Tuesday, April 20, 2010

It can be done!

91.3% Well above the passing grade.  It feels good to earn a certification like GCFA. Especially when there are only ~2000 in the entire world. 

So what's next?

I've been in study mode for several months so I've decided to just keep on going and start studying for the CISSP exam.  I was studying for the exam about 3 years ago when I changed jobs. At the time there was no need for me to carry a certification like that and my company wasn't really interested so I dropped it. I wish I had just forged ahead alone and done it.  At any rate, I still have the "All-in-One" CISSP study guide and I'll be ready for the test in a few more months.

I'm also going to start working my local contacts for some forensics work and push towards "Expert Witness" status. It will be a big deal to get a few cases on my Curriculum Vitae and be able to help out some of the area lawyers with cases involving computers, media and any other digital devices.  Mobile forensics seems like a niche worth exploring although I can't imagine a lot of steady work coming from it.

I was invited to contribute to "Into the Boxes" which is pretty exciting.  I would love to contribute but I'm having a hard time coming up with a topic that won't make me seem like the village idiot compared to the rest of the guys writing for it. I'm open to suggestions on that front.

Chris has started a new blog series on command line vs. GUI tools. I may play devils advocate just for fun. We'll see what he posts later in the week.

Keep studying, keep practicing, I'm still here to help.


Tuesday, April 6, 2010

Studying for the GCFA certification: Part 2

Last post I gave you some books to read, let's move on to web resources.


The forensics community is not very large but many of the people in it are more than happy to share the latest developments in hardware, software and techniques. If you search Google  for "computer forensics blogs" you come up with a fairly long list of related blogs. Some of them are  geared towards hardware reviews and others towards tool usage. Many are by the same people that wrote the books I mentioned last post.  My best advice is to follow a couple that suit you and follow the cross-links from each blog.

For example: My blog has a link to "The Digital Standard" written by Chris Pogue, his blog is linked to "Windows Incident Response" written by Harlan Carvey, his blog is linked to the official SANS blog and so on, and so forth.  These guys write regular posts about installations, incidents, tool suites and plain old opinion.  There are more than a few tasty informational nuggets on their sites. After you take a practice test or two, you'll start to find discussions related directly to best practices and tool usage that you will likely see on the test.

Friday, April 2, 2010

Studying for the GCFA certification: Part 1

I'm scheduled to take the GCFA certification test on April 13th. I have been studying non-stop since right after the New Year.(Call it a resolution if you'd like)  I took a practice test last week and scored 86%. I was pretty happy with that score considering I'm learning it under self-study.

Before you take any of the SANS practice tests you are required to sign a legal notice regarding divulging any test questions and their ethics standards.(see: have some or look for a new field)  If you landed on this post hoping for a brain dump or a list of the hard test questions, move along, there is nothing to see here.

If you're looking for an overall view of the type of materials you need to study and the background that computer forensics requires, stick around, I may be able to help.