FOR 585 Advanced Sm...
 
Notifications
Clear all

FOR 585 Advanced Smartphone Forensics

12 Posts
7 Users
0 Likes
1,560 Views
Vesalius
(@vesalius)
Posts: 66
Estimable Member
Topic starter
 

So I will be going on the FOR 585 soon, and I was wondering if any of you have had experience on the course, or if anyone can just give me general advice on how to be prepared and what I'm looking at, I've obviously looked at the course material and etc. but if any of you guys have been on the course and can give me some extra advice I'd be grateful.

 
Posted : 06/04/2017 11:26 am
MDCR
 MDCR
(@mdcr)
Posts: 376
Reputable Member
 

I haven't taken that course, but i've had SANS training earlier and if you're going abroad, the most important thing to bring is a power adapter and maby a extension cord, the power strips they have can sometimes be a bit short, and you don't want to run around town trying to find electronics gear during a break - been there done that.

Check that your laptop matches the minimum laptop specs, cam be a problem running some VMs if you only got 2GB memory. If you get the course material at the reception in the evening before the course, please extract images, tools and VMs at once so you don't have to worry about that when in class. You will also find any problems and solve them early instead of wasting time in class.

Finally, enjoy yourself and don't forget to explore the town. Most course attendees tend to hang around in the hotel or the training facility, I've gone out with my camera at the end of the day, exploring the town and hitting the restaurants hard D

 
Posted : 07/04/2017 1:36 am
Bulldawg
(@bulldawg)
Posts: 190
Estimable Member
 

There's not much you can do to prepare in advance. If you feel like you must read something Heather Mahalik, one of the course authors and instructors, has a book she's co-authored using mostly open source tools. https://www.packtpub.com/books/info/authors/heather-mahalik

Otherwise, just make certain your computer is up to the minimum specs, like MDCR said. FOR 585 will be using smaller evidence files than something like FOR 408, but you still need quite a bit of RAM to dedicate to your VM, and fast storage isn't a bad idea either.

Show up awake and ready to learn. There's a ton of material in the books and the class moves very fast.

 
Posted : 07/04/2017 11:47 pm
Vesalius
(@vesalius)
Posts: 66
Estimable Member
Topic starter
 

These replies are outstanding, thank you guys!

 
Posted : 10/04/2017 11:57 am
(@dandaman_24)
Posts: 172
Estimable Member
 

I have taken the FOR585 course, i opted for the distance learning option. Having all course notes shipped to me to work from home.

I was very sceptical of 'working from home' as we all know learning at home can sometimes be a bit of a non go-er !

However the course structure with its online presentations i thought was really really good. The presentation was backed up with in depth notes provided. You also get a USB with all the material on, VM software and Windows 10 license.

It is a costly course, i would definitely recommend it.

 
Posted : 10/04/2017 2:28 pm
(@heatherm)
Posts: 1
New Member
 

Are you taking the class in London next month? If so, I look forward to seeing you there. You honestly do not need to read anything in advance, just make sure you bring a laptop that meets the requirements as others have said. I promise to entertain you with a good course. See you soon!

 
Posted : 13/04/2017 8:03 pm
(@randy_randerson)
Posts: 24
Eminent Member
 

I have taken the course and also hold the GASF cert that goes along with it.

Best thing to do in order to prepare is make sure you have a Windows laptop with you. While they'll supply a VM with all the tools in it if something isn't working you'll have your own OS that you can play with.

You'll use all the tools Cellebrite, Oxygen, XRY, IEF, etc. Unless they moved stuff around in the class now the first day is hunting for malware on an Android OS. They'll go over basics like finding out if a phone was rooted/jailbroken and how to determine that.

I'll be interested to see what they did as well with the iOS since 10.3 just released with the new file system for the devices. Not sure how much it changed since I haven't seen it in the wild yet.

Keep your eyes and ears open during the entire thing if you plan on taking the cert. I found this course meshed VERY well with the SEC575 Mobile Device Security and Ethical Hacking course that SANS has as well.

Good luck!

 
Posted : 13/04/2017 11:26 pm
(@the_grinch)
Posts: 136
Estimable Member
 

Is this course useful if you have completed a number of courses in phone forensics? I've been through the battery of XRY training (Advanced Acquisitions and Advanced Apps Analysis as well as their foundational level courses).

 
Posted : 14/04/2017 5:22 am
MDCR
 MDCR
(@mdcr)
Posts: 376
Reputable Member
 

Is this course useful if you have completed a number of courses in phone forensics? I've been through the battery of XRY training (Advanced Acquisitions and Advanced Apps Analysis as well as their foundational level courses).

Most of their courses are VERY hands on and not product specific. If you do not know how things work on a basic level outside a vendors point and click program, you may find it hard to keep up.

 
Posted : 14/04/2017 12:36 pm
(@randy_randerson)
Posts: 24
Eminent Member
 

Is this course useful if you have completed a number of courses in phone forensics? I've been through the battery of XRY training (Advanced Acquisitions and Advanced Apps Analysis as well as their foundational level courses).

Absolutely! But it depends on who is teaching it too I would guess. I took it with Heather (course creator) and she really went into the weeds on how to actually verify the data. That was one of the big things I took away from the entire course no one tool is perfect and you'll most likely get some wonky results from time to time. Having more than one tool to verify your findings is critical.

Be ready to look at hex a lot in this class.

 
Posted : 14/04/2017 7:05 pm
Page 1 / 2
Share: