Great thread. I've thought about taking the GCFA but I'm not so sure now haha
    Current: GSEC, GCIH, GCIA, GWAPT, GYPC, RHCSA, WCNA
    2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
    Twitter: https://twitter.com/Malware_Mike
    Website: https://www.malwaremike.com

  • Randy_RandersonRandy_Randerson Member Posts: 115 ■■■□□□□□□□
    This is my favorite course and really is inline with my day-2-day job. Here is the thing I will tell you about this cert. You better know the material. As with any other SANS course, if you do not know what output results of tools are -- you'll have a bad time. The whole pretense of this cert is that you can do an IR/Forensic investigation without needing some fancy $10k tool. So that means, can you interpret the outputs and know what you are looking at? Do you know what plugins you would use for memory forensics to see parent processes? etc.

    Yes, it is a difficult test. But nothing in life would be worth it if you didn't have to put forth extra effort to achieve it.
Sign In or Register to comment.