Join Us!

Notifications
Clear all

FOR 585 Advanced Smartphone Forensics  

  RSS
Vesalius
(@vesalius)
Member

So I will be going on the FOR 585 soon, and I was wondering if any of you have had experience on the course, or if anyone can just give me general advice on how to be prepared and what I'm looking at, I've obviously looked at the course material and etc. but if any of you guys have been on the course and can give me some extra advice I'd be grateful.

Quote
Posted : 06/04/2017 12:26 pm
MDCR
 MDCR
(@mdcr)
Active Member

I haven't taken that course, but i've had SANS training earlier and if you're going abroad, the most important thing to bring is a power adapter and maby a extension cord, the power strips they have can sometimes be a bit short, and you don't want to run around town trying to find electronics gear during a break - been there done that.

Check that your laptop matches the minimum laptop specs, cam be a problem running some VMs if you only got 2GB memory. If you get the course material at the reception in the evening before the course, please extract images, tools and VMs at once so you don't have to worry about that when in class. You will also find any problems and solve them early instead of wasting time in class.

Finally, enjoy yourself and don't forget to explore the town. Most course attendees tend to hang around in the hotel or the training facility, I've gone out with my camera at the end of the day, exploring the town and hitting the restaurants hard D

ReplyQuote
Posted : 07/04/2017 2:36 am
Bulldawg
(@bulldawg)
Active Member

There's not much you can do to prepare in advance. If you feel like you must read something Heather Mahalik, one of the course authors and instructors, has a book she's co-authored using mostly open source tools. https://www.packtpub.com/books/info/authors/heather-mahalik

Otherwise, just make certain your computer is up to the minimum specs, like MDCR said. FOR 585 will be using smaller evidence files than something like FOR 408, but you still need quite a bit of RAM to dedicate to your VM, and fast storage isn't a bad idea either.

Show up awake and ready to learn. There's a ton of material in the books and the class moves very fast.

ReplyQuote
Posted : 08/04/2017 12:47 am
Vesalius
(@vesalius)
Member

These replies are outstanding, thank you guys!

ReplyQuote
Posted : 10/04/2017 12:57 pm
dandaman_24
(@dandaman_24)
Active Member

I have taken the FOR585 course, i opted for the distance learning option. Having all course notes shipped to me to work from home.

I was very sceptical of 'working from home' as we all know learning at home can sometimes be a bit of a non go-er !

However the course structure with its online presentations i thought was really really good. The presentation was backed up with in depth notes provided. You also get a USB with all the material on, VM software and Windows 10 license.

It is a costly course, i would definitely recommend it.

ReplyQuote
Posted : 10/04/2017 3:28 pm
HeatherM
(@heatherm)
New Member

Are you taking the class in London next month? If so, I look forward to seeing you there. You honestly do not need to read anything in advance, just make sure you bring a laptop that meets the requirements as others have said. I promise to entertain you with a good course. See you soon!

ReplyQuote
Posted : 13/04/2017 9:03 pm
Randy_Randerson
(@randy_randerson)
New Member

I have taken the course and also hold the GASF cert that goes along with it.

Best thing to do in order to prepare is make sure you have a Windows laptop with you. While they'll supply a VM with all the tools in it if something isn't working you'll have your own OS that you can play with.

You'll use all the tools Cellebrite, Oxygen, XRY, IEF, etc. Unless they moved stuff around in the class now the first day is hunting for malware on an Android OS. They'll go over basics like finding out if a phone was rooted/jailbroken and how to determine that.

I'll be interested to see what they did as well with the iOS since 10.3 just released with the new file system for the devices. Not sure how much it changed since I haven't seen it in the wild yet.

Keep your eyes and ears open during the entire thing if you plan on taking the cert. I found this course meshed VERY well with the SEC575 Mobile Device Security and Ethical Hacking course that SANS has as well.

Good luck!

ReplyQuote
Posted : 14/04/2017 12:26 am
the_Grinch
(@the_grinch)
Active Member

Is this course useful if you have completed a number of courses in phone forensics? I've been through the battery of XRY training (Advanced Acquisitions and Advanced Apps Analysis as well as their foundational level courses).

ReplyQuote
Posted : 14/04/2017 6:22 am
MDCR
 MDCR
(@mdcr)
Active Member

Is this course useful if you have completed a number of courses in phone forensics? I've been through the battery of XRY training (Advanced Acquisitions and Advanced Apps Analysis as well as their foundational level courses).

Most of their courses are VERY hands on and not product specific. If you do not know how things work on a basic level outside a vendors point and click program, you may find it hard to keep up.

ReplyQuote
Posted : 14/04/2017 1:36 pm
Randy_Randerson
(@randy_randerson)
New Member

Is this course useful if you have completed a number of courses in phone forensics? I've been through the battery of XRY training (Advanced Acquisitions and Advanced Apps Analysis as well as their foundational level courses).

Absolutely! But it depends on who is teaching it too I would guess. I took it with Heather (course creator) and she really went into the weeds on how to actually verify the data. That was one of the big things I took away from the entire course no one tool is perfect and you'll most likely get some wonky results from time to time. Having more than one tool to verify your findings is critical.

Be ready to look at hex a lot in this class.

ReplyQuote
Posted : 14/04/2017 8:05 pm
the_Grinch
(@the_grinch)
Active Member

Excellent, might try to get work to spring for the course then. My vendor specific training covered the use of their tool, but also dove into hex, python, and app analysis in the event we ran into apps they did not support, but needed information from. My background is in cybersecurity so while my forensic knowledge is newer I know my way around hex, coding and the command line. Thanks for the info!

ReplyQuote
Posted : 14/04/2017 9:48 pm
Vesalius
(@vesalius)
Member

I have taken the course and also hold the GASF cert that goes along with it.
Good luck!

How would I go about to get the GASF, I would like to get the GASF as you did, do I just study the material I receive after the course then apply near a vendor of mines that provides the exam? Do I just study the specific material I receive in the 585 course to be successful in the exam?
And Thanks!

ReplyQuote
Posted : 14/05/2017 1:40 pm
Share: