Tuesday, April 20, 2010

It can be done!

91.3% Well above the passing grade.  It feels good to earn a certification like GCFA. Especially when there are only ~2000 in the entire world. 

So what's next?

I've been in study mode for several months so I've decided to just keep on going and start studying for the CISSP exam.  I was studying for the exam about 3 years ago when I changed jobs. At the time there was no need for me to carry a certification like that and my company wasn't really interested so I dropped it. I wish I had just forged ahead alone and done it.  At any rate, I still have the "All-in-One" CISSP study guide and I'll be ready for the test in a few more months.

I'm also going to start working my local contacts for some forensics work and push towards "Expert Witness" status. It will be a big deal to get a few cases on my Curriculum Vitae and be able to help out some of the area lawyers with cases involving computers, media and any other digital devices.  Mobile forensics seems like a niche worth exploring although I can't imagine a lot of steady work coming from it.

I was invited to contribute to "Into the Boxes" which is pretty exciting.  I would love to contribute but I'm having a hard time coming up with a topic that won't make me seem like the village idiot compared to the rest of the guys writing for it. I'm open to suggestions on that front.

Chris has started a new blog series on command line vs. GUI tools. I may play devils advocate just for fun. We'll see what he posts later in the week.

Keep studying, keep practicing, I'm still here to help.



  1. Grayson,

    Re: ITB...start writing about what you know...we'll work with you.



  2. Grayson,
    Congratulations on the exam (nice job!) and the ITB invite; a nice double play!

    I liked Shon Harris' book out of the 3 I used for the CISSP, but I'd recommend the official ISC book too, as it covered stuff the others didn't that you need to know. Shon's was the most fun to read. I laughed out loud so many times reading that. The official book is dry and boring, however.

    From what I understand, many people give the physical security domain short shift and get nailed, so make sure you pay special attention to that and crypto.

    Good luck on that exam!

  3. (Reposting since I managed to misspell Kristinn's name for the 457th time...)


    Congratulation on passing your GCFA! That's great news.

    I've also started doing digital forensics research for public consumption within the last year. It was intimidating at first to be entering a space where you have giants like Harlan, Jesse, Rob and the other people who don't need last names occupy, but what I've found is those people are very helpful and encouraging for us n00b forensic researcher.

    What I did with my Adobe Flash Cookie research was to find someone smarter than I was when I realized I hit my limits on the research. Kristinn Gudjonsson to the rescue.

    I've done some smaller projects here recently such some initial Kindle forensics work where I essentially took Harlan's advice and stuck to the portions of the research where I was comfortable with. You can see what I came up with on my blog.

    What I've found is that researching is a fantastic way to increase your overall forensic knowledge and I'm learning quite a bit of it by doing it on my own, but especially when I'm working with a research partner.

    It's a huge amount of fun and there are so many research opportunities out there for people of all skill levels to engage in and share with the larger digital forensics community.

    Wait....I feel a blog post coming on. I'll put it up this weekend and link back to your blog posts in this area :)

  4. Hey Grayson,
    Time to hop on the horse again. Don't keep me waiting!


  5. It's been a crazy couple of weeks. I'll catch up soon.