Options
Passed GCFE
Donklander
Member Posts: 47 ■■■□□□□□□□
in GIAC
FOR 500//Windows Forensics
Definitely had to prepare for this one differently, as most of my background was network related or high level concepts on systems. This is actually the first time for anything SANS I had to go go through OnDemand or the books more than once. However, I did learn quite a bit about how which interactions will create or modify artifacts.
Onto writing a whitepaper, which I've been dreading more than any class.
Definitely had to prepare for this one differently, as most of my background was network related or high level concepts on systems. This is actually the first time for anything SANS I had to go go through OnDemand or the books more than once. However, I did learn quite a bit about how which interactions will create or modify artifacts.
Onto writing a whitepaper, which I've been dreading more than any class.
Comments
-
Options
tboe
Member Posts: 44 ■■■□□□□□□□
Donklander said:FOR 500//Windows Forensics
Definitely had to prepare for this one differently, as most of my background was network related or high level concepts on systems. This is actually the first time for anything SANS I had to go go through OnDemand or the books more than once. However, I did learn quite a bit about how which interactions will create or modify artifacts.
Onto writing a whitepaper, which I've been dreading more than any class.
How much time did you spend on this one? any tips for prep? I would like to do this instead of GCIH towards the end of this month havent made up my mind just yet.. -
Optionspinksj
Member Posts: 89 ■■□□□□□□□□
Hi There congratulation on passing. I am taking this exam next week and wanted to see what advice would you have. I have vast experience in security side from Security Administration, Security Engineering to Incident Response side. But first time venturing into Forensics. Enjoyed the class by Rob Lee. Finished with the Index of the book and locations of various artifacts. Working on the exercises.
-
OptionsRandy_Randerson
Member Posts: 115 ■■■□□□□□□□
Registrypinksj said:Hi There congratulation on passing. I am taking this exam next week and wanted to see what advice would you have. I have vast experience in security side from Security Administration, Security Engineering to Incident Response side. But first time venturing into Forensics. Enjoyed the class by Rob Lee. Finished with the Index of the book and locations of various artifacts. Working on the exercises.
Windows Event Log ID's
Email Headers
Go through the labs with multiple tools just to be sure you understand what you're looking at. Things like difference between IE and Edge browsers can trip you up if you're not familiar with specific artifacts are attributed to which versions.
A solid index goes a long way with this class. Thankfully the books are condensed into as few as possible to make it a lot easier in my opinion.
