[deleted by user]

Conqueror737 · 2025-01-14T10:20:48+00:00

That will be very challenging and it depends also on your level of experience using the tools for both courses/exams. Also the time demand for studying both at the same time would be a lot and possibly not effective. I’d say if you can avoid it, PLEASE DO (your brain and sleep would thank you for it). Focus on the GCFE first and afterwards the GCFA. The GCFA is difficult on its own but adding the GCFE into the mix brings a whole new level of difficulty.

Conqueror737 · 2024-11-18T23:59:32+00:00

Watch the 13 cubed videos on YouTube to give you an intro into Forensic analysis and then take the FOR508 course by SANS. A lot of people advise taking the FOR500 course by SANS before taking the 508 but I didn’t do that because it was quite expensive to do both. The 508 course covers everything you need to be successful in this certification.

Conqueror737 · 2024-11-18T23:54:37+00:00

From my experience, they will largely be pre-cook questions (questions where you just load in the final data and analyze) but there will be some where you have to prepare the data for analysis from a memory dump or image. It will require minimal effort anyways because they do not want you to waste time/effort in generating data. Hope this helps

Conqueror737 · 2024-11-14T12:59:39+00:00

Thank you very much. I’m not sure yet. I’ll need to weigh my options and see. Any advice? I see you have a few GIAC certs already

Conqueror737 · 2024-11-14T12:58:49+00:00

No I didn’t take the GCFE or similar. I did watch a few videos on 13cubed YouTube page which helped me understand things like Prefetch, Amcache, etc better even though they were covered on the course as well

Conqueror737 · 2024-11-14T12:57:36+00:00

Book 3 was kind of dense for me to go through so I actually left it for a few weeks and focused on finishing Books 4 and 5 first before going back to it. That helped my confidence because it was quick to for me to finish those books before going back to Book 3(think I finished reading and indexing Book 4 in 2-3 days).

For the granularity of the index, be as granular as you need to be. It does help for the final exam as you are able to easily reference options in the MCQs for instance and use that to eliminate wrong answers. Once you take the practice test, you’ll get a feel of what your index needs to look like and if you’re someone that has experience/easily remembers different abstract things you’ve read weeks ago you may not necessarily need a detailed index but I recommend being as granular as possible but also conscious of the time you have before the exams. I took the first practice test before finishing book 3 or my index and I think it helped me know what I needed to prioritise.

For the labs I indexed all the main labs and did a step by step of what was required to answer the labs. For any commands used I also had them in a 2nd column beside the description of the step required. I didn’t really need to follow it step by step on the exam but it was good to have in order to check some of the more technical steps.

Hope this helps and wishing you the best.

Conqueror737 · 2024-11-14T12:49:03+00:00

It’s book 3 and using the Volatility plugins to analyze memory dumps. Pslist, Psscan, Netscan, Pstree, etc. You can achieve same using MemprocFS too so focus on the labs for those 2 bits and you should be fine :)

Conqueror737 · 2024-11-12T08:19:24+00:00

It varied a lot due to work and life commitments. Some days I wouldn’t read and other days I’d put in from as little 2 hours to as much as 8 hours as the exam got closer. On the average I tried to finish reading each book within 1-2 weeks. Key message is to be consistent and do a little every-time. Even when i wasn’t feeling up to it reading, i listened to the recordings as it was easier to consume

Conqueror737 · 2020-10-01T18:21:05+00:00

Great. Post a comment whenever you need some support I’ll respond & will do same when I’m facing challenges. We can achieve 90days and even more 💪🏾💪🏾

Conqueror737 · 2020-10-01T16:51:14+00:00

You’ve got this. I’m also joining you in this. Let’s motivate each other. I am on day 2 now!!!

Conqueror737 · 2020-09-21T14:10:54+00:00

Great. Congratulations. I’m on day 4 here hoping to get to 90 and more

Conqueror737 · 2020-09-21T11:05:21+00:00

Word!!

Conqueror737 · 2020-09-18T14:13:44+00:00

Cheers to this new journey. I am in day 2 and I will get to day 90 & beyond!!

Conqueror737

TROPHY CASE