Notifications
Clear all

GCFA v. GCFE

16 Posts
10 Users
0 Likes
5,822 Views
(@forensics_ma)
Posts: 4
New Member
Topic starter
 

Hi guys,

I'm trying to decide between attempting the GCFE now or waiting a bit and trying for the GCFA once I gain more experience and training. From what I can tell, the GCFA looks to cover the main areas of the GCFE and then some (namely, linux and memory forensics). It seems like the GCFA is a bit more advanced certification than the GCFE.

My question is, does it serve any purpose to attempt the GCFE now if I later plan on trying for the GCFA? Are there any benefits to having the GCFE instead of the GCFA? Is there any reason to have both?

Thanks guys

 
Posted : 29/08/2011 6:26 pm
(@forensics_ma)
Posts: 4
New Member
Topic starter
 

Anyone?

 
Posted : 31/08/2011 5:56 am
ballydehob
(@ballydehob)
Posts: 14
Active Member
 

I've done both. Do not assume GCFE is in any way inferior to or easier than GCFA. I found the GCFE test actually harder (than GCFA) and totally as comprehensive. It is NOT a junior GCFA course! Its focus is just adapted to the day-to day forensic examiner. I think the choice (if there is one) should be based on what you do. As a forensic examiner, GCFE makes more sense, to begin with, based on the abundance of Windows cases. GCFA might be a first choice for a IR guy. The combo is great when you have time. It's ultimately about expanding your skills and horizon.\\

S.Devlin, MA AG Office, Boston, MA

 
Posted : 31/08/2011 8:26 am
(@forensics_ma)
Posts: 4
New Member
Topic starter
 

Thanks for the response, that helps a lot. I'm still thinking I may want to hold off for the GCFA, but you've cleared up some apparent misconceptions of mine.

 
Posted : 01/09/2011 7:03 am
(@joshsevo)
Posts: 89
Trusted Member
 

I thought that you needed to do the GCFE first. Either way I am taking the GCFE on Sept 14th @ 2 pm. I took the SANS 408 course in May and have just a few days left till it expires (Sept 19th).

So I have all my books, bookmarked and ready to go. Pretty stoked about this test.

I can let you know how the test is once I complete it.

 
Posted : 06/09/2011 11:58 pm
(@diorillo)
Posts: 2
New Member
 

Hope you passed the GCFE test.

I too took the SANS 408 course in May in have co-workers who took the 508 course. They are entirely different courses and cover very different things.

The 408 course (GCFE) is a very good broad over view of computer forensics using both open source and standard tool suites (primarily FTK). It gives a good spread of coverage over different topics and tools to use for Windows based forensics. The test was not easy and it took the better part of the 4 hours for me to take it.

The 508 course is entirely in Linux. Both courses provide you with a VM SIFT kit with all of the tools they discuss. The 508 course provides Windows forensics using linux based command line.

If you do not know Linux, or are not really familiar with Computer forensics than I suggest the 408 course and test for GCFE.

 
Posted : 21/09/2011 8:17 am
(@joshsevo)
Posts: 89
Trusted Member
 

Good luck with the GCFE I just took it last week and bombed it bad. It was so hard. Hardest test I've ever taken. The books I got from the SANS 408 course didn't help that much at all.

I took the practice tests and did pretty good but the real test had no similar questions and the only way of knowing some of the stuff was to have a few yrs of real world experience. Or guess really good.

 
Posted : 21/09/2011 11:58 pm
(@diorillo)
Posts: 2
New Member
 

Josh,

Sorry you did not pass. I took it and passed, so I will be getting my plaque this week.

I think the key for me was going over the book and indexing EVERYTHING. I had over 40 place holders in the three books and it helped tremendously when I took the open book test to have the detailed index that I had. Hopefully you will not be too discouraged and try to retake the certification course. I agree it was not easy and there were questions outside of what the reviews had, but overall it was pretty much covered in the book.

good luck!

 
Posted : 27/09/2011 5:51 am
(@joshsevo)
Posts: 89
Trusted Member
 

That's what I did too. I had them everywhere on all three books. What books were you using? Maybe that's my problem.

 
Posted : 27/09/2011 7:43 pm
(@felixdz)
Posts: 5
Active Member
 

Josh,

Sorry you did not pass. I took it and passed, so I will be getting my plaque this week.

I think the key for me was going over the book and indexing EVERYTHING. I had over 40 place holders in the three books and it helped tremendously when I took the open book test to have the detailed index that I had. Hopefully you will not be too discouraged and try to retake the certification course. I agree it was not easy and there were questions outside of what the reviews had, but overall it was pretty much covered in the book.

good luck!

I used indexing for the GCIH -GIAC Certified Incident Handler. What I did was make an excel sheet with the Exam Certification Objectives and list the page where it could be find.

You still need to know the material and how to locate it fast.

 
Posted : 30/09/2011 10:25 am
Page 1 / 2
Share: