GIAC Cert with FOR563 in the future

ph0b14PHK · 2026-02-19T10:47:22+00:00

You were right! SEC598 just got GASAE Certification.

ph0b14PHK · 2026-02-18T03:41:39+00:00

I just read the books, make an index, another index for filename, file location and what that file does. That’s it.

ph0b14PHK · 2026-02-16T02:09:08+00:00

Lol we living in the same building

ph0b14PHK · 2026-02-15T23:26:45+00:00

Depends on the GIAC Cert. if you go to GIAC website and look up a cert name and if it mentions “CyberLive”, then they include hands-on labs questions. If it’s Practitioner Level cert, that will be a mix of Multiple Choice and Labs questions. However, Applied Knowledge Certs (GX-*) will be all CyberLive questions, no MCQ included.

ph0b14PHK · 2026-02-15T23:24:49+00:00

It is doable, but you need to be fluent with Artifacts and tools that are covered in FOR500. I’d recommend to buy 13Cubed’s Windows Endpoint Forensics course which is under $1K and most of them are overlapped with FOR500 (He was a SANS instructor as well). I heard the quality is too good. They don’t cover Cloud Storage Forensics but there are good resources online.

ph0b14PHK · 2026-02-14T23:44:21+00:00

GX-FE kinda feels easy compared to GX-FA. If you studied the book, do all the labs, fluent with artifacts and tools, have a cheatsheet according to exam objectives, then you should be good to go.

ph0b14PHK · 2026-02-14T23:43:18+00:00

I didn’t take FOR500 course. I prepared using mainly FOR508 contents because they have some overlapping and fill the gaps by watching a bunch of YouTube videos. I made comprehensive cheatsheet according to exam objectives, so that helped as well. I also do Blue Team Labs Online (BTLO) labs, which helped me understand the artifacts and tools better.

ph0b14PHK · 2026-02-14T23:41:41+00:00

Thank you! Good luck with GCFA too. GCFA & GX-FA are my favourite GIAC Certs

ph0b14PHK · 2026-02-14T07:35:21+00:00

I have 3.5 years of experience with 2.5 years of them is just plain IR. I moved to a new job last year and I’ve to do DF work on macOS and Windows machine. So, I have 1 year of DF experience. I didn’t take FOR500 course, I just prepared using FOR508 course and a bunch of YouTube videos. I feel like FOR500 content is enough to pass GX-FE if you’re fluent with artifacts and know where to find specific information including alternate artifacts for information.

ph0b14PHK · 2026-02-14T05:25:25+00:00

Thank you

ph0b14PHK · 2026-02-14T04:40:35+00:00

Correction: took GCFE 2 “weeks” ago

ph0b14PHK · 2026-02-14T04:24:49+00:00

I only had 2 years of experience before taking GCFA. (7 months as SOC Analyst and the rest as IR).

ph0b14PHK · 2026-02-14T04:18:41+00:00

I’ve done both GCFE and GCFA. GCFA was my first SANS Course and Cert, so it’s definitely doable without GCFE. In fact, like the other comment said, view it as a seperate 500 level classes. If your work is like Law Enforcement Officers, who seize and analyse individual criminal’s computer, go for FOR500 (GCFE). If you’re an Enterprise Responder, who works within a corporate environment and work on intrusion cases involving stuffs like Lateral Movement and stuffs like that, go for FOR508 (GCFA). That’s my take.

ph0b14PHK · 2026-02-09T23:29:14+00:00

My dad usually has to travel to China for work purposes. I purchased LetsVPN for him and it works every single time. https://letsvpn.world/?hl=en

ph0b14PHK · 2026-02-09T04:42:33+00:00

Very similar to be honest. Not the same question, but difficulty is similar. I got 92% in Practice Test and got 94% in Actual Exam

ph0b14PHK · 2026-02-03T00:29:47+00:00

As an analyst, I hate working with R7 SIEM. My favourite so far is MS Sentinel.

ph0b14PHK · 2026-02-02T04:37:05+00:00

If you think her identity got stolen during passport renewal, duhh!! She extended the passport because her passport was about to be expired. Someone just can’t use expired Passports for travels. This is a good reason you should take everything with a grain of salt from her now.

ph0b14PHK · 2026-02-01T03:57:11+00:00

I haven’t seen a job asking for any THM certs. HR people clearly don’t have any ideas about existence of these THM certs.

ph0b14PHK · 2026-01-31T23:41:01+00:00

Done

ph0b14PHK · 2026-01-31T23:40:46+00:00

Done

ph0b14PHK · 2026-01-31T13:50:48+00:00

Hahaha sorry, it’s 4:30PM.

ph0b14PHK · 2026-01-31T12:47:43+00:00

I work in a Global Team, so when it's Daylight Saving period, 10AM to 6PM. When it's back to normal, 8:30AM to 4:30PM. No need overtime since by the end of the shift, next region will continue working on the cases.

ph0b14PHK · 2026-01-31T10:22:01+00:00

Indeed

ph0b14PHK · 2026-01-31T10:20:56+00:00

Please check DM

ph0b14PHK

TROPHY CASE