I am interested in opinions from anyone that has taken the SANS and EC-Council training. I have taken SANS Security Essentials 401 and a couple of 1 day courses but have not attended EC-Council training. I am comparing the CEH & CHFI tracks vs the SANS 504/508 tracks. While the Cert will be cool to have, gaining the knowledge is my real goal so that I can expand my horizons for the future, so the issue is the experience you had (with the trainer, the material, etc) and what you learned.
I took the SANS 508 course in Jan 07 and thought it was great. The instructor was great (Rob Lee) and the training methodology was awesome. The thing I thought the best was the methodology in the teaching. They started off teaching the basics of the file system and expanded into the different layers of file system recovery. Most of the course focuses on actually understanding the recovery techniques.
I have not taken the EC-Council training so I cannot speak for their training.
I have completed the EC-Council CHFI training. My trainer (Nathan Weibacher) was very experienced, and over a 5 day course he did a fantastic job of preparing us for the test. (100% passed of our group)
The training consisted of
Day1 Basics of file systems, legal pitfalls and general terminology.
Day2 Imaging, different imaging formats, and what a bitstream image is. Various labs.
Day3 FTK, best practices, hashing, chain of custody and evidence handling.
Day4 More labs, more lectures, lots of various utilities described and used in labs, password cracking, word lists, EFS cracking, Various crypto lectures
Day5 Linux utilities, LinEn, Helix, Knoppix, Linux file systems, lectures on inodes, deleting and recovering files in the UX environment.
We tested at the end of day 5 and we all passed.
We arranged the testing through InfoSec Institute, we recieved a certificate of completion for the course and a certificate from EC-Council for CHFI certification.
My only complaint is that the InfoSec training materials could have been updated some, there were some typos in the training material, and some labs were "bugged" based on the training material we had installed.
Nathan Weibacher can be contacted at his company, Digital Works in Dallas. Nathan does training for InfoSec.
I have to agree with Borninfire on Nathan's teaching abilities. He was a great instructor. The knowledge he was able to pass on was very practical. The exam is similar to the CEH as I don't think the questions are very relevant, but I went for the training not the cert.
I have taught the CHFI in the past and love the subject matter. It is a vendor neutral course that is at the ground level as is SANS. As for which is better, it all depends on the instructor.
I have to agree with Borninfire on Nathan's teaching abilities. He was a great instructor. The knowledge he was able to pass on was very practical.
Absolute agreement here as well. Weilbacher is an excellent trainer and has the real world experience to make the information meaningful and relevant.
Im actually sitting in San Diego waiting to register for the SANS 508 course that will be taught by Michael Murr. Any of you have had this instructor before. I took the SANS Audit course in 2004 and obtained the certification, Tanya Bacaam was the instructor. I found that course to be very challenging, expecially completing the practical portion.