Got another question. Looking though the syllabus it looks like 408 & 508 have the same curriculum for the first 3 days. Can anyone vouch if the syllabus has been updated for 508?
They're different courses. Essentially what SANS did was to take the digital forensics course content and split it up into two courses. There just got to be too much for one class which was the original 508 class. It was also known as "Track 8" back in the day when I first started to take SANS training.
For my May
So in your opinion would it be beneficial to me to take 508? I am not out of college as of yet nor do I have a FT job doing this stuff. So does 508 go into more depth about methodologies or tolls that I need more exposure too before coming to class? This of course after I take your class in NJ.
So in your opinion would it be beneficial to me to take 508? I am not out of college as of yet nor do I have a FT job doing this stuff. So does 508 go into more depth about methodologies or tolls that I need more exposure too before coming to class? This of course after I take your class in NJ.
Yes, I still recommend 508 also because it's basically the second half of the SANS digital forensics core content. However, if for some reason someone were to find 408 overwhelming then I would caution on doing 508 until they got their skill set to a more comfortable place.
Ok, cool thanks for being honest. I still plan on taking it. I just wanted ot be sure. I think even though it may be over my head over time I will understand it more and more. I am pretty good about taking notes to refer back to them at a later time.
Leaving for this class in 2 wks. Pretty stoked about it. Got the funds together for the 508 also in Aug, CEH in July, my schedule is booked for the next few months.
Hey guys,
I just recently attended the SANS 508 course taught by Rob Lee. One word Awesome! Rob is a great instructor & his depth of knowledge and love for DFIR helps keep the class from being boring.
My assessment of the difference between both courses is as follows
The 408 is a Forensic Essentials course. It covers acquisition of evidence & a ton of Windows artifacts. You also get to use the Windows based SANS SIFT Workstation, which is preloaded with a bunch of forensic applications to help you conduct exams.
The 508 starts to drift into more IR stuff. You'll be working within the Linux based SANS SIFT workstation. If you are not very comfortable using Linux, you will be by the end of the course. You will also cover remote acquisition of evidence. One of the best topics covered in this class was Supertimelines.
Hope this brief description helps.
Joe
really want to do these classes, but funds are low atm after spending on my masters course…With any luck should have the neccessary funds in a years time!