Logo
RSS Feed

🗒 Certifications

Created: 23.12.2020
cert name count
CREST 0.5
Network+ 0.5
GCIA 1.5
GCIH 0.5
GCFA 1
ACE 1.5
BSc 1
CCE 1.5
A+ 1
MCP 1
ACFS, BITS 1
MCFE 0.5
EnCE 1.5
PIP1 2
GCFE 0.5
CISSP (0.5), SSCP or CCSP, CISM (0.5), CISA (0.5) 1
SANS GCIA, GCIH 1
CCNA, CCIE, NGFW 1
GREM, GCFE, OSCP 1
  1. Booz Allen Hamilton Incident Response Analyst
  2. Box Security Analyst
  3. Grey Heron IT Solutions Forensic Analyst
  4. Triumph Consultants Ltd Temp Investigating Officer x2 – Digital Forensics & Cybercrime
  5. HM Revenue and Customs Senior/Higher Digital Forensic Practitioner

https://www.giac.org/certification/certified-forensic-examiner-gcfe?msc=giac-focus-area

https://www.giac.org/certification/certified-incident-handler-gcih?msc=giac-focus-area

https://www.giac.org/certification/certified-forensic-analyst-gcfa?msc=giac-focus-area

Plan

GCFE

The topic areas for each exam part follow:

  • Analysis and Profiling of Systems and Devices

    The candidate will demonstrate an understanding of the artifacts created by the Windows operating system during the execution of programs, system start up and use of removable devices.

  • Analysis of File and Program Activity

    The candidate will demonstrate an understanding of file access artifacts created by the Windows operating system.

  • Analysis of User Communications

    The candidate will demonstrate an understanding of the forensic examination of user communication applications and methods, including host-based and mobile email applications, instant messaging, and other software and Internet-based user communication applications.

  • Analysis of Windows System User Artifacts

    The candidate will demonstrate an understanding of the artifacts created by user activity on current Windows operating systems.

  • Cloud Storage Fundamentals

    The candidate will demonstrate an understanding of the artifacts created by the installation and use of cloud storage solutions and how they can be used during forensic examinations.

  • Foundations of Digital Forensics Acquisition

    The candidate will demonstrate an understanding of the methodologies and tools used to collect and process digital forensic evidence.

  • Fundamental Digital Forensics

    The candidate will demonstrate an understanding of forensic methodology, key forensic concepts, identifying types of evidence on current Windows operating systems and be familiar with the structure and composition of modern Windows file systems.

  • Host and Application Event Log Analysis

    The candidate will demonstrate an understanding of the purpose of the various types of Windows event, service and application logs, and the forensic value that they can provide.

  • Microsoft Browser Forensics

    The candidate will demonstrate an understanding of the artifacts created by Microsoft browsers during user activity.

  • Third Party Browser Forensics and Browser Artifact Analysis

    The candidate will demonstrate an understanding of the artifacts created by third party browsers and when privacy settings are applied during user activity.

  • Windows Registry Artifact Analysis

    The candidate will demonstrate an understanding of the registry artifacts created by system and user activity.

  • Windows Registry Fundamentals

    The candidate will demonstrate an understanding of the structure and purpose of the Windows registry and the types of tools used to analyze and parse the data.

GCIH

Covering Tracks on Hosts

The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against methods attackers use to remove evidence of compromise on hosts.

Covering Tracks on the Network

The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against methods attackers use to remove evidence of compromise on the network.

Domain Attacks

The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against Domain attacks in Windows environments.

Drive-By Attacks

The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against drive-by attacks in modern environments.

Endpoint Attacks and Pivoting

The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against attacks against endpoints and attack pivoting.

Incident Handling and Digital Investigations

The candidate will demonstrate an understanding of what Incident Handling is, why it is important, an understanding of the PICERL incident handling process, and industry best practices in Incident Handling and Digital Investigations.

Memory and Malware Investigations

The candidate will demonstrate an understanding of the steps necessary to perform basic memory forensics, including collection and analysis of processes and network connections and basic malware analysis.

Metasploit

The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against the use of Metasploit.

Netcat

The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against the use of covert tools such as netcat.

Network Investigations

The candidate will demonstrate an understanding of the steps necessary to perform effective digital investigations of network data.

Password Attacks

The candidate will demonstrate a detailed understanding of the three methods of password cracking.

Physical Access Attacks

The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against physical access attacks.

Reconnaissance and Open-Source Intelligence

The candidate will demonstrate an understanding of how to identify, defend against, and mitigate public and open source reconnaissance techniques.

Scanning and Mapping

The candidate will demonstrate an understanding the fundamentals of how to identify, defend against, and mitigate against scanning; to discover and map networks and hosts, and reveal services and vulnerabilities.

SMB Scanning

The candidate will demonstrate an understanding of how to identify, defend against, and mitigate reconnaissance and scanning of SMB services.

Web App Attacks

The candidate will demonstrate an understanding of how to identify, defend against, and mitigate against Web Application Attacks.

GCFA

Enterprise Environment Incident Response

The candidate will demonstrate an understanding of the steps of the incident response process, attack progression, and adversary fundamentals and how to rapidly assess and analyze systems in an enterprise environment scaling tools to meet the demands of large investigations.

File System Timeline Artifact Analysis

The candidate will demonstrate an understanding of the Windows filesystem time structure and how these artifacts are modified by system and user activity.

Identification of Malicious System and User Activity

The candidate will demonstrate an understanding of the techniques required to identify and document indicators of compromise on a system, detect malware and attacker tools, attribute activity to events and accounts, and identify and compensate for anti-forensic actions using memory and disk resident artifacts.

Identification of Normal System and User Activity

The candidate will demonstrate an understanding of the techniques required to identify, document, and differentiate normal and abnormal system and user activity using memory and disk resident artifacts.

Introduction to File System Timeline Forensics

The candidate will demonstrate an understanding of the methodology required to collect and process timeline data from a Windows system.

Introduction to Volatile Data Forensics

The candidate will demonstrate an understanding of how and when to collect volatile data from a system and how to document and preserve the integrity of volatile evidence.

NTFS Artifact Analysis

The candidate will demonstrate an understanding of core structures of the Windows filesystems, and the ability to identify, recover, and analyze evidence from any file system layer, including the data storage layer, metadata layer, and filename layer.

Volatile Data Artifact Analysis of Malicious Events

The candidate will demonstrate an understanding of abnormal activity within the structure of Windows memory and be able to identify artifacts such as malicious processes, suspicious drivers and malware techniques such as code injection and rootkits.

Volatile Data Artifact Analysis of Windows Events

The candidate will demonstrate an understanding of abnormal activity within the structure of Windows memory and be able to identify artifacts such as malicious processes, suspicious drivers and malware techniques such as code injection and rootkits.

Windows Artifact Analysis

The candidate will demonstrate an understanding of Windows system artifacts and how to collect and analyze data such as system back up and restore data and evidence of application execution.

Prep

https://www.examtopics.com/exams/giac/gcfa/view/

https://www.edusum.com/giac/giac-gcfa-certification-sample-questions

https://issuu.com/katymorgan9/docs/gcfa__forensic_analyst__2_

https://www.edusum.com/node/50681/myresults

https://community.infosecinstitute.com/discussion/124800/anyone-have-the-gcfa

https://www.certlibrary.com/info/GCFA

https://www.reddit.com/r/computerforensics/comments/744lzs/any_suggestions_on_how_to_start_studying_for_the/